Skip to main content

Overview

Firstwork uses role-based access control with four user roles. Each role determines which areas of the platform are accessible, what actions can be performed, and what data is visible.

Role Summary


Admin

Admins are the primary operators of the platform within a company. They have access to all company-specific modules.

What Admins Can Access

Conditional Features

Some admin features are only visible when specific capabilities are enabled for the company:

Applicant

Applicants are job candidates who interact with hiring flows. Their experience is focused entirely on the application process.

What Applicants Can Do


Worker (Contractor)

Workers are hired individuals who have transitioned from the applicant stage. Their experience focuses on onboarding, ongoing tasks, and document management.

What Workers Can Do

First-Time Worker Experience

When a new worker logs in for the first time, they are automatically directed to their onboarding flow. Only after completing onboarding do they see the full worker dashboard.

Platform Staff (SuperUser)

Platform staff are Firstwork employees who manage the platform across all companies. They have the highest level of access.

What Platform Staff Can Do

User Impersonation

Platform staff can impersonate any admin or worker across any company. This is used for troubleshooting and support. While impersonating, the staff member sees the platform exactly as the target user would. A visual indicator is displayed to make it clear that impersonation is active.

Access Control Principles

Authentication Required

All platform functionality requires authentication. Unauthenticated users can only access:
  • Public job posting pages
  • Login and registration pages
  • Password reset pages
  • Invite acceptance pages

Role Isolation

Each role has access only to its designated areas. An applicant cannot access admin tools; an admin cannot access platform staff tools. Attempting to access unauthorized areas results in a “not found” response.

Company Isolation

Data is isolated by company. Admins can only see data belonging to their own company. Platform staff can switch between companies but data from different companies is never mixed. Within a company, resources can be scoped to specific legal entities. This allows organizations with multiple subsidiaries to maintain separate compliance requirements and configurations while sharing a single platform account.