A company workspace can have multiple users. Roles define what a user can view and what actions they can perform. Permissions are enforced on the server side within a single company context.
Roles are used to separate operational duties (for example: sales operations vs finance). Access to sensitive modules and high-risk actions may be restricted to specific roles.
Access to the Finance portal is restricted by design:
This boundary reduces exposure of financial data and limits high-risk actions to authorized roles.
Role separation supports internal controls and accountability. Certain actions (for example: exports or configuration changes) may also be recorded in audit logs for traceability.
Roles in FAOS control access within the Service. Customers remain responsible for their internal HR policies, approvals, and governance processes.
Related references: Security · Operational Controls · Audit Logs