Security — TPMS | Tantita Personnel Management System

Security Pillars

Six Pillars of
TPMS Security

Security in TPMS is not an afterthought — it is embedded into the architecture, access model, and operational design of the platform.

Role-Based Access Control

Every user is assigned a specific role — from Staff to Executive Management. Each role carries a precise set of permissions. Users can only see, create, edit or approve what their role authorises. There is no privilege escalation without administrative action.

Data Segmentation

PRFs, MRFs, HR records, vendor data and asset information are partitioned by role permissions. A store officer cannot view finance records. A field initiator cannot access executive-level reports. Each department's data is protected from lateral access by other roles.

Complete Audit Trail

Every action taken within TPMS — form submissions, approvals, revisions, logins, data changes — is logged with the user's identity, their IP address, the action performed, the affected record, and a precise timestamp. Audit logs are immutable and accessible to administrators.

Authenticated Sessions

All TPMS sessions are managed via Laravel's secure authentication framework with encrypted session tokens, CSRF protection on all forms, and automatic session expiry on inactivity. Passwords are hashed using bcrypt and never stored in plain text.

Workflow Enforcement

The system programmatically enforces the approval workflow — an approver cannot skip stages, a Finance officer cannot sign off at Stage 2, and an initiator cannot approve their own request. All workflow state transitions are validated at the server level, not just the interface.

Server-Side Validation

All form inputs are validated and sanitised on the server side, regardless of client-side checks. The system defends against SQL injection, XSS attacks, and CSRF forgery. Sensitive operations require fresh authentication confirmation before execution.

Permission Matrix

Who can do
what in TPMS

A clear reference of what each role can access and perform across the key modules of the platform.

Role	Raise PRF	Approve PRF	Manage Store	Manage Vendors	View Assets	Edit Assets	HR Access	HSES Module	View Reports	Admin Panel
Super Admin
Executive Management
Procurement Manager
Finance Officer
Department Head
Store Officer
HR Officer
HSES Officer
Asset Manager
Accounts Officer
Vendor Manager
Logistics Officer
IT Administrator
General Staff

Full Access Partial / Read-Only No Access

Audit Trail

Every action.
Permanently recorded.

What the Audit Trail Captures

TPMS maintains a comprehensive, immutable record of every significant action performed within the platform. Administrators and auditors can review the complete history of any record at any time.

User Identity — Full name and role of the person who performed the action
Timestamp — Exact date and time of every action, stored in server time
Action Type — Create, update, approve, reject, revise, delete, login, logout
Affected Record — PRF number, MRF reference, asset ID, employee record, etc.
Field Changes — Previous value and new value for any data modification
IP Address — The network address from which the action was performed
Workflow Stage — Current PRF/MRF stage at time of each action
Notes & Reasons — Revision reasons, rejection comments, approval remarks

System Audit Log

Live