This help guide will detail how to create, customise, and manage advanced permissions in Tanda. For introductory context about permissions, see our Assign Permissions to Staff help guide.
Note: You can access the Advanced Permissions settings discussed throughout this guide by navigating to Settings > All Settings > View all permission settings > Show advanced settings... > Customise access & roles here.
Customising Tanda's Default Permission Levels
If your organisation has more specific permission requirements than Tanda's default permission levels, you can further customise or create new permission levels to meet your requirements via Advanced Permissions.
About Role Types
All permission levels in Tanda, whether custom or default, have an underlying role type of either Admin, Manager or Employee. These are the only three options. Underlying role types define the fundamental level of access each custom role has (broadly, Admins have full access, managers have some access, and Employees have limited access). Even if your role has a different name (e.g. Payroll Officer), its underlying role type will still be either Admin, Manager, or Employee.
You can see which underlying role type a custom permission level has by navigating to Advanced Permission Setting and reading its description. For example:
Pay close attention to which role type you select when creating a custom role, as this cannot be edited once a role has been created.
About Default Permissions
In addition to any custom roles you create, there are five default permission levels in Tanda, which are detailed in the table below:
Default permission level | Underlying role type | Can be customised? |
Admin | Admin type | No |
Manager | Manager type | Yes |
Employee | Employee type | Yes |
General Manager | Admin type | Yes |
Payroll Officer | Admin type | Yes |
You can rename or customise any of our default permission levels (except for the default admin type). However, to ensure you always have a reference point in the future, default permission levels cannot be deleted.
Note that the General Manager and Payroll Officer permissions are pre-set custom permissions, which are based on the Admin role type. These are turned off by default:
To enable the General Manager or Payroll Officer permissions, click Edit role and tick Role can be applied to staff:
Customising Permission Levels
To customise your permission levels, navigate to Settings > All Settings > View all permission settings > Show advanced settings... > Customise access & roles here. You will see the following page:
To customise permission levels, use the toggles to modify specific settings for each permission level:
You can return the permission level to its default settings using the 'Apply Defaults' option. This returns the permission level to the same default settings contained in the underlying role type (Admin, Manager or Employee):
For each permission toggle, you can click 'Show Edit History' to view a full audit history of changes made to that permission:
You can use the 'See Tanda As' tool to test the impact of your changes. Access it by hovering over your profile photo and selecting 'See Tanda As.' This tool allows admins to impersonate users with different permission levels in Tanda to test what they can see and access.
How to Create a New Permission Level
To create a new permission level click '+New' in the side panel on the left.
The name and description fields determine how the permission will appear on the employee profile:
Sort order is the order permission levels are listed on the employee profile, where Admin will always appear first in position 0
Role type is the underlying role type of the custom permission level (Admin, Manager or Employee)
Role can be applied to staff determines whether the permission shows as an option on the employee profile
How to Delete a Permission Level
New permission levels that you create can be deleted. To delete a permission level, click 'edit role' and 'delete'.
You can also prevent permission levels from appearing as an option on employee profiles by unticking Role can be applied to employees:
About the Underlying Admin, Manager and Employee Role Types
Role Type | What the role type enables | What the role type can never do |
Admin (account default) | The account default Admin role can always access all settings. No restrictions can be placed on the default Admin account. Only default Admins can make other users default Admins | The account default admin role can never be deleted or customised. It will always exist as a permission level in your account. |
Custom Admin (additional custom permission levels based off the Admin role) | Can see and edit all pay information. Can edit most organisation settings | Custom Admin roles can never make other users Admins |
Manager | Managers can approve timesheets, manage leave requests and create rosters for employees that they are a 'manager of' | Managers can never edit organisation settings or modify award rules. |
Employee | Can clock-in, apply for leave in Tanda and be rostered
| Employees can never approve leave requests or timesheets |