Incident Management Roles & Permissions

  • Updated on Apr 29, 2025
  • Published on Apr 29, 2025
  • 1 minute(s) read
Prev Next

Serenity provides a layered permissions model to ensure the right people have access to the right incident data — without overexposing sensitive information.

By default, all users in the system can report incidents and follow up on the status of the incidents they reported, regardless of their role or license. This supports a safety-first culture by making it easy for all employees to contribute without needing special access or licensing.

For more advanced use cases, Serenity offers a set of licensed user roles that give expanded access and control within the Incident Management module.

Default Access (No Special Role Required)

Capability

All Users

Report a new incident

View the status of an incident they reported

Receive updates about their own incidents

Licensed Roles for Incident Management

These roles require appropriate licensing. Admins should consult with their Serenity Sales Representative before provisioning new roles.

EHS User (x_sehs_hs.user)

Designed for: Site-level EHS team members

  • Can view and take action on incidents assigned to them or their group

  • Cannot view or edit incidents that are not assigned to them

  • Ideal for decentralized teams working at a specific location

💡 Use this role to limit visibility to site-specific or role-specific work

EHS Manager (x_sehs_hs.manager)

Designed for: Regional or organizational-level safety leads

  • Has access to all incidents across the organization

  • Can reassign incidents to different users or groups

  • Can reopen closed incidents

  • Can view all incident types, including:

    • Injuries & illnesses

    • Spills or hazardous material releases

    • Property or vehicle damage

💡 This role is ideal for users responsible for monitoring trends, managing EHS staff, or coordinating organization-wide responses.

Privacy Case Viewer (x_sehs_hs.privacy_case)

Designed for: Users who need access to sensitive injury records

  • Allows users to view the details of privacy cases (as defined by OSHA)

  • Can be provisioned to EHS Users and EHS Managers as needed

  • EHS Admins inherit this role automatically

💡 Privacy Case Viewer access ensures compliance with OSHA guidelines on confidentiality when dealing with personally identifiable information (PII).

EHS Admin (x_sehs_hs.admin)

Designed for: System administrators and EHS program owners

  • Full access to all incidents and reports

  • Can delete incidents, injuries, spill/release reports, and damage records

  • Can configure incident management settings

  • Inherits all permissions from EHS Manager and Privacy Case Viewer

💡 This role should be reserved for trusted users who are responsible for system configuration and oversight.

Summary: Who Can Do What?

Action

All Users

EHS User

EHS Manager

Privacy Case Viewer

EHS Admin

Report incident

View assigned incidents

View all incidents

Reassign incidents

View privacy case details

❌*

❌*

Delete incident records

Configure module settings

*Users need the Privacy Case Viewer role to view privacy case details.


Related articles