The Whistleblower module has three distinct permission levels that control what users can see and manage:
Role |
Access Level |
Description |
Super Administrator |
Full module management |
Complete control over settings and all reported incidents |
Module Administrator |
All reported incidents |
Can view and manage all reported incidents |
Assigned Handler |
Assigned reports only |
Can only view reports specifically assigned to them |
Important: People who want to submit incidents don’t need any module access – they use the public reporting page.
Super Administrator Permissions
What Super Administrators Can Do
- Manage email templates for whistleblowers
- Configure the public reporting page
- Manage incident categories
- Manage all reported incidents
- Assign people to handle reports (assignees must have module access)
- Be assigned to handle reports themselves
Required Permission Settings
App/Feature |
Access to module/feature |
Creating new records |
Managing records (edit/delete) |
Settings |
Yes |
Yes |
Manage only own records OR Module Administrator |
Whistleblower |
Yes |
– |
Module Administrator |
Module Administrator Permissions
What Module Administrators Can Do
- Manage all reports submitted by whistleblowers
- Assign people to handle reports (assignees must have module access)
Required Permission Settings
App/Feature |
Access to module/feature |
Creating new records |
Managing records (edit/delete) |
Whistleblower |
Yes |
– |
Module Administrator |
Assigned Handler Permissions
What Assigned Handlers Can Do
- Be assigned to handle specific reports by administrators
- View and manage only reports assigned to them
Required Permission Settings
App/Feature |
Access to module/feature |
Creating new records |
Managing records (edit/delete) |
Whistleblower |
Yes |
– |
Manage only own records |
Important Security Notes
Who Should NOT Have Access
Do not set up any module access for:
- Regular employees (unless they’re assigned handlers)
- External contractors
- Anyone not directly involved in incident management
Access Control Best Practices
- Limit access to only those who need to handle reports
- Use assigned handlers rather than full administrator access where possible
- Regular review access permissions to ensure they remain appropriate
Quick Setup Guide
Setting Up a Super Administrator
- Go to Settings > User Permissions
- Edit the user’s permission group
- Set Whistleblower Module access and management rights
- Set Settings access and management rights
- Save changes
- Assign them to specific reports as needed
Setting Up Report Handlers
- Go to Settings > User Permissions
- Give users Module Access: Yes
- Set Management Rights: Manage only own records
- Save changes
- Assign them to specific reports as needed