Permission levels determine what each staff member is able to view and edit in Tanda.
The default permission levels are Admin, Manager and Employee.
Admin
Admins can access everything in Tanda and can also assign permissions to other staff.
Manager
Managers can manage the rosters, timesheets and leave for teams that they are a Manager Of.
Employee
The Employee permission gives the ability to record worked hours, submit leave applications and be rostered in Tanda. This is the permission required for anyone who uses Tanda for their own employment.
Employees are allocated to teams that they work in. The teams and employee works in determines where they can be rostered, and which managers will be able to manage those employees.
Admins or Managers who also use Tanda for their own employment will also need the Employee permission level assigned in addition to their manager or admin permission level.
The below table is a summary of the main differences between the permission levels:
| Admin | Manager | Employee |
Can have timesheets | ❌ | ❌ | ✅ |
Can be rostered | ❌ | ❌ | ✅ |
Edit organisation settings | ✅ | ❌ | ❌ |
Assign user permissions | ✅ | ❌ | ❌ |
Edit roster | ✅ | ✅ | ❌ |
Approve leave | ✅ | ✅ | ❌ |
Approve timesheets | ✅ | ✅ | ❌ |
Customise default permission levels
What each permission level can do can be customised under Settings > Permissions. Examples of actions you can restrict include:
The ability to see costs
The ability to approve leave
The ability to edit / approve timesheets
The ability to see the full roster / leave calendar for a Team or Location
The ability to enter Time Off.
Manage access to reports
To control staffs access to Tanda reports, follow these steps:
Navigate to Reports > Bi Reporting. This page shows a list of available reports, and which roles are able to access those reports as shown below.
Click the name of the report you would like to customize.
In Report Access, add or remove the users you want to have access to the report
Click Update
Advanced permissions customisation
You can create and edit permission levels. To see how, refer to the Customise permission levels guide.
Granting account access
New staff gain access to Tanda via an invitation email. If the blue 'Invite to Tanda' button is visible on the employee profile, that means this employee is yet to be sent an invitation to join the Tanda account.
Removing Account Access
Account access is removed by deactivating the employee profile or clicking 'Unlink Tanda profile' under the email field of a profile.
Best practices for managing security and privacy
Consider who has visibility of employment records now, and match these people to the correct Tanda permission level.
Test the impact of changes to permission level structures by having an admin select 'see Tanda as' in profile circle drop down to confirm what the role is able to see and do in the account.
When any permissions are added or removed from a user, an audit trail will be left below the employee profile detailing when the change was made, and who made the change.