Incidents

Incidents roles and access

Incidents module permissions are set by module role: Member, Manager, or Admin. These roles control who can report, view, triage, investigate, and manage incidents. Roles are assigned per site in Settings > User Management.

Quick reference

Action

Member

Manager

Admin

Report incidents

Yes

Yes

Yes

View own incidents (reported by them)

Yes

Yes

Yes

View all incidents

No

Yes

Yes

Add comments

Yes

Yes

Yes

Triage and update incidents

No

Yes

Yes

Resolve and reopen incidents

No

Yes

Yes

View investigation steps

No

Yes

Yes

Create and edit investigation steps

No

Yes

Yes

View corrective actions

No

Yes

Yes

Access insights

No

Yes

Yes

Manage categories

No

Yes

Yes

Delete incidents and investigation steps

No

No

Yes

Reporting incidents

Members, Managers, and Admins can all report incidents. Incidents can be reported with or without an account. Anonymous reports can include optional contact details and must be anchored to a location or asset. Reporting options include scanning a QR code on a location or asset, using a site-wide incident QR code, or reporting directly from the incident module.

Authenticated users can enter a description, severity, category, time, location, asset, and photos when reporting. New incidents can be assigned automatically when a default assignee is configured. For details on QR codes, see Print and share incident reporting QR codes. For default assignees, see Set default assignees for incidents.

Investigation and actions

Members can create incidents and add comments, but they cannot see investigation steps or corrective actions. Managers can view all incidents, triage and update them, resolve and reopen them, and view all investigation steps and corrective actions. They can also create and edit investigation steps, access insights, and manage categories. Admins have the same operational access as managers, plus the ability to delete incidents and investigation steps.

For step-by-step instructions, see Investigate an incident and Manage incident actions.

Comments

Members can add comments on incidents they reported. Managers can see all comments on all incidents. Admins can see all comments. By default, anyone who can view an incident can see its comments. When Restrict Comment Viewing is enabled in Incidents settings, Members can only see comment threads they posted; Managers and Admins can see all threads.

Settings and configuration

Incident settings are under Settings > Incidents. The tabs are Categories, Medical Outcomes, Presenting Issues, Default Assignees, Report Channels, and Options. Members can view the settings page. Managers can edit categories, medical outcomes, and presenting issues. Changing options (such as Restrict Comment Viewing) requires Site Manager or Site Admin (update-site permission).

How to change an incident role

Roles are assigned per site and per module. To change someone's Incidents access:

  1. Go to Settings > User Management

  2. Find the person and click Edit Access

  3. In the Access Control table, set their role for the Incidents module at each site: Member, Manager, or Admin

  4. Click Save

If you do not see Edit Access, you need the Manager role (or higher) for the Site module. You need Site Manager or Site Admin (or organisation owner) to access User Management and use Edit Access. For a full overview of the three roles, see Understanding User Roles and Permissions. For reusable role configurations, see Module Entitlements and Permission Templates.

Access to a child site automatically grants at least Member access on parent sites. Parent-site access does not automatically include child sites — each site needs its own role assignment unless explicitly granted. Someone can be a Manager at one site and a Member at another.

Was this helpful?