Skip to main content

Roles and permissions

Each person in Better Comply is assigned one role that controls what they can see and do. Roles are stored separately from user profiles and can only be set by an administrator.

Who this is for

Administrators - Quality Admin, HR Admin, and Corporate Admin - can view and assign roles.

Users cannot change their own role.

Available roles

Employee

The default role for learners. Employees can:

  • View and complete their own assigned training materials
  • View their own training history and certificates
  • Acknowledge controlled documents assigned to them
  • Update their own profile

Employees cannot see other people's data, access admin pages, or create content.

Team Lead

Supervisors who manage a group of employees. Team Leads have all Employee permissions plus:

  • View the training status of their direct reports (scoped to people who have them set as foreman or line lead)
  • Receive the weekly training status digest by email (if supervisor reports are configured by your operator)
  • Access the Reports page to see team completion rates

Team Leads cannot create campaigns, author training content, or manage users.

HR Admin

HR Administrators manage people and organisational structure. HR Admins can:

  • Access everything a Team Lead can
  • Invite new users and create emailless employees (within their own department, unless they are also a Corporate Admin)
  • Edit user profiles, departments, and locations
  • Manage groups
  • View the admin dashboard and campaign list

HR Admins cannot approve training versions, approve controlled documents, or view audit logs.

Quality Admin

Quality Administrators own the QMS content and compliance process. Quality Admins can:

  • Access everything an HR Admin can
  • Author and manage training materials and campaigns
  • Review and approve pending training versions in the Quality Review Queue
  • Manage controlled documents through their full lifecycle (submit for review, approve, make effective, mark obsolete)
  • View the audit log
Segregation of duties

A Quality Admin who creates or submits a training version cannot approve it themselves. The approve action requires a different Quality Admin or Corporate Admin. This is enforced by the system and cannot be bypassed. See Approving a training version for details.

Corporate Admin

The highest-privilege role. Corporate Admins have all Quality Admin and HR Admin permissions without department restrictions. They can invite users and create employees across any department, view all data, and configure organisation-wide settings.

Use this role sparingly. Assign it only to people who genuinely need cross-organisation access.

Role summary

CapabilityEmployeeTeam LeadHR AdminQuality AdminCorporate Admin
Complete own trainingYesYesYesYesYes
View own historyYesYesYesYesYes
View team status-YesYesYesYes
View Reports page-YesYesYesYes
Invite / create users--Dept-scopedDept-scopedAll
Edit user profiles--YesYesYes
Manage campaigns--YesYesYes
Author training content---YesYes
Approve training versions---Yes (not own)Yes (not own)
Manage controlled documents---YesYes
View audit log---YesYes

For the complete row-level permission detail, see the full permissions matrix.

Assigning a role

A person's role is set when they are invited or created. To change an existing user's role, you need administrator access to the user record.

Role changes take effect immediately

When you change a role, the person's sidebar navigation and page access update on their next page load. Their existing data and training history are unaffected.

Where roles are stored

Roles live in a dedicated user_roles table, separate from the user's profile. This is a deliberate security design - profile data and access privileges are stored independently, which prevents privilege escalation and makes role auditing straightforward. The role is read from the database on every session; it is never stored client-side.