OrgOS security model is made up of two main components: profiles and roles. These concepts are essential to understand how OrgOS controls access to data.
Profiles determine what objects (e.g. Employee, Document, Time off request, etc.) a user can see. There are 5 different predefined profiles you can use to manage the access rights of your employees.
By default, all users are assigned to the profile 'Employee'. If someone needs more access rights, you can assign additional profiles to your employees. To do that, go to Settings > Profiles & permissions and add as many employees to the profiles as you need.
To check the access of a standard profile just click on the name and you can see, which checkboxes are set.
OrgOS automatically generates a role hierarchy based on the field Reports to, mirroring the organizational structure of the company. That way, the access of supervisors is limited to the employees which are directly below them in the role hierarchy.
Roles determine what records a user can access for a specific object. As an example, a user with the profile 'Manager' can access Employee records but can't see all employee records, only those immediately below them in the role hierarchy.
In case non of the custom profiles matches your needs, you can create your own profile. Go to Settings > Profiles and permissions > Create profile (+Button). Choose a name and start defining the access rights of this profile.