Back home
People

Know the team.

An org chart that matches how your business actually works — reporting lines, teams, departments, and the quiet structures in between.

A living org chart.

Live, browsable, and filterable by business unit. New hires show up; reporting changes flow through immediately.

Primary and dotted lines.

Real organisations have managers, team leads, and matrix reporting. BantuHR draws all three without forcing a single hierarchy.

Cohorts and intakes.

Onboard interns, graduates, or seasonal hires as a single cohort with shared start dates and policies.

Mentorship, separate.

Mentors and mentees are tracked outside the reporting graph — because the relationship is a different kind of important.

When the org chart matches reality, everything downstream gets easier — approvals, comms, growth conversations.
Book a demo
Permissions + Admin

Permissions that follow the org graph.

Most HR tools make you build a permissions matrix by hand and then re-do it every time someone's promoted. BantuHR derives the matrix from the org graph: appoint a department head and they get the right verbs on the right subtree automatically.

DirectManagerScope

Direct manager

Auto-attached the moment a worker has a direct report via reporting_line. Read + approve on every primary report in the subtree.

DepartmentHeadScope

Department head

Auto-attached when department.head_worker_id is set. Full managerial verbs across the department subtree, plus people:write within scope.

TeamLeadScope

Team lead

Auto-attached when team.lead_worker_id is set. Read + write team membership; read leave / attendance / profile for every team member.

SecondaryManagerScope

Secondary / dotted-line

Read-only across the dotted-line subtree. Vice department heads pick this up automatically too.

IAM engine
  • AWS-style IAM policies. Allow / Deny statements, action verbs, resource templates, conditions. Deny-wins evaluation.
  • Manager-scope auto-attach. Make someone a department head; they automatically gain read + approve on their subtree.
  • ${self.*} placeholders. Self-service verbs scope to ${self.worker_id} / ${self.dept_subtree} so one policy fits every manager.
  • Authorization audit log. Every Allow / Deny is recorded — compliance-grade, no sampling, no truncation.
  • Default-allow self-service. Workers submit own leave, clock own attendance, upload own docs without an explicit grant.
Admin tooling
  • Multi-tenant from day one. Every row carries a tenant_id; the switcher lets one user serve many organisations.
  • Feature flags by plan. Standard / Pro / Enterprise tiers enable modules per tenant. Disable and the routes 404.
  • Tenant logo + brand. Drop a logo; it shows up in the sidebar, every email header, and every payslip PDF.
  • Super-admin tooling. Per-tenant view-as, password reset, suspension, audit feed — for support without database access.
Dashboard
  • Customisable home. Each user picks their stat tiles + list panels; tenant admin sets the org-wide default.
  • BCEA cap warnings. Pending payslip surfaces any deferred deductions before you finalise the period.