Skip to main content
Customise permission levels

Learn how to customise Tanda's default permissions

Updated over a week ago

If your organisation has more specific permission requirements than Tanda's default permission levels offer, you can further customise or create new custom permission levels to meet your requirements using Advanced Permissions.

Advanced Permissions settings are located under Settings > All Settings > View all permission settings > Show Advanced Settings > Customise access & roles.

Customising Tanda's default permission levels

All permission levels in Tanda, whether custom or default have an underlying role type of either Admin, Manager or Employee.

You can see which underlying role type a custom permission is based off in the description of each:

You can re-name, customise or disable the default permission levels, but to ensure you always have a reference point in the future, the default permission levels cannot be deleted.

All of the default permission levels can be customised in the Advanced Permissions settings except for the default Admin type.

There are five default permission levels in Tanda detailed in the table below:

Default permission level

Underlying role type

Can be customised?


Admin type



Manager type



Employee type


General Manager

Admin type


Payroll Officer

Admin type


Note that the General Manager and Payroll Officer are pre-customised custom permissions which are based on the Admin role type. These are turned off by default:

To enable the General Manager or Payroll Officer permissions, click Edit role and tick Role can be applied to staff:

To customise permission levels, use the toggles to modify specific permissions for each permission level:

You can return the permission level to its default settings using the 'Apply Defaults' option. This returns the permission level to the same default settings contained in the underlying role type (Admin, Manager or Employee):

For each permission toggle, you can view the history of changes:

To test the impact of your changes, use the 'See Tanda As...' tool which allows you to experience what other users would be able to see.

How to create a new permission level

To create a new permission level click '+New' in the side panel on the left.

The name and description fields determine how the permission will appear on the employee profile:

  • Sort order is the order permission levels are listed on the employee profile, where Admin will always appear first in position 0

  • Role type is the underlying role type of the custom permission level (Admin, Manager or Employee)

  • Role can be applied to staff determines whether the permission shows as an option on the employee profile

How to delete a permission level

New permission levels that you create can be deleted. To delete a permission level, click 'edit role' and 'delete'.

You can also prevent permission levels from appearing as an option on employee profiles by unticking Role can be applied to employees:

About the underlying Admin, Manager and Employee role types

Role Type

What the role type enables

What the role type can never do

Admin (account default)

The account default Admin role can always access all settings. No restrictions can be placed on the default Admin account. Only default Admins can make other users default Admins

The account default admin role can never be deleted or customised. It will always exist as a permission level in your account.

Custom Admin (additional custom permission levels based off the Admin role)

Can see and edit all pay information. Can edit most organisation settings

Custom Admin roles can never make other users Admins


Managers can approve timesheets, manage leave requests and create rosters for employees that they are a 'manager of'

Managers can never edit organisation settings or modify award rules.


Can clock-in, apply for leave in Tanda and be rostered

Employees can never approve leave requests or timesheets

Did this answer your question?