Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.yrka.io/llms.txt

Use this file to discover all available pages before exploring further.

Yrka uses a role-based permission model to control what each admin can see, do, and export inside the platform. Every person who needs admin access gets one role — and that role determines exactly which tabs, records, controls, and sensitive actions they can reach. Assigning a role that is narrower than necessary protects your organization’s payroll data, confidential documents, and system settings from accidental or unauthorized changes.

Role types

Yrka ships with the following roles at launch. Each role covers a specific scope of responsibility; none of them automatically grant access to everything.
The Owner role carries every active permission in Yrka. Owners can manage billing, account lifecycle, admin roles, employee app access, payroll exports, confidential documents, and all destructive settings. Assign the Owner role only to the person or people who hold full accountability for the account.
The Admin role provides broad organization access, but the exact surfaces and actions an Admin can reach depend on which individual permissions are enabled for that role configuration. An Admin with all permissions configured behaves similarly to an Owner for day-to-day work, but Owners retain exclusive control over certain account-level and role-management actions.
The Manager role is designed for operational leads who review timecards, approve schedule requests, manage their team’s records, and take action on work items — without needing access to payroll settings, confidential documents, or destructive system controls.
The Supervisor role provides a narrower operational scope than Manager. Supervisors can view employee records and take operational actions in their area of responsibility, but they do not automatically receive payroll visibility, confidential document access, or billing authority.
The Payroll Manager role is focused on the timekeeping review, payroll preparation, and handoff export workflows. A Payroll Manager can review pay periods, approve timecard exceptions, and generate payroll export files, but does not automatically gain access to personnel settings, confidential HR documents, or role management.
The HR Manager role gives access to employee records, documents, credentials, lifecycle events, and Personnel workflows. HR Managers can view and manage employee-facing records but do not automatically gain access to payroll exports or destructive system settings.

What each role can access

The table below summarizes the high-sensitivity permission areas and which roles carry them by default. Your organization’s specific role configuration may differ — review the actual permission set for each role in Settings.
Permission areaOwnerAdminManagerSupervisorPayroll ManagerHR Manager
Billing and account managementYesConfigurableNoNoNoNo
Role managementYesConfigurableNoNoNoNo
Payroll exportYesConfigurableNoNoYesNo
Confidential documentsYesConfigurableNoNoNoConfigurable
Destructive settingsYesConfigurableNoNoNoNo
Employee app access grantsYesConfigurableNoNoNoNo
Timekeeping reviewYesConfigurableYesConfigurableYesNo
Personnel recordsYesConfigurableConfigurableConfigurableNoYes
A person may have admin shell access (the ability to sign in to the admin surface) without every admin action. Seeing a tab does not guarantee the ability to act on it — the specific action controls within each surface check the underlying permission.

Admin access vs. employee app access

Admin roles and employee app access are separate concerns in Yrka.
  • Admin roles control which admin surfaces a person can see and what actions they can take on behalf of the organization.
  • Employee app access controls which self-service sections are visible to an employee in the employee-facing app.
A Manager who uses the employee app still needs employee app access enabled by your organization to see their own schedule, time entries, or profile sections. Giving someone an admin role does not automatically enable their employee self-service view, and enabling employee app access does not grant any admin permissions.
Do not grant admin access to managers or employees simply so they can view their own self-service content. Enable employee app access instead.

How to assign roles

1

Review the person's responsibilities

Before assigning a role, consider their payroll visibility needs, whether they should access confidential documents, which workflows they need to take action on, and whether they should manage system settings or other users’ access.
2

Open role management

Go to Settings and open the admin access or role-management surface. Depending on your workflow, you may also reach role assignment from the Personnel or Reports tab.
3

Assign the narrowest matching role

Choose the role whose permissions most closely match the person’s actual job responsibilities — without extra access they do not need. If no standard role is a precise match, review whether individual permission adjustments are available for your plan.
4

Pay attention to sensitive permissions

Before saving, verify that billing, payroll export, confidential documents, role management, employee access grants, and destructive settings are only enabled for people who genuinely need them.
5

Confirm the outcome

After assigning the role, confirm the person sees only the surfaces and actions their permissions allow. Tabs, export controls, confidential documents, and sensitive mutations should remain hidden when the matching permission is absent.

Sensitive permissions to review carefully

The following permissions carry elevated risk and deserve extra scrutiny before assignment:
  • Billing — can modify your plan, payment method, or initiate account cancellation.
  • Role management — can create, edit, or reassign admin roles for your organization.
  • Payroll export — can generate and download payroll handoff files containing pay data.
  • Confidential documents — can view employee documents marked as confidential.
  • Destructive settings — can permanently delete records, bulk-remove data, or reset organization configuration.
  • Employee app access grants — can enable or disable which sections employees see in the employee app.
Run an access review from the Reports surface on a regular cadence to confirm that role assignments still match your team’s current responsibilities. See Run access reviews to audit Yrka permissions for the full walkthrough.

Common issues

Someone can see an employee’s record but not their confidential documents. Confidential document access is a separate permission from general employee directory or personnel access. Check document permissions specifically, not directory access. An admin can view payroll context but cannot export. Viewing payroll summaries and exporting payroll files are controlled by separate permissions. Confirm the payroll export permission is enabled for the role. Someone cannot approve a request. Approval authority requires both the source workflow permission (for example, timekeeping review) and the specific review or action permission for that request type. Check both. A person has the right role label but the wrong access. Role labels like “Manager” describe a launch-time posture. The underlying permission set for that role in your organization determines actual access. Review the configured permissions directly rather than relying on the label alone.