Skip to content
4HSE

4HSE Permission System: A Hybrid and Granular Approach

Security is a top priority for 4HSE, and a robust access control system has been developed accordingly. The goal is to enable precise permission management, ensuring that each user can access only the information and functionalities relevant to them.

The 4HSE permission system supports complex scenarios. For example:

  • A Project User can automatically view all offices, suppliers, and people linked to that project without manually assigning permissions to each entity.
  • If the same user is later added to the office permission group Health Surveillance Manager, they automatically gain write permissions in the health surveillance functional area of that office.

This approach simplifies access management while maintaining consistency and flexibility.

This document explains the fundamental concepts of the permission system, how to manage permissions, and the entities on which permissions can be applied.

Managing Permissions in 4HSE

Section titled “Managing Permissions in 4HSE”

Permissions are managed directly within the platform through the Administration section, under the Permissions menu. This section is divided into two submenus:

  • Groups: In 4HSE, a group represents a predefined role that includes a set of specific permissions. Assigning a user to a group automatically grants them the permissions associated with that role. In this section, you can see the list of predefined groups for the selected entity (e.g., project groups). Selecting a group allows you to view the users it includes and add or remove users by their email address. This is the most direct tool for managing permissions.

Project permission section

  • Users: lists all users who have access to the entity through a direct assignment.

Project user section

Direct and Indirect Access

Section titled “Direct and Indirect Access”

As mentioned earlier, in 4HSE a user can obtain permissions in two ways:

1. Direct Access

Section titled “1. Direct Access”

This is the most straightforward method: a user is explicitly assigned to one of the groups of an entity (e.g., a project, office, or person). This manual assignment grants specific permissions on the selected entity and all entities directly linked to it.

2. Indirect Access (Inheritance)

Section titled “2. Indirect Access (Inheritance)”

Indirect access uses permission inheritance. Rights propagate consistently from higher-level entities to lower-level ones.

For example, a user assigned as a Project Manager automatically obtains permissions to manage the offices, people, and suppliers linked to that project.

Entities with Configurable Permissions

Section titled “Entities with Configurable Permissions”

The 4HSE permission system applies to several key entities:

  • Project – Represents the main management level; permissions set here propagate to linked entities. → See Project Permissions.

  • Office – Part of the project, representing a physical workplace. Allows assigning specific permissions to the office itself and to individual functional areas. → See Office Permissions.

  • Person – Represents an individual registered in 4HSE with their personal information. Permissions on this entity regulate access to personal data and linked items, with the option to use the Related User feature for profile access. → See Person Permissions and Related User.

  • Supplier – Permissions control access for external suppliers. → See Supplier Permissions.

  • Multi Company Project (available with the PRO plan) – Manages access for users working across multiple projects. → See Multi Company Permissions.