Skip to main content

How to Use the Access Explainer

A guide to using the Access Explainer tool to audit and understand who can see what in your Comprehensive account, and why.

O
Written by Osiris Childs

Overview

The Access Explainer is a permissions audit tool that answers two critical questions: "Who can see what?" and "Why do they have that access?" It lives under Settings → Access → Access explainer.

It has two main tabs: Individual Report and Company Report.

Individual Report

Use this tab to inspect a single employee's access. Select an employee from the search dropdown at the top. Once selected, you'll see their name, title, and role tags (e.g. Admin, Manager, HRBP, Proposer, Approver, Permission profile member).

The Individual Report has three subtabs:

1. "Who [Name] can see"

Shows every employee that the selected person has visibility into, and why.

Each row shows the visible employee's name, title, and one or more colored reason badges explaining the access path. You can filter by access path using the chips at the top (e.g. Proposer, HRBP, Admin, Approver, Manager, Permission profile). You can search by name or employee ID. You can download a CSV of the full list.

The reason badges tell you exactly why someone has access:

  • Proposer — They own a comp proposal that includes this person.

  • Approver — They directly approve a budget containing this person.

  • HRBP (cycle) — They're an HRBP supporting an approver in a review that includes this person.

  • HRBP (direct) — They have a direct HRBP relationship with this person.

  • Manager — They manage this person (in a cycle with released award letters).

  • Permission profile — They're a member of a permission profile that grants access.

  • Admin — Company admin bypass (can see everyone).

Hover over any badge to see the specific review name, approver, or profile that grants the access.

2. "Who can see [Name]"

The reverse view — shows every person in the company who has visibility into the selected employee, and via which path.

⚠️ Important: This subtab requires the Company Report to be generated first (since it needs the full company access graph). If you haven't generated one yet, you'll see a prompt to do so.

3. "Pay ranges [Name] can see"

Shows which compensation bands (family, level, track, zone) the selected employee can view, and whether the access comes from a proposal relationship or a permission profile.

Company Report

Use this tab to get a bird's-eye view of access across every employee in your company.

Click "Generate report" to start. This processes every active employee's access footprint, so it takes a moment — you'll see a progress bar ("Processing user X of Y…"). You can navigate away; the report will be ready when you return.

Reports are cached for ~24 hours and refreshed nightly. Click "Refresh" to regenerate manually.

Once generated, the report shows a table with one row per employee:

  • Name — Employee name

  • Role — Their role in the company

  • Title — Job title

  • Employees — Count of people they can see

  • Ranges — Count of pay ranges they can see

  • Top paths — Their most common access reasons with counts (e.g. "PROPOSER: 15, APPROVER: 8")

You can filter by role using the chips at the top, and search by name or employee ID. Click any row to jump directly to that person's Individual Report.

You can also download a CSV of the full company report.

Why This Matters for Admins

  • Audit & compliance — Verify that the right people have the right access before, during, or after a comp cycle. No guesswork.

  • Troubleshooting — When someone says "I can't see this person" or "Why can they see my data?", you can look up the exact access paths and identify what's missing or unexpected.

  • Permission profile validation — After setting up or changing permission profiles, confirm they grant exactly the access you intended.

  • Cycle prep & cleanup — Before launching a review cycle, check who will be able to see what. After a cycle, verify access has narrowed appropriately.

  • Least-privilege checks — Use the Company Report to spot outliers — employees with unusually broad access — and investigate whether that access is justified.

  • Reverse lookups — The "Who can see [Name]" view is especially useful for sensitive employees (executives, etc.) where you want to confirm a tight circle of visibility.

In short, the Access Explainer gives you full transparency into your company's compensation data permissions — not just what someone can see, but exactly why they can see it.

Did this answer your question?