NewBIR TRAIN Law brackets are now live in WORKSPHR. Learn more
Security Solution

Every action logged. Every permission scoped.

What is RBAC + audit logging in WORKSPHR?

A seven-role baseline with 70+ granular permissions, a custom role builder scoped to department or position, and a tamper-evident audit log recording every Create / Update / Delete / Login / Export action. Read-only by design, defensible in DOLE and SOC 2 audits.

Most local HR tools either give every admin god-mode or hide the audit log behind a six-figure enterprise tier. WORKSPHR ships RBAC and the audit viewer on every plan, because “who deleted that employee record” should not be a question with no answer.

Book a DemoSee Security Posture

When access controls are an afterthought

Most Filipino HR tools were built around “HR can do everything, employees can do nothing”. That breaks the moment you have a payroll specialist who shouldn't see promotions, or a manager who needs leave approval but not salary visibility. The fixes get hacked into Excel, with predictable consequences.

God-mode admins
5 staff with full delete + export, 0 accountability
NPC + DOLE exposureno audit trail = no defense if data is leaked
Salary leaks
Manager sees compensation he shouldn't, by accident
≈ PHP 100K+ per incidentmorale damage, retention loss, legal review
Audit "we don't know"
DOLE asks who edited the 201 file, no answer exists
≈ PHP 500K+remediation cost + amplified audit fees
Off-boarding bombs
Resigned admin still has prod access for 90+ days
PHP 50K–500Kper data exfiltration / unauthorized access incident

Five tools, one access & audit story.

Roles, permissions, custom builder, audit viewer, compliance export. Built into the platform from day one, available on every plan, no enterprise upsell.

Seven roles ship pre-configured: super_admin, org_admin, hr_manager, hr_staff, manager, employee, contractor. Each has a sensible default permission set you can clone and customize. Most clients never need to build a role from scratch.

  • super_admin (cross-tenant) · org_admin (full org)
  • hr_manager · hr_staff (no delete, no export)
  • manager (own dept only) · employee (own data)
  • contractor (limited views, no payslip)
Book a Demo

From provisioning to audit, in three steps.

Step
1

Pick from 7 baseline roles

Day-1 setup uses the seven defaults. Most companies need zero customisation to start, just assign each user one of super_admin, hr_manager, manager, employee, etc.

Step
2

Build custom roles as you grow

When you need "Payroll Specialist (no delete)" or "Branch Manager Cebu" (dept-scoped), the role builder ships them in minutes. The four-tier guard chain enforces them on every endpoint.

Step
3

Audit anything, anytime

Any org_admin or hr_manager can pull "who deleted that 201 file" or "who exported the alphalist" in seconds. Pipe the same stream to Datadog or hand a CSV to your auditor.

  • What roles ship out of the box?
    Seven: super_admin, org_admin, hr_manager, hr_staff, manager, employee, contractor. Each ships with a sensible default permission set you can clone, scope to a department, and customize. Most clients never need to build a role from scratch.
  • Can I scope a role to one department?
    Yes. The role builder has a Department + Position field. A role scoped to BPO/Operations sees only BPO/Operations rows even on endpoints that would otherwise return all employees. Department RBAC is enforced as the fourth tier in the guard chain (Subscription → SDO → RBAC → Department).
  • What gets recorded in the audit log?
    All significant data mutations: Create, Update, Delete, Login, Logout, Export, Import, Approve, Reject. Each entry stores timestamp (Asia/Manila), user, action, resource type and ID, IP address, user agent, status (Success/Failure/Partial), and a JSON diff of old vs new values. Read-only GET requests are not logged to keep the trail focused on actionable changes.
  • Can audit logs be edited or deleted?
    No. Audit logs are read-only by design, available only to org_admin and hr_manager roles. There is no UI or API to mutate them. The append-only behavior is enforced at the database layer to keep the trail defensible in a DOLE or SOC 2 audit.
  • How long are audit logs kept?
    Indefinitely on Enterprise plans, 24 months on Growth, 12 months on Starter. CSV/JSON export is available on all plans so you can ship logs to your SIEM (Datadog, Sumo, ELK) for longer retention if needed. Webhook streaming is available on Growth and Enterprise.
More on WORKSPHR

Related security & compliance tools

Hand-picked modules that work natively alongside RBAC and the audit log.

Featured

Security

Encryption at rest & transit, WAF, secret rotation, SOC 2 controls. The wider security posture.

Explore Security →

Data Privacy

RA 10173 (DPA) compliance, breach response, DPO tooling.

DOLE Compliance

RA 11058 OSH, Form 32, 201 audit-ready exports.

Multi-Tenant Enterprise

Cross-tenant audit search for parent IT teams.

Stop guessing who did what.

Book a 30-minute demo. We'll walk you through role provisioning, the permission matrix, and the audit log viewer, live.

Book a DemoSee Security posture →