Who is this guide for: Administrators (see access roles note)
Platform: Sense HR
Available on: All plans
Access Role Management (ARM): Professional, Elite, and Enterprise plans
Before you begin
Make sure you’ve:
☑️ Logged in to the Sense HR web app
☑️ Been assigned administrator permissions
🖊️ Access roles note:
This area is typically managed by Administrators, but access to Settings > Access roles can also be given to other roles where needed (Professional, Elite, and Enterprise plans only). This should only be done where absolutely necessary, as access role settings control visibility and permissions across the whole system. 
Overview
Access roles control what users can see, edit, and manage in Sense HR. Each user is assigned one access role, which determines:
which profiles they can access
what actions they can perform
which features and settings they can use.
Access roles apply across the whole Sense Workplace system, so they directly affect data visibility, system access, and day-to-day user experience. They help organisations protect sensitive data, delegate responsibilities safely, and give different users the right level of access for their role. 
Access roles on different plans
All Sense HR plans use access roles. What changes by plan is whether those roles can be managed and customised.
All plans
Use access roles
Assign users to an access role
Enforce role-based access automatically
Professional, Elite, and Enterprise plans
Create new access roles
Copy and customise existing roles
Edit role permissions
Create Limited admin roles 
Access Role Management (ARM) is made available after administrator training and is added to your system on request once training is complete.
🖊️ Note:
Even if your plan does not include ARM, access roles still exist and still apply. The difference is whether your organisation can manage and customise them. 
Default and additional access roles
Every Sense HR system includes these four default access roles:
Standard users
Managers
Manager with Indirect reports
Administrators 
These roles provide the starting framework for access in every system.
Standard users
Designed to have access to their own profile and employee self-service features only. 
🖊️ Note:
New users are assigned the Standard users role by default. Because of this, administrators should make sure the permissions for this role are safe to apply to any newly added user.
Managers
Designed to access their own profile and their direct reports, depending on the permissions configured for that role. 
Manager with Indirect reports
Designed for the same access as Managers, but extends visibility across the full reporting chain. 
Administrators
Designed to have full Sense Workplace system access. This is the fixed full-access role in Sense HR. 
With ARM enabled, your organisation can also use additional role types:
Limited admin roles, created from the Add button
other custom roles, created by copying an existing role
Limited admin
Limited admin is not one of the four default access roles. It is an additional role type that can be created when ARM is available.
A Limited admin role gives admin access across all areas, but only for the specified people or groups. This makes it useful for scenarios such as local HR support, regional administrators, or functional owners who need admin-level access for only part of the organisation. 
Automatic role changes for line managers
Some access role changes can happen automatically based on reporting lines.
If a user is assigned as a Line Manager in an employee’s profile, they automatically move from Standard users to Managers.
If that user is later removed as the Line Manager for their last or only direct report, they automatically move back from Managers to Standard users. 
🖊️ Note: Automated role changes only apply for Standard users ↔ Managers
Where access roles are managed
If ARM is enabled for your organisation (Professional, Elite, and Enterprise only), access roles are managed from:
From here, you can:
view the list of access roles
search and sort roles
click a role to open and edit it
use Add to create a Limited admin role.
Permission areas in an access role
The permissions available depend on the type of role you are managing.
Standard users
Standard user roles include these permission areas:
Own profile
Features
Custom actions
Manager-type (advanced) roles
Manager-type roles include:
Own profile
People
Features
Custom actions
Limited admin
Limited admin works differently. Instead of configuring the full permission structure in the same way as other roles, you define who the role has admin access to. That role then has admin access for that selected people scope.
What each permission area controls
Own profile
Controls what users can view, update, add, or delete in their own profile screens.
People
Controls access to other people’s profiles. This is used in manager-type (advanced) roles and can include multiple groups with different permissions.
Features
Controls access to modules and system areas such as Calendar, Reports, Settings, Planner actions, and other feature-based permissions.
Custom actions
Controls access to workflow-powered actions such as sending login invites, sending verification codes, and starting other configured actions or workflows. 
How access roles affect visibility
If a user says they cannot see a module, screen, record, or action, this is usually caused by their access role rather than missing data. 
A few key principles are important:
users only see the areas and actions enabled in their access role
data can still exist even when a user cannot see it
screen and field visibility can be controlled separately
planner, event, and document visibility can vary by role 
Access roles control what a user can see and do, but if a screen is not included in the person’s profile template, those permissions will not apply to that screen in that profile.
For example:
If a role does not have permission to view a screen, none of the fields on that screen are visible, even if the data is populated.
If the role can view the screen but not a specific field, the screen may still appear while that field stays hidden.
If a screen is not included in the person’s profile template, it will not appear in their profile, even if their access role includes permission to view it.
💡 Troubleshooting tip:
If someone reports “I can’t see this”, check their assigned access role first, then review screen permissions, document access, planner visibility, and profile template setup before assuming there is a system issue. 
Assigning an access role
To assign an access role to a user:
Sense HR Dashboard > People > [Select profile] > More actions (…) > Assign access role 
Each user can have only one active access role at a time, but their role can be changed later if needed. 
Best practice
Review access roles regularly to make sure the right people still have the right level of access.
This is especially important:
after implementation
after promotions, restructures, or leavers
when new features or modules are introduced
during security or compliance reviews 
Be especially cautious about granting access to Settings > Access roles, as this gives the user role the ability to manage permissions for other users across the system.