Permission levels determine what each staff member is able to view and edit in Tanda.
Employee, Manager, and Admin are the three main permission levels in Tanda. All staff profiles begin with the Employee permission level until a higher level is assigned to them.
Admin
Admins can access everything in Tanda and can also assign permissions to other staff.
Manager
Assign the Manager permission to staff who use Tanda to create rosters and approve timesheets, but don't require access to everything in Tanda.
Employee
Assign the Employee permission to staff who use Tanda to be rostered or record their own worked hours. Admins or Managers who also Tanda will also need the Employee permission level assigned.
The below table is a summary of the main differences between the different permission levels:
Admin | Manager | Employee | |
Time Clock attendance | ❌ | ❌ | ✅ |
Appears on roster | ❌ | ❌ | ✅ |
Edit organisation settings | ✅ | ❌ | ❌ |
Assign user permissions | ✅ | ❌ | ❌ |
Edit roster | ✅ | ✅ | ❌ |
Approve leave | ✅ | ✅ | ❌ |
Approve timesheets | ✅ | ✅ | ❌ |
Manager permissions over the teams that they are assigned to as a manager.
Configure Permission Levels
What each permission level can do can be customised by an Admin under Settings > Permissions. Examples of actions you can restrict include:
The ability to see costs
The ability to approve leave
The ability to edit / approve timesheets
The ability to see the full roster / leave calendar for a Team or Location
The ability to enter Time Off.
These permissions can be further configured via Settings > Permissions > Advanced - Access & Roles.
Assign Permission Levels to Staff
If you wish to assign permission levels to staff:
go to staff profile page > Personal tab > Permission Levels
Assign the permission level by ticking the box next to it
Click Update Employee Details at the bottom of the page to save the change
Granting Account Access
New staff gain access to Tanda via an invitation email. If the blue 'Invite to Tanda' button is visible on the employee profile, that means this employee is yet to accept their invitation and set a password.
Removing Account Access
Account access is removed by deactivating the employee profile or clicking 'Unlink Tanda profile' under the email field of a profile.
Best practices for managing security and privacy
Consider who has visibility of employment records now, and match these people to the correct Tanda permission level.
Test the impact of changes to permission level structures by having an admin select 'see Tanda as' in profile circle drop down to confirm what the role is able to see and do in the account.
When any permissions are added or removed from a user, an audit trail will be left below the employee profile detailing when the change was made, and who made the change.