![Notify_Refresh_MasterLogo_CMYK[1]](https://helpcentre.notifytechnology.com/hs-fs/hubfs/Notify_Refresh_MasterLogo_CMYK%5B1%5D.png?width=291&height=117&name=Notify_Refresh_MasterLogo_CMYK%5B1%5D.png)
What do User Permissions mean?
Access in Notify is controlled through permission groups. Each user can be given one or more permission groups, and their access is the combination of everything those groups allow. You assign permission groups in User Management when creating or editing a user
How permission group names work
Group names follow a consistent pattern, so you can read what a group does from its name:
- Company ... Manager: full access to that module's records across the whole company.
- Department ... Manager: access limited to records in the area(s) of your organisation structure the user is linked to.
- Assigned ...: access limited to records assigned to (or created by) the user themselves.
- ... (Read-Only): can view records at that scope but cannot make changes.
- Restricted Department ... Manager: the same as the Department group but cannot delete records.
- Confidential ... Manager: can view and manage records flagged as confidential, at the scope in the name. Confidential access is granted per module; there is no single group covering confidential records everywhere.
A user's department scope comes from the organisation structure areas they are linked to on their user record.
🔗 [LINK TO ADD] link "organisation structure" to the How do I manage my organisation structure article
Incident Management groups
| Group | What it allows |
|---|---|
| Company Incidents Manager | View and manage all incidents across the company, including assigning, escalating to reportable, managing priority and lost time, and changing incident type |
| Company Incidents Manager (Read-Only) | View all incidents across the company and export to PDF, without making changes |
| Department Incidents Manager | View and manage incidents in the user's linked areas, including assigning, closing, reopening, and managing priority and lost time |
| Department Incidents Manager (read-only) | View incidents in the user's linked areas without making changes |
| Assigned Incidents Manager | View and manage only incidents assigned to the user |
| Assigned Incident Investigator | Investigate incidents assigned to the user, including managing priority, lost time and attachments |
| Confidential Company Incident Manager | View and manage confidential incidents across the company |
| Confidential Department Incident Manager | View and manage confidential incidents in the user's linked areas |
| Incident Reporter Read Only | See the status of incidents the user has reported, without wider access |
| Restricted Department Incidents Manager | Manage incidents in the user's linked areas but cannot delete them |
Action Tracker groups
| Group | What it allows |
|---|---|
| Company Action Manager | View, create and manage all actions across the company, including globally reassigning actions |
| Department Action Manager | View, create and manage actions in the user's linked areas |
| Actions Assignee | View and update actions assigned to the user |
| Confidential Company Action Manager | View and manage confidential actions across the company |
| Restricted Department Action Manager | Manage actions in the user's linked areas but cannot delete them |
Audits & Inspections groups
| Group | What it allows |
|---|---|
| Company Audit Manager | View and manage all audits across the company, including conducting, assigning, reopening and globally reassigning |
| Department Audit Manager | View and manage audits in the user's linked areas, including conducting, assigning and reopening |
| Assigned Auditor | Conduct audits and view audits assigned to the user |
| Confidential Company Audits Manager | View and manage confidential audits across the company |
| Restricted Department Audit Manager | Manage audits in the user's linked areas but cannot delete them |
Risk Management groups
| Group | What it allows |
|---|---|
| Company Risk Assessments Manager | View, edit, archive and manage all risk assessments across the company |
| Department Risk Manager | View, edit, archive and manage risk assessments in the user's linked areas |
| Department Risk Manager (read-only) | View and sign risk assessments in the user's linked areas |
| Risk Assessor | Conduct risk assessments and sign those assigned to the user |
| Risk Assessment Template Manager | Build and manage risk assessment templates |
| Confidential Company Risk Assessment Manager | View and manage confidential risk assessments across the company |
| Restricted Department Risk Manager | Manage risk assessments in the user's linked areas but cannot delete them |
Method Statements groups
| Group | What it allows |
|---|---|
| Company Method Statement Manager | View and manage all method statements across the company |
| Department Method Statement Manager | View and manage method statements in the user's linked areas |
| Department Method Statement Manager (read-only) | View and sign method statements in the user's linked areas |
| Assigned Method Statement Manager | View, conduct and sign method statements assigned to the user |
| Method Statement Template Manager | Build and manage method statement templates |
| Restricted Department Method Statement Manager | Manage method statements in the user's linked areas but cannot delete them |
Documents groups
| Group | What it allows |
|---|---|
| Company Document Manager | Create, view and manage all document records across the company |
| Department Document Manager | Create, view and manage document records in the user's linked areas |
| Department Document Manager (read-only) | View, download and sign documents in the user's linked areas |
| Assigned Document Manager | Create and manage document records assigned to the user, including sharing and downloading |
| Confidential Company Document Manager | View and manage confidential documents across the company |
| Restricted Department Document Manager | Manage documents in the user's linked areas but cannot delete them |
Admin Roles groups
These groups control configuration and administrative features rather than day-to-day records:
| Group | What it allows |
|---|---|
| Company Settings Administrator | Manage company-wide settings: security, branding, module configuration |
| Users Administrator | Create and manage users and their permission groups |
| Form Template Manager | Build and manage all audit form templates |
| Department Form Template Manager | Build and manage form templates for the user's linked areas |
| Assigned Department Form Template Manager | Manage only form templates assigned to the user |
| Audit Lock Template Manager | Lock audit form templates so completed audits cannot be altered, and edit locked templates |
| Global Lists Manager | Build and manage global lists (the dropdown lists used across forms) |
| Organisational Chart Manager | Manage the organisation structure |
| Schedules Manager | Create and manage audit schedules |
| Hours Worked Manager | View and edit hours worked data |
Restriction permissions
Three special groups work the other way round: instead of granting access, they block specific fields even for users whose other groups would allow editing them.
| Group | What it blocks |
|---|---|
| Restrict Setting Incident Priority | The user cannot set or change an incident's priority |
| Restrict Setting Incident as Reportable | The user cannot flag an incident as reportable |
| Restrict Setting Incident as Lost Time | The user cannot flag an incident as lost time |
Use these when someone needs broad incident access but those particular decisions should sit with a manager.
Troubleshooting
A user can't see any records in a module. Check they have a permission group for that module, and that the scope is right: a Department group only shows records in the areas of the organisation structure the user is linked to. If they are not linked to any area, a Department group shows them nothing.
A user can see records but can't edit them. They probably have a (Read-Only) group for that module. Swap it for the equivalent Manager group, or add the Manager group alongside.
A user can't delete records. Restricted Department groups deliberately exclude deletion. If the user should be able to delete, they need the standard Department or Company group instead.
A user can't see a confidential record. Confidential records need a Confidential group for that specific module, at the right scope. A Company Incidents Manager without Confidential Company Incident Manager cannot open confidential incidents.
A user can't set priority, reportable, or lost time on incidents they can edit. Check whether one of the Restriction permissions has been applied to their account; these block those fields regardless of other groups.
A permission group named in an older guide can't be found. Group names changed to a per-module naming convention. Where an older document says "Company Manager" or "Department Manager", look for the module-specific equivalent, such as Company Incidents Manager or Department Audit Manager.