WatheeqTech · Capability

Roles, Access & Separation of Duties

Governance-grade access control for legal work: a ready 14-role matrix, enforced separation of duties, and a tamper-evident audit trail, so every action is authorised and every decision independently reviewed.

Request a demo Back to WatheeqTech20 capabilities
14-Role Legal Permission MatrixLive

A ready-made set of 14 named legal-department roles, each carrying exactly the rights it needs, so teams are governed from day one instead of hand-building permissions.

Granular View / Add / Edit / Approve / Close RightsLive

Every action across contracts, cases, investigations, settlements, consultations and requests is governed by fine-grained View, Add, Edit, Approve and Close rights, so each user does only what their role permits.

Restricted Assign & Distribute Work-Allocation RightsLive

Assigning a case to a lawyer or distributing a contract for handling are dedicated, restricted privileges held only by managers and supervisors, so work is allocated by the right authority alone.

Organisational-Structure-Based AccessLive

Permissions can be scoped to the org chart, so a user's rights follow the entities and units they are responsible for and cascade sensibly down the hierarchy.

Enterprise Single Sign-On (SSO)Configurable

Users sign in with their existing corporate identity through the organisation's identity provider, removing separate passwords and centralising joiner and leaver control.

Dynamic Separation of DutiesLive

Whoever drafts or initiates a matter is automatically blocked from approving or closing it, even if their role would allow it, and the rule binds administrators too with no bypass.

Static Role-Conflict ExclusionsLive

Incompatible roles cannot be granted to the same person for the same scope, and no operational role can also be the independent Auditor, so conflicts are stopped at the moment access is granted.

Two-Distinct-Approver (Four-Eyes) EnforcementLive

On multi-step and multi-tier approvals the platform guarantees two genuinely different approvers, so high-value decisions always carry independent review.

Tamper-Resistant Approve & Close TransitionsLive

Sensitive status changes such as approving or closing a matter always demand the specific approve or close right and can never be slipped through a broader general edit permission.

Delegation-of-Authority Signing LimitsConfigurable

Approvals that require formal signing authority are checked against verifiable delegation-of-authority evidence and value limits, so only a properly authorised person can sign off at a given value.

Role-Aware Login & Persona LandingLive

When users sign in they land directly on the workspace built for their role: a command centre for the Legal Director, the service desk for a requester, compliance for an auditor.

Role-Scoped Navigation & Action GatingLive

The sidebar, menus and on-screen action buttons adapt to each user's role, showing only the areas and controls they are entitled to use.

Persona Switcher for Multi-Role UsersLive

Users who legitimately hold more than one legal role can switch between them from a single control, instantly re-scoping their workspace without logging out or holding multiple accounts.

Effective-Permissions Session ContractLive

The application always knows a signed-in user's precise effective permissions, keeping the interface and the enforced rules in step so users never see actions they will later be denied.

Immutable Audit Log of All OperationsLive

Every material action — who did what, to which record, and when — is recorded to an append-only trail that cannot be altered or deleted, giving a complete, trustworthy history.

Data Encryption at Rest & in TransitLive

Sensitive personal and legal information — investigation details, settlement terms, contract parties and payment terms — is encrypted at the application layer and in transit.

Tenant Data IsolationLive

Each organisation's data is strictly isolated at the database level, so one tenant's information can never be reached from another even through a compromised query.

In-Kingdom Data Residency EnforcementConfigurable

The platform can enforce that a tenant's legal data stays within a defined geographic boundary, backing sovereignty commitments with a technical control rather than a policy promise.

Attribute-Based Access RefinementConfigurable

On top of role-based rights, tenants can layer optional attribute rules — for example limiting visibility to a specific department — for finer control where a role alone is too broad.

One-Click Governance Provisioning for New TenantsConfigurable

Standing up a new legal department automatically applies the full governance baseline — the 14-role matrix, separation-of-duties rules, service catalog, working calendar and approval templates — so a new organisation is fully governed from first login.

See this in your own environment

Governance-grade access control for legal work: a ready 14-role matrix, enforced separation of duties, and a tamper-evident audit trail, so every action is authorised and every decision independently reviewed.

Roles, Access & Separation of Duties — WatheeqTech — Clario360