July 2026: Incident Management System - Categories by User Role
Not every incident should be visible to every member of staff. Role-Based Category Visibility gives administrators more control over who can access sensitive incident categories, helping organisations protect confidential information and ensure incidents are only visible to the right teams.
What it is and why it matters
Role-Based Category Visibility is a new Incident Management System feature that allows you to control which user roles can view specific incident categories.
Previously, all incident categories were visible to every user within an office, regardless of whether they needed access to them. This meant that sensitive categories — such as HR, security or safeguarding incidents — could be seen by users who were not authorised to view them.
With this update, you can now restrict access to selected categories so that only users in approved roles can see them. These permissions are enforced across the dashboard, incident history, reports and the add-incident form.
This helps improve confidentiality, strengthen access control and reduce the risk of sensitive incident information being viewed by the wrong people.
When to use this in the Incident Management System
This feature is useful when your organisation has incident categories that should only be visible to certain teams or roles.
It is particularly relevant if you:
-
manage sensitive incident types such as HR, safeguarding or security matters
-
need to limit visibility of certain categories to authorised staff only
-
want to improve confidentiality without affecting access to standard incident categories
-
have different user groups who should only see incidents relevant to their responsibilities
For example, you may want a security-related category to be visible only to security teams, while remaining hidden from cleaning, retail or other general staff roles.
How it works at a high level
Administrators can apply role-based restrictions to incident categories in the Categories section of Incident Management Settings.
For each category, one or more roles can be assigned. Once roles have been added, only users in those roles can view that category and any incidents logged against it. This restriction applies consistently across key areas of the product, including the dashboard, incident history, reports and the add-incident form.
Categories with no roles assigned remain visible to all users, so unrestricted categories continue to work as normal.
Restricted categories are clearly identified with a “Restricted” badge, making them easy for administrators to recognise. Access control is enforced server-side, helping ensure restrictions are applied consistently and securely.
Super admins always retain visibility of all categories, so system administrators will not lose access to important configuration or historical records.
Best practice tips
To get the most value from this feature, we recommend the following:
Start with your most sensitive categories
Review your existing incident categories and begin by applying restrictions to the ones that contain the most confidential information, such as HR, safeguarding or security-related categories.
Check your role setup first
Before assigning restrictions, make sure your Role Management settings are accurate and up to date so the correct users are included in the correct roles.
Keep unrestricted categories open where appropriate
Not every category needs to be restricted. Leave general operational categories unrestricted where broad visibility supports day-to-day working.
Use restrictions consistently
Apply a clear internal approach to which categories should be limited and why. This helps keep permissions easy to manage over time.
Remember that super admins retain access
Super admins can always view all categories, so ensure this level of access is limited to the right system administrators within your organisation.