This help guide will define and detail permissions in Tanda, including assigning permissions to staff, managing access to reports, granting and removing account access, customising advanced permissions, FAQs, and more.
Important: Typically, if you cannot view or access something in Tanda (e.g. Reports, Timesheets, Rosters), it is because you have the incorrect permission level. Skip ahead to our Troubleshooting and FAQS section for further guidance.
What Does This Guide Cover?
Permissions in Tanda Explained
Permission levels determine what each staff member can view and edit in Tanda. The default permission levels are Admin, Manager, and Employee.
Assigning Permissions to Staff
To view, edit, or manage a staff member's permission levels, navigate directly to their staff profile (Workforce > Staff). Simply tick or untick the appropriate permission levels as desired, ensuring you click 'Update Employee Details' at the bottom of the page to save your changes.
Permission Levels Explained
Below, we will explain the main differences between the Admin, Manager, and Employee permission levels.
Admin: Admins can access everything in Tanda. They can also assign permissions to other staff.
Manager: Managers can view and access rosters, timesheets, and leave for teams they manage. Learn more about assigning someone as a team manager in our Locations and Teams help guide.
Employee: The Employee permission allows employees to record worked hours, submit leave applications, and be rostered in Tanda, but it hides sensitive cost information such as salaries, reports, timesheets, and more.
Employees are allocated to teams they work in. The teams employees work in determine where they can be rostered and who can manage those employees. For instance, a manager from a team that an employee doesn't work in cannot view their rosters, approve their leave, etc.
Admins or Managers who also use Tanda as employees will need the Employee permission level as well as their Manager or Admin permission level. You can have multiple permission levels.
Differences Between Permission Levels
The table below summarises the main differences between the Admin, Manager, and Employee permission levels:
| Admin | Manager | Employee |
Can have timesheets | ❌ | ❌ | ✅ |
Can be rostered | ❌ | ❌ | ✅ |
Edit organisation settings | ✅ | ❌ | ❌ |
Assign user permissions | ✅ | ❌ | ❌ |
Edit rosters | ✅ | ✅ | ❌ |
Approve leave | ✅ | ✅ | ❌ |
Approve timesheets | ✅ | ✅ | ❌ |
Customising Default Permission Levels
You can customise what the Manager and Employee permission levels can do by navigating to Settings > Permissions > View all permission settings.
Examples of actions you can customise include:
Whether managers can see staff costs
Whether team manager can edit/approve their own timesheets
Whether employees can approve leave requests
Whether employees can update their own qualifications
Whether employees can edit their own timesheets
Whether manager costs are visible in total roster costs
And more!
Customising Advanced Permission Levels
You can also create new permission levels and edit existing permission levels via advanced settings. To do so, navigate to Settings > Permissions > View all permission settings > Show advanced settings... > Customise access & roles here.
On this page, you can create new custom role types (e.g. General Manager, Payroll Officer) and edit the permission settings for existing roles in granular detail.
To learn more, see our Customise permission levels help guide.
Managing Access to Reports
To manage and control which user permission levels can access Tanda reports, follow these steps:
Navigate to the Reports tab, then scroll to the bottom of the page and click BI Reporting under Advanced Reporting Links.
This page lists available reports in Tanda and shows which role types can access them. For example:
Click the name of the report you want to customise.
In Report Access, add or remove the role-types who should have access to the report.
Click Update to save your changes.
IMPORTANT: Employees cannot access reports by default to protect sensitive information such as salaries. Ensure you are absolutely certain and have considered all relevant privacy implications before granting Employees access to any reports.
To learn more about reporting permissions and managing access to reports, see our Managing Reports help guide.
Granting Account Access
New staff can only gain access to Tanda via an invitation email. To do so, navigate to their staff profile via Workforce > Staff and click the blue Invite to Tanda button.
Alternatively, you can invite new staff to Tanda by navigating to Workforce > Staff > + Add Staff and selecting the appropriate option (paperless onboarding is highly recommended).
Learn more in our Access Your Tanda Account and Add or Import Staff help guides.
Removing Account Access
To remove an employee's account access, navigate to their Staff Profile, scroll to the bottom of the page, and select 'Deactivate Profile.'
You'll be prompted to confirm this selection and give an optional reason for termination.
After deactivating an employee's profile, you can still view them in the Deactivated Staff list. You can find this by clicking the Tools drop-down on the Staff page. Here, you will see all of your deactivated staff. When an employee is listed under Deactivated Staff, you can still view their existing rosters and timesheets for historical records.
Learn more in our Deactivate a staff profile help guide.
Best Practices For Managing Permissions, Security, and Privacy
Please never attempt to remove or delete the native Admin role type. Doing so can have significant ramifications and even remove your account access altogether.
Consider who has visibility of your employment records now, and match these people to the correct Tanda permission levels.
Please consider privacy implications (such as revealing salaries or other sensitive information) before updating your default permission settings.
You can test the impact of permission level changes by having an admin select 'see Tanda as' from the profile circle drop-down menu. This way, they can impersonate other users with different permission levels to confirm what they access in your account.
Whenever permissions are added or removed from a user, an audit trail detailing when and who made the changes will be left below the employee profile.
Troubleshooting and FAQs
How can I allow staff members to see and manage their leave and unavailability?
How can I allow staff members to see and manage their leave and unavailability?
You can adjust the settings in Tanda to allow all staff to see everyone's leave and unavailable dates. To do so, go to Settings > All Settings > Permissions, then find the "Allow employees to view the full leave calendar" option. Enable this setting and choose whether staff can view the calendar for their teams or the entire location. Note that this feature only works with My Tanda on the desktop site, not the mobile app.
How can I customise who can approve leave?
How can I customise who can approve leave?
To customise who can approve leave, navigate to Settings > Permissions > View all permission settings > Show Advanced Settings... > Customise access & roles here.
Then, scroll down and look for the permissions that control leave requests:
Toggle these on or off to enable or disable settings as desired.
Why can't I delete an admin account?
Why can't I delete an admin account?
Admin accounts in Tanda have special protections. You can't delete the default Admin type, and Admin users are excluded from automated deactivation processes. This is a security measure to maintain access control. If you need to remove an Admin, you'll need to have another Admin account deactivate it manually.
Where can I go to manage permission settings?
Where can I go to manage permission settings?
To manage default permissions, navigate to Settings > Permissions > View all permission settings.
To manage advanced permission settings, navigate to Settings > Permissions > View all permission settings > Show advanced settings... > Customise access & roles here.