Skip to main content

Access and audit

Permissions, audit events, and records you can actually review.

Named permissions, row-level security, audit events, and operational logs — so operators always know who saw what and what changed.

Evaluation focus

RBAC audit logs for workforce software

  • audit trail for employee schedule changes
  • role-based access control workforce platform
  • permissioned admin surfaces SMB
  • audit events for payroll prep
  • Named admin permissions and role assignments
  • Audit events for sensitive admin and billing actions
  • Organization-scoped RLS on every read
Access and audit
Roles, permissions, and audit

Owner

Full

Operations

12 named

Employee

Scoped

Recent audit events

  • Sam Q. document viewed2m
  • Payroll-prep export downloaded1h
  • Role updated · Avery T.3h

Generated layout — synthetic demo data.

Who it is for
  • Ops admins setting up role-based permissions
  • IT/security reviewers checking access controls
  • Finance/auditors looking at evidence trails for payroll prep

Built for these realities

The pain we hear from operators

Each pain point reflects real conversations with SMB operators evaluating workforce tools today. Yrka is shaped around these realities, not generic feature checklists.

All-or-nothing admin access

Workforce tools that only offer 'admin' or 'employee' make it impossible to delegate safely.

No record of who changed what

Schedule edits, billing changes, exports, and deletions disappear into the void without an audit event.

Org boundaries that leak across surfaces

Tools where one organization can accidentally see another's data are non-starters.

How teams use it

Use cases we ship for today

These are the moments this surface is built around. They map to shipped product behavior and the launch scope for this area.

Named admin permissions

Permissions and role assignments map to specific admin surfaces, not a single 'admin' bucket.

Sensitive action audit events

Audit events fire for sensitive admin, billing account, export, and deletion actions.

Permissioned surfaces

Navigation, route handlers, and read models hide or scope data based on explicit permissions.

Why Yrka here

What makes this different

Differentiators map to shipped product behavior. They are the reasons buyers pick this surface after comparing alternatives.

Organization-scoped RLS

Row-level security enforces organization scope at the database layer, not only in app code.

No certification claim

Controls support launch readiness but Yrka does not claim SOC 2, ISO 27001, HIPAA, or penetration-test attestation at launch.

Aligned with shipped controls

Trust posture maps to the audit, RLS, and permission code that actually runs in production.

How it flows

A workflow that mirrors how operators actually run the day

Three steps, three responsibilities.

  1. 01

    Grant

    Pick named permissions per role. Roles map to operators, supervisors, and employees.

  2. 02

    Enforce

    Permissions are enforced at routes and reads, not just in the UI. RLS scopes every query to the organization.

  3. 03

    Audit

    Sensitive actions emit audit events with actor, target, and context — searchable in admin reports.

What's inside

Access and audit highlights

  • Named permissions

    Granular permissions across schedule, time, records, communications, integrations, and billing.

  • Organization-scoped RLS

    Database-level scoping on every read — not relying on application checks alone.

  • Audit events

    Sensitive admin, billing, export, and deletion actions land in the audit log.

  • Work-item history

    Schedule, time, task, and message history connected to the underlying record.

  • Owner-confidence reports

    Snapshot reports for owners to see the state of operations at a glance.

  • Permission matrix

    Documented matrix of who can do what — for review and rollout planning.

Permissioned surfaces

Navigation, route handlers, and read models hide or scope data based on explicit permissions — not just front-end hints.

Operational, not certified

These controls support launch operations. They are not a SOC 2, ISO, HIPAA, or independent penetration-test attestation.

Scope

What's included, what's intentionally out of scope

Yrka maps every feature to its product claim so commercial conversations stay honest.

Included

  • Named admin permissions
  • Organization-scoped RLS
  • Audit events
  • Operational logs
  • Owner-confidence report snapshots
  • Permission matrix

Boundaries

  • SOC 2 attestation
  • ISO 27001 certification
  • Penetration-test attestation
  • Compliance guarantee

Questions

Common buyer questions

We surface the questions buyers actually ask — trial, support, export, mobile, payroll, provider, AI, and trust scope — in plain language.

How does the trial work?

Start with a 30-day card-required trial. Cancel anytime from the Stripe customer portal. Workspaces stay available for export or reactivation for 30 days after paid access ends.

Does Yrka process payroll or file taxes?

No. Yrka covers time tracking, scheduling, payroll-prep exports, and provider handoff. Customers stay in charge of payroll processing, tax filing, legal, and HR decisions.

What does mobile look like?

Responsive web and an installable PWA cover employee time entry, scheduling, resources, tasks, messages, and profile review. Employees see scoped offline read context plus queued supported writes with clear sync states.

Can we export our data?

Yes. Payroll-prep exports, schedule and time reports, and employee data exports are part of the core product. Customer data remains exportable for 30 days after paid access ends unless an earlier deletion is requested.

Ready to run the day on Yrka?

Start a 30-day trial in minutes, or book a working session to walk through the rollout with someone who has done this before.

Yrka uses optional analytics on the public site to understand page interest. The authenticated app does not load GA4.