This article explains how permissions and employee roles work in Personio. The two are closely linked, as permissions can’t be granted directly to individuals—they’re always managed through employee roles.
Tip:
Already have a specific task in mind and want to know which permissions are needed? Learn how to grant permissions for everyday tasks in Personio.
Access employee roles and permissions
You need an Administrator role to see the Roles and permissions settings. Account Owners, Contract Owners, and Payroll Owners cannot access Roles and permissions unless they also hold the Administrator role.
To access employee roles:
- Go to Settings.
- In the People section, click Roles & permissions.
To access permissions for an employee role:
- Go to Settings.
- In the People section, click Roles & permissions.
- Click an employee role.
- Click the Permissions tab.
Understand how employee roles work
Personio manages permissions through employee roles — you cannot grant them directly to an individual. Personio has two types of employee roles: preset roles and custom roles. Preset roles are built into Personio and link to other system functionality. See the table below for more details.
| Role type | Role name | Who gets added | Access level |
|---|---|---|---|
| Preset role | All employees | This role includes all active employees. Every new employee joins this role automatically. | Basic set of permissions. |
| Preset role | Administrator (or roles with administrator rights) | Personio doesn't add anyone to this role automatically — you manually add and remove members. | Full permissions. You cannot change these permissions. |
| Custom role |
Examples:
|
You manually add employees. Personio doesn't add anyone to this role automatically. | Custom permissions. Personio applies the same permissions as the All Employees role by default, with the option to add more as needed. |
Personio adds all employees to the All employees role by default, and you cannot remove them from it. This role provides a basic set of permissions.
If you want to give an employee any permissions beyond those in the basic All employees role, assign them to an additional role (such as "Supervisor") and grant the extra permissions through that role.
Tip:
Add conditions to enable automatic role assignment, eliminating the need to manually add new employees to a role.
Understand how permissions work
Once you add an employee to an additional role (such as “Supervisor”), you can grant them extra access by setting up specific permissions for that role.
Permissions control what information employees can view or change. They are organized in two sections:
- People Data: Access to employee data.
- Configurations: Access to applications and company settings.
You control employee access to this information using access levels and areas:
1. Access levels
Access levels determine if employees can view, propose, or edit data. You can grant different levels of access by using these three permissions.
| View | Employees can see the data. |
| Propose | Employees can propose changes to the data and submit them for approval. If you select this type of access right, you need to configure an approval process. |
| Edit | Employees can edit the data without needing approval. A warning alerts you when you grant permissions to sensitive data. |
2. Access areas
Access areas specify whose information employees can access.
For example, employees should only see their own salary details but should be able to see time off information for other employees.
There are four access areas in permissions:
| Own | The employee's own data. |
| Reporting line |
The employees who report to the employee. By default, Personio defines reporting lines based on the primary supervisor, which includes both direct and indirect reports. To use an alternative reporting line, such as a dotted-line report, you must select it manually. |
| Custom | A specific selection of employees that you define through filters. |
| All | All employees. |
Note:
The Reporting line, Custom, and All access areas exclude the employee's own data. To grant access to their own data, select the Own access area along with the relevant access area.
More information
Here are some related articles with further information:
- Set up both permissions and employee roles
- Summary of access rights for Administrators
- Grant permissions for everyday tasks in Personio
- Summary of permissions
- Best practices: Employee roles and permissions
- Set up primary and additional supervisors