Permission levels determine what each staff member is able to view and edit in Tanda.

Employee, Manager, and Admin are the three main permission levels in Tanda. All staff profiles begin with the Employee permission level until a higher level is assigned to them.


Admins can access everything in Tanda and can also assign permissions to other staff.


Assign the Manager permission to staff who use Tanda to create rosters and approve timesheets, but don't require access to everything in Tanda.


Assign the Employee permission to staff who use Tanda to be rostered or record their own worked hours. Admins or Managers who also Tanda will also need the Employee permission level assigned.

The below table is a summary of the main differences between the different permission levels:




Time Clock attendance

Appears on roster

Edit organisation settings

Assign user permissions

Edit roster

Approve leave

Approve timesheets

Manager permissions over the teams that they are assigned to as a manager.

Configure Permission Levels

What each permission level can do can be customised by an Admin under Settings > Permissions. Examples of actions you can restrict include:

  • The ability to see costs

  • The ability to approve leave

  • The ability to edit / approve timesheets

  • The ability to see the full roster / leave calendar for a Team or Location

  • The ability to enter Time Off.

These permissions can be further configured via Settings > Permissions > Advanced - Access & Roles.

Assign Permission Levels to Staff

If you wish to assign permission levels to staff:

  1. go to staff profile page > Personal tab > Permission Levels

  2. Assign the permission level by ticking the box next to it

  3. Click Update Employee Details at the bottom of the page to save the change

Granting Account Access

New staff gain access to Tanda via an invitation email. If the blue 'Invite to Tanda' button is visible on the employee profile, that means this employee is yet to accept their invitation and set a password.

Removing Account Access

Account access is removed by deactivating the employee profile or clicking 'Unlink Tanda profile' under the email field of a profile.

Best practices for managing security and privacy

  • Consider who has visibility of employment records now, and match these people to the correct Tanda permission level.

  • Test the impact of changes to permission level structures by having an admin select 'see Tanda as' in profile circle drop down to confirm what the role is able to see and do in the account.

  • When any permissions are added or removed from a user, an audit trail will be left below the employee profile detailing when the change was made, and who made the change.

Did this answer your question?