This help guide will detail how to create, customise, and manage advanced permissions in Tanda.
For introductory context about permissions in Tanda, see our help guide: Assign Permissions to Staff.
Note: You can access the Advanced Permissions settings discussed throughout this guide by navigating to Settings > All Settings > View all permission settings > Show Advanced Settings... > Customise access & roles here.
What Does This Help Guide Cover?
Customising Tanda's Default Permission Levels
If your organisation has more specific permission requirements than Tanda's default permission levels, you can further customise or create new permission levels to meet your requirements via Advanced Permissions. To begin, navigate to Settings > All Settings > View all permission settings > Show Advanced Settings... > Customise access & roles here.
About Role Types
All permission levels in Tanda (whether custom or default) have an underlying role type of either Organisation Admin, Manager, or Employee. These are the only three options. Underlying role types define the fundamental level of access each custom role has (broadly, Admins have full access, managers have some access, and Employees have limited access). Even if your role has a different name (e.g. Payroll Officer), its underlying role type will still be Organisation Admin, Manager, or Employee.
You can see which underlying role type a custom permission level has by navigating to Advanced Permission Settings and selecting 'View' next to the role. For example:
Alternatively, review the 'role type' column on the main table on the Customise Permissions page.
Pay close attention to which role type you select when creating a custom role, as this cannot be edited once a role has been created.
About Default Permissions
In addition to any custom roles you create, there are five default permission levels pre-configured in Tanda, which are detailed in the table below:
Default permission level | Underlying role type | Can be customised? |
Admin | Admin type | No |
Manager | Manager type | Yes |
Employee | Employee type | Yes |
General Manager | Admin type | Yes |
Payroll Officer | Admin type | Yes |
You can rename or customise any of our default permission levels (except for the default Admin role). To do so, click View > Edit Role. However, to ensure you always have a reference point in the future, default permission levels cannot be deleted.
If you are having trouble applying a certain role to staff, click View > Edit Role and ensure 'Role can be applied to staff' is ticked:
Customising Permission Levels
To customise your permission levels, navigate to Settings > All Settings > View all permission settings > Show advanced settings... > Customise access & roles here. You will see the following page:
To customise permission levels, click VIEW next to the role type, then use the toggles to modify specific settings for each permission level:
You can return the permission level to its default settings using the 'Apply Defaults' option. This reverts the permission level to the same default settings contained in the underlying role type (Admin, Manager or Employee):
For each permission toggle, you can click 'Show Edit History' to view a full audit history of any changes made to that permission:
You can use the 'See Tanda As' tool to test the impact of your changes. Access it by hovering over your profile photo and selecting 'See Tanda As.' This tool allows admins to impersonate users with different permission levels in Tanda to test what they can see and access.
How to Create a New Permission Level
To create a new permission level, click '+ NEW ROLE' in the top right of the page.
You will see the following page:
The Name and Description fields determine how the permission will appear on an employee's profile.
Role Type is the underlying role type of the custom permission level (either Organisation Admin, Manager, or Employee).
Sort Order determines the order in which permission levels are listed on an employee profile, where Admin will always appear first in position 0.
Role can be applied to employees determines whether the permission shows as an active option to be applied on employee profiles.
Ensure you click SAVE to create your custom role and confirm your changes. From there, edit the various toggles to customise this role's permission levels as desired.
How to Delete a Permission Level
You can delete any new permission levels you create. To delete a permission level, click 'edit role' and 'delete'. To do so, simply click DELETE on the main Customise Permissions page.
Alternatively, you can also prevent permission levels from appearing as an option on employee profiles by unticking 'Role can be applied to employees':
About the Underlying Admin, Manager and Employee Role Types
The following table provides further details on underlying role types:
Role Type | What the role type enables | What the role type can never do |
Admin (account default) | The account default Admin role can always access all settings. No restrictions can be placed on the default Admin account. Only default Admins can make other users default Admins | The account default admin role can never be deleted or customised. It will always exist as a permission level in your account. |
Custom Admin (additional custom permission levels based on the Admin role) | Can see and edit all pay information. Can edit most organisation settings | Custom Admin roles can never make other users Admins |
Manager | Managers can approve timesheets, manage leave requests and create rosters for employees that they are a 'manager of' | Managers can never edit organisation settings or modify award rules. |
Employee | Can clock in, apply for leave in Tanda and be rostered
| Employees can never approve leave requests or timesheets |
Preventing staff from seeing or editing wages on specific profiles
There are two main ways to configure who can see what wages. This is either through assigning a staff member both the Manager and General Manager permissions (more general), or through configuring the permission levels in relation to the Organisation Chart and Position Titles (more specific).
Manager & General Manager combination
With the Protect manager data setting turned on, Managers (with the see wages permission) can still see employee wages, but are unable to see the wages of any permissions above them (General Managers or Admins). General Managers can see the wages of employees and regular managers, but not that of Admins. Admins can see the wages for everyone in the account.
In the case that you want certain staff to have different permissions in terms of seeing each other's wages, the combination of the Manager and General Manager permissions is often used.
Because the GM permission level is ‘higher’ than the Manager permission, they will be able to see the Manager wages even with the above setting turned on. In turn, a user with the regular Manager permission will not be able to see the wages of the GM.
If you have two managers and want one to see the wages of the other, make that manager a General Manager.
However, General Managers are considered an ‘Admin’ type role. This means they will see the staff across all locations in the account. To have a GM have their access, but only for the location that they manage, assign a Manager-level permission to the user profile alongside the GM permission. This will allow the user to only see staff they directly manage, but have GM-level permissions for those staff.
Organisation Chart Permission Configuration
For each permission level, you can configure the following permission settings to determine which positions can see which wages:
Edit Wages Down Organisation Chart Only
When enabled with Edit Wages, this restricts wage editing to employees below the user in the Organisation Chart.
See Wages Down Organisation Chart Only
When enabled with See Wages, this limits visibility to employees who sit below the user in the Organisation Chart.
Note: These are only available on Manager and General Manager permission levels.
These permissions will refer to the Organisation Chart in the Positions tab. For more information on configuring the Org Chart, please see Getting Started: Organisation Charts.
This will allow you to have multiple staff on the same ‘level’, that have different abilities in terms of seeing or editing others’ wages. For this, the Protect manager data setting from above needs to be turned off.
Note: If a user is not included in the Organisation Chart (ie. they don’t have an applicable position), then they will not have their wages visible to someone with the See/Edit Wages Down Organisational Chart Only permission turned on.
Configuration Example
Configuration Example
For example, you might want to configure it so that General Manager A can see the wages of General Manager B, however GM B should not see the wages of GM A (but both can see the wages of General Managers and Managers beneath them).
Take into account the below Organisation Chart, and the permission levels given to those holding those Positions:
Say you want the Operations Manager to see the wages of the Assistant Operations Manager and everyone else beneath them. Say you also wanted the AOM to see the wages of everyone else beneath them, but you did not want the AOM to see the wages of the OM.
To achieve this, have the Operations Manager have their own GM permission level. Then, have the Assistant Operations Manager have a separate GM permission level. In the OM permission level, have just the See/Edit Wages permissions turned on. In the AOM permission level, turn on the See/Edit Wages Down Organisational Chart Only permission alongside the See/Edit Wages permission.
Important: In this scenario, you would need to ensure that the lower (but still GM) position of General/Store Manager also has a permission level with the See/Edit Wages Down Organisational Chart Only permission turned on.
This will mean that the Operations Manager can see the wages of everyone, including the Assistant Operations Manager, however, the Assistant Operations Manager can only see the wages of the General/Store Manager and Department Managers, since they are beneath the AOM in the Organisation Chart.