As the organization grows, Sarah carefully manages access control so employees only see and modify the information required for their responsibilities.
Using RBAC, she assigns roles and permissions across departments, payroll, attendance, reporting, and administration while ensuring sensitive company data remains protected.
Roles and permissions are configured successfully, and every request across the platform is validated against the user’s assigned access scope.
| Failure | What the user sees | What happens next |
|---|---|---|
| Duplicate role name | Validation rejects duplicate role creation | Use a unique role name |
| Delete role with active assigned users | Role deletion blocked | Reassign users before deleting the role |
| Permissions modified for an active role | Updated permissions apply immediately | Affected users receive updated access automatically |
| User has no assigned role | All protected access is blocked | Administrator assigns a valid role |
| Unauthorized resource access attempt | 403 access denied response | Attempt is blocked and audit logged |
| Access attempt outside assigned scope | Request rejected | User must operate within permitted scope |
| Scenario | Behavior | Why |
|---|---|---|
| Role scope configured for all departments versus selected departments | Access enforced exactly according to role scope configuration | Maintains tenant-safe least-privilege access control |
| Field-level permission restrictions enabled | Restricted fields become hidden or read-only | Supports fine-grained access governance |
ZettaHRM
A modern HRM workspace for employee management, attendance tracking, leave approvals and structured day-to-day HR operations.