PayGap supports role-based and legal-entity-based access. This means that not every user needs access to the whole organisation. Admins can invite members, assign roles, update access rights, remove users when access is no longer needed, and decide whether a user should see all legal entities or only selected ones.
Important: This step is mainly needed if you want to manage access across the organisation. If everything is handled by a central team, you can skip it for now. Legal entities do not need to be created in advance - the system can recognise them during upload. Create them earlier only if you want to assign access before uploading data. Access can be updated at any time, so this step is not mandatory upfront.
When to use this article
Use this article when you want to:
invite a new user to PayGap;
decide which role a user should have;
give a user access to all legal entities or only selected legal entities;
update or remove an existing member;
delegate data upload or configuration work to a Legal Entity Admin;
create legal entities before the data upload so that another user can later work with them.
Key information
PayGap has different access levels so that organisations can control who can configure the platform, upload or edit legal entity settings, and view data.
Admins can invite users, manage organisation-level settings, create and manage legal entities, manage access for all members, and remove users from the organisation.
Legal Entity Admins can manage settings and data for the legal entities assigned to them. This role is useful when configuration or upload tasks should be delegated, but access should remain limited to specific legal entities.
Members can view data only. They can only see the legal entities they have been granted access to.
Legal entity access applies across the entire platform. If a member only has access to selected legal entities, they will only see data for those legal entities in dashboards, analysis pages, and filters. This also applies when filtering by country: the results will only include legal entities the user is allowed to see.
Available roles
Role | What the user can do |
Admin | Can invite users, configure the organisation, create and manage legal entities, manage access for all members, and remove users from the organisation. |
Legal Entity Admin | Can upload and edit legal entity analysis settings for the legal entities assigned to them. |
Member | Can view data only, limited to the legal entities they have access to. |
The Legal Entity Admin role is designed for fine-grained authorization. It allows organisations to delegate operational tasks without giving the user full Admin access to the entire organisation.
Inviting a new member
To invite a new member:
Go to Manage members
Enter the user’s email address.
Select the role you want to assign:
Admin
Legal Entity Admin
Member
Click Invite.
The user will receive an invitation email with a link to complete their account and join the organisation.
Managing access for an existing member
Admins can update access for existing members from the Manage members section.
In the members table, you can see:
the user;
their current role;
whether they have access to all legal entities or only selected legal entities;
when they joined the organisation.
To change a user’s access:
Go to Manage members.
Find the relevant user.
Click the three-dot menu on the user row.
Select Manage access.
Update the role or legal entity access.
Click Save at the bottom of the panel.
You can choose between two access models.
Access to all legal entities
Use this option when the user should have access to the whole organisation.
If access to all legal entities is enabled, the user will also automatically receive access to new legal entities created in the future.
This is usually appropriate for central HR, reward, compensation, legal, or global project team members who need a full organisational view.
For users with the Legal Entity Admin role, access to all legal entities means they can view, upload, and manage data across all legal entities. However, they will not be able to manage organisation-wide settings or invite new users.
Users with the Admin role have full access, including organisation settings and user management.
Access to selected legal entities or countries
Use this option when the user should only access part of the organisation.
Admins can select specific legal entities, or grant access based on countries where relevant. The user will only see data for the selected scope.
This is useful when local HR, country teams, or local Legal Entity Admins should only work with the entities they are responsible for.
Removing a member
Admins can remove users from the organisation when they should no longer have access to PayGap.
To remove a member:
Go to Manage members.
Find the relevant user in the members table.
Click the three-dot menu on the user row.
Select Remove member.
Confirm the action.
After a member is removed, they will no longer be able to access the organisation in PayGap.
Removing a member only removes their user access. It does not remove legal entities, uploaded data, analysis results, or historical configuration created for the organisation.
Before removing an Admin, make sure that at least one other Admin still has access to manage the organisation, users, and settings.
How legal entity access affects what users see
If a user has access to only two legal entities, they will only see data from those two entities in the platform. Even if they use a country filter, the results will not include legal entities they are not allowed to access.
This helps organisations keep sensitive pay data limited to the right users while still allowing local teams to work in the platform.
Creating legal entities before upload
Legal entities can be created during the upload process, but they can also be created earlier. If you prefer to create them as part of the upload flow, see the dedicated article on data upload for more details: Upload employee data to PayGap
Creating them in advance is useful when an Admin wants to prepare the organisation structure before delegating work to a Legal Entity Admin. For example, an Admin may create the relevant legal entities first, grant access to a Legal Entity Admin, and then allow that person to upload or configure data only for those entities.
To create a legal entity:
Go to Organisation.
Open Legal entities.
Click Create.
Enter the legal entity name.
Select the country.
Add one or more identifiers.
Optionally grant access to selected members directly in the form ( you can also do that later in the Manage members section)
Click Create.
Why identifiers are important
Identifiers are used to map uploaded data to the correct legal entity.
The identifier entered in PayGap should match the identifier used in the uploaded file. This is how the system knows which records belong to which legal entity.
Before creating or uploading data for legal entities, check that identifiers are consistent with the source file. If the identifier in the file does not match the identifier in PayGap, the system may not map the data as expected.
If a legal entity name changes, the existing identifier can still be used to keep continuity. A Legal Entity Admin cannot create new legal entities, but where they have access to an assigned legal entity, they may be able to connect new identfier with the existing legal entity.
Practical example
A company has legal entities in several countries. The central Admin team wants the local HR manager in France to upload and review data only for the French entities.
In this case, the Admin can:
Create the French legal entities in Organisation → Legal entities.
Add identifiers that match the upload file.
Invite the local HR manager as a Legal Entity Admin.
Grant access only to the French legal entities.
Ask the Legal Entity Admin to upload or manage the relevant data.
The Legal Entity Admin will be able to work with the assigned legal entities, but they will not see data for other parts of the organisation.
Common questions
Can a Member see all company data?
Only if they have been granted access to all legal entities. Otherwise, they will only see data for the legal entities assigned to them.
What happens if I give someone access to all legal entities?
They will see all existing legal entities and will automatically get access to new legal entities created in the future
Can I limit access by country?
Yes. Where available, access can be granted for specific legal entities or countries. The user will only see data within that assigned scope.
Can a Legal Entity Admin create new legal entities?
No. Creating new legal entities is an Admin-level action. Legal Entity Admins are intended to manage data and settings for legal entities assigned to them.
Can I grant access when creating a legal entity?
Yes. When creating a legal entity, you can grant access to selected members directly in the form. You can also do this later from Manage members.
What happens when I remove a member?
The user will no longer have access to the organisation in PayGap. Removing a member does not delete uploaded data, legal entities, analysis results, or organisation settings.
Why does the identifier need to match the upload file?
Because PayGap uses identifiers to map uploaded records to the correct legal entity. The identifier in PayGap should match the identifier used in the data file.