This help guide will detail how to create, customise, and manage advanced permissions in Tanda.
For introductory context about permissions in Tanda, see our help guide: Assign Permissions to Staff.
Note: You can access the Advanced Permissions settings discussed throughout this guide by navigating to Settings > All Settings > View all permission settings > Show Advanced Settings... > Customise access & roles here.
What Does This Help Guide Cover?
Customising Tanda's Default Permission Levels
If your organisation has more specific permission requirements than Tanda's default permission levels, you can further customise or create new permission levels to meet your requirements via Advanced Permissions. To begin, navigate to Settings > All Settings > View all permission settings > Show Advanced Settings... > Customise access & roles here.
About Role Types
All permission levels in Tanda (whether custom or default) have an underlying role type of either Organisation Admin, Manager, or Employee. These are the only three options. Underlying role types define the fundamental level of access each custom role has (broadly, Admins have full access, managers have some access, and Employees have limited access). Even if your role has a different name (e.g. Payroll Officer), its underlying role type will still be Organisation Admin, Manager, or Employee.
You can see which underlying role type a custom permission level has by navigating to Advanced Permission Settings and selecting 'View' next to the role. For example:
Alternatively, review the 'role type' column on the main table on the Customise Permissions page.
Pay close attention to which role type you select when creating a custom role, as this cannot be edited once a role has been created.
About Default Permissions
In addition to any custom roles you create, there are five default permission levels pre-configured in Tanda, which are detailed in the table below:
Default permission level | Underlying role type | Can be customised? |
Admin | Admin type | No |
Manager | Manager type | Yes |
Employee | Employee type | Yes |
General Manager | Admin type | Yes |
Payroll Officer | Admin type | Yes |
You can rename or customise any of our default permission levels (except for the default Admin role). To do so, click View > Edit Role. However, to ensure you always have a reference point in the future, default permission levels cannot be deleted.
If you are having trouble applying a certain role to staff, click View > Edit Role and ensure 'Role can be applied to staff' is ticked:
Customising Permission Levels
To customise your permission levels, navigate to Settings > All Settings > View all permission settings > Show advanced settings... > Customise access & roles here. You will see the following page:
To customise permission levels, click VIEW next to the role type, then use the toggles to modify specific settings for each permission level:
You can return the permission level to its default settings using the 'Apply Defaults' option. This reverts the permission level to the same default settings contained in the underlying role type (Admin, Manager or Employee):
For each permission toggle, you can click 'Show Edit History' to view a full audit history of any changes made to that permission:
You can use the 'See Tanda As' tool to test the impact of your changes. Access it by hovering over your profile photo and selecting 'See Tanda As.' This tool allows admins to impersonate users with different permission levels in Tanda to test what they can see and access.
How to Create a New Permission Level
To create a new permission level, click '+ NEW ROLE' in the top right of the page.
You will see the following page:
The Name and Description fields determine how the permission will appear on an employee's profile.
Role Type is the underlying role type of the custom permission level (either Organisation Admin, Manager, or Employee).
Sort Order determines the order in which permission levels are listed on an employee profile, where Admin will always appear first in position 0.
Role can be applied to employees determines whether the permission shows as an active option to be applied on employee profiles.
Ensure you click SAVE to create your custom role and confirm your changes. From there, edit the various toggles to customise this role's permission levels as desired.
How to Delete a Permission Level
You can delete any new permission levels you create. To delete a permission level, click 'edit role' and 'delete'. To do so, simply click DELETE on the main Customise Permissions page.
Alternatively, you can also prevent permission levels from appearing as an option on employee profiles by unticking 'Role can be applied to employees':
About the Underlying Admin, Manager and Employee Role Types
The following table provides further details on underlying role types:
Role Type | What the role type enables | What the role type can never do |
Admin (account default) | The account default Admin role can always access all settings. No restrictions can be placed on the default Admin account. Only default Admins can make other users default Admins | The account default admin role can never be deleted or customised. It will always exist as a permission level in your account. |
Custom Admin (additional custom permission levels based on the Admin role) | Can see and edit all pay information. Can edit most organisation settings | Custom Admin roles can never make other users Admins |
Manager | Managers can approve timesheets, manage leave requests and create rosters for employees that they are a 'manager of' | Managers can never edit organisation settings or modify award rules. |
Employee | Can clock in, apply for leave in Tanda and be rostered
| Employees can never approve leave requests or timesheets |