---
title: "Knit - Get User Role Information from HRIS / Directory"
description: "Get User Role Information from HRIS / Directory"
source_url: "https://www.getknit.dev/solutions-use-cases/get-user-role-information-from-hris-directory"
page_type: "use-case-playbook"
---

_This page is a detailed implementation playbook for a specific Knit integration use case: “Knit - Get User Role Information from HRIS / Directory”._

# Knit - Get User Role Information from HRIS

HRIS

  Get User Role Information from HRIS / Directory

### Step 1: Extract Job Titles and Organizational Structure from Employee Data

Begin by syncing the organizational context available in Knit's standardized employee data models. While HRIS platforms don't provide a unified "role" API, they all maintain organizational structure information that indicates employee responsibilities and appropriate access levels.

**Key organizational fields for RBAC:**

*   `designation` (job title): Primary indicator of job function and responsibility level
*   `department`: Functional unit that determines baseline access requirements
*   `manager` relationship: Enables approval workflow routing and permission inheritance
*   `employmentType`: Contractors vs. full-time employees often have different access policies
*   Custom fields: Organizations store access-relevant attributes in custom HRIS fields

### Step 2: Use Passthrough API for HRIS-Specific Role and Group Data

While standardized employee models provide organizational structure, some HRIS platforms maintain proprietary role assignment or group membership systems. Use Knit's passthrough API to make direct calls to HRIS-specific endpoints when you need access to platform-specific role data.

**Passthrough API Endpoint:** `POST https://api.getknit.dev/v1.0/passthrough`

**When to use passthrough vs. standardized models:**

*   **Use standardized models** when job title and department provide sufficient role context
*   **Use passthrough API** when the HRIS has specific role/group assignment features
*   **Use custom fields** when organizations store role data in unmapped HRIS fields

### Step 3: Map HRIS Roles to Application Permissions and Access Policies

With organizational attributes and any platform-specific role data extracted, implement the mapping logic that translates HRIS roles into your application's access permissions.

**Access policy patterns:**

| Policy Type | HRIS Attributes Used | Access Rule Example |
| --- | --- | --- |
| Department-based | department | All employees in "Finance" department receive ERP system access |
| Job-title-based | designation (parsed) | Job titles containing "Manager" receive approval permissions |
| Hierarchy-based | manager relationship | Managers receive access to direct reports' data and approval authority |
| Employment-type-based | employmentType | Contractors (CONTRACT) receive restricted access vs. full-time (FULL\_TIME) |
| Custom attribute | customFields | Employees with "Security Clearance: Confidential" receive classified system access |

## Key APIs and Employee Fields for Role-Based Access Control

| Model | Field | Access Control Use Case |
| --- | --- | --- |
| employee\_orgStructure | designation | Job title-based permission assignment (e.g., "Senior Engineer" → development environment access) |
| employee\_orgStructure | department | Department-based baseline access (e.g., "Finance" → ERP system access) |
| employee\_orgStructure | manager | Approval routing and permission inheritance |
| employee\_profile | employmentType | Contractor vs. employee access policies (FULL\_TIME → full access, CONTRACT → restricted) |
| employee\_customFields | Platform-specific attributes | Custom role indicators (e.g., "Security\_Clearance: Confidential" → classified system access) |

### Job Title Parsing Patterns for Role Classification

| Job Title Pattern | Role Classification | Typical Permissions |
| --- | --- | --- |
| Contains "Manager," "Director," "VP," "Head of" | Management role | Approval authority, team resource access, elevated permissions |
| Contains "Senior," "Lead," "Principal" | Senior individual contributor | Write access, code review approval, mentor permissions |
| Contains "CEO," "CFO," "CTO," "Chief" | Executive role | Organization-wide read access, strategic approvals, audit access |
| Contains "Engineer," "Developer" | Technical role | Development environment access, code repository, technical tools |
| Contains "Analyst," "Specialist" | Operational role | Functional tool access based on department, read-focused permissions |

## Wrapping Up: Systematic Role-Based Access Control from HRIS Data

Implementing role-based access control becomes systematic and audit-ready when built on authoritative HRIS organizational data. Instead of maintaining separate role assignment spreadsheets or relying on manual permission requests, extract job titles, departments, manager relationships, and custom role attributes directly from the HRIS source of truth.

**Key capabilities unlocked:**

*   **Standardized organizational data:** Extract designation (job title), department, and manager relationships from 30+ HRIS platforms in unified format
*   **Job function-based access:** Parse job titles to automatically categorize employees and assign appropriate baseline permissions
*   **Department-based permissions:** Use department assignments to grant functional access
*   **Manager-based approvals:** Extract manager relationships to automatically route access requests to appropriate approvers
*   **Platform-specific role access:** Use passthrough API to retrieve HRIS-specific role assignments when standard fields are insufficient
*   **Audit-ready role assignments:** Create documentation showing access permissions derived from verified HRIS data

## Built for Scale, Speed,  
and Simplicity


## Related pages

- [Use cases hub](https://md.getknit.dev/use-cases)
- [Solutions hub](https://md.getknit.dev/solutions)
