Skip to content
  • There are no suggestions because the search field is empty.

User roles and access to profile fields

Understand how user roles control what you can see and do on employee profiles in Huma

 

Table of Contents

  • Three things must be in place

  • Field-level access in user roles

  • The role must be granted over the right group

  • A system role does not give profile access

  • Standard roles: on own and colleagues' profiles

     

 

Three things must be in place

For a user role to work as expected, three things must all be in place at the same time. If any one of them is missing, the person will not have the access you intended.

  1. The user role must have "See and edit" set for the specific profile fields you want the person to manage

  2. The user role must be granted over the group (team, location, or company) that the employees belong to

  3. The person must actually be assigned the role

💡 This is one of the most common reasons access doesn't work as expected. A role can look correct in settings, but if it isn't granted over the right group, or the right fields aren't set to "See and edit", the person won't be able to see or change anything.

 

Field-level access in user roles

User roles in Huma control access at the individual field level, not just at the module level. This means you can give someone access to see a job title without giving them access to salary, or let them edit employment details without touching termination information.

Each field can be set to one of three levels:

  • No access — the field is not visible

  • Only see — the field is visible but cannot be edited

  • See and edit — the field can both be viewed and changed

The fields are organised into four sections:

  1. Intro — Email, Phone, Avatar photo, Cover photo, Date of birth, Fun facts and Interests

  2. Employment — Job title, Employment details (individual job description, contract type, employment percentage, employment ID, contract start date, first day of work, probation end date), Termination (termination notice date, last day of work, contract end date), Bank details, Salary

  3. Personal info — Name, Address, Gender, Nationality, Civil status, Dietary restrictions, Personal email address, Identifications, Emergency contacts, Children

  4. Miscellaneous — Absence, Competence, Documents, Onboarding and offboarding, Processes, Tasks, Users, Insights, Jubilees

💡Example: A Manager role may have "See and edit" on Job title and Absence, but "No access" on Salary and Bank details. Even though the person has the Manager role, they will not be able to see or change salary information unless that field is explicitly set to "See and edit".

 

How to edit field-level permissions for a user role:

  1. Go to "System settings"

  2. Click "Roles" and navigate to "User roles"

  3. Click on the role you want to edit

  4. Click "Edit role"

  5. Set the access level for each field under "Their profile" and "Own profile"

🔗 Read more about how to manage roles in Huma.

 

The role must be granted over the right group

A user role only gives access to employees who are members of the group the role is granted over. If a person is assigned the Manager role over the Oslo location, they will only have that access for employees in Oslo, not for employees in other teams or locations.

This means two things must match: the role must be granted over the right group, and the employee must be a member of that group.

💡Example: Anna has the Manager role granted over the "Marketing" team. She can see and edit profiles for everyone in Marketing. If a new employee joins but is only added to the "Sales" team, Anna will not have access to their profile — even though she has the Manager role.

To grant a role over a group:

  1. Go to "System settings"

  2. Click "Roles" and navigate to "User roles"

  3. Click on the role you want to assign

  4. Click "Add grant"

  5. Choose the person and select "Members of groups"

  6. Pick the relevant team, location, or company

  7. Click "Grant access"

💡 For larger organisations with delegated management, Huma recommends granting permissions over specific groups rather than everyone.

🔗 Read more about how to assign roles in Huma.

 

A system role does not give profile access

This is one of the most common misunderstandings in Huma. A system role gives access to organisation-wide settings and admin functions;  things like managing integrations, modules, roles, and subscription settings. It does not give access to employee profiles or their data.

Even a full system administrator cannot see or edit an employee's salary, employment details, or personal information unless they also have a user role with the relevant fields set to "See and edit", granted over the group the employee belongs to.

💡 Example: Erik is a system administrator and can manage all of Huma's settings. But when he opens a colleague's profile, he cannot see their salary or change their job title, because he does not have a user role with those fields enabled.

💡 If someone needs both system-level admin access and the ability to manage employee profile data, they need both a system role and a user role with the right field permissions.

🔗 Read more about the different role types in Huma.

 

Standard roles: on own and colleagues' profiles

The same field-level logic applies to all employees through the standard roles. Standard roles are two built-in roles that apply to everyone automatically, no manual assignment needed.

  • On own profile — controls what every employee can see and edit on their own profile

  • On colleagues' profiles — controls what every employee can see on other people's profiles

💡 Example: If "Emergency contacts" is set to "See and edit" under "On own profile", all employees can add and update their own emergency contacts. If it is set to "Only see", they can view the field but not change it.

These roles are configured by a system admin and set the baseline access for the entire organisation.

🔗 Read more about the different role types in Huma.