Skip to main content

Customise Roles & Permission Levels (Advanced Permissions)

Learn how to customise Workforce.com’s default roles or create new permission levels to suit your organisation’s needs.

Updated over a week ago

What's covered in this guide?:

This guide explains how to manage roles and permission levels using Advanced Permissions.

What are permission levels?

A permission level (also referred to as a role) defines what actions a user can perform across the platform, such as viewing data, editing records, approving requests, or publishing rotas.

Every user is assigned one permission level, and that permission level determines their access throughout Workforce.com.

About Advanced Permissions

Advanced Permissions allow you to customise or create permission levels when the default roles do not meet your organisation’s requirements.

Using Advanced Permissions, you can:

  • Fine-tune what actions a role can perform

  • Create custom roles (for example, Assistant Manager or Supervisor)

  • Control access without giving full Admin permissions

How to access Advanced Permissions

To access Advanced Permissions:

  1. Settings > All Settings > Permissions > Advanced Permissions > Show Advanced Settings > Customise access & roles

Default permission levels

Workforce.com includes a set of default permission levels. Each permission level, whether default or custom, is based on an underlying role type.

You can see the underlying role type in the role’s description.

Default permission levels

Permission level

Underlying role type

Can it be customised?

Admin

Admin

No

Manager

Manager

Yes

Employee

Employee

Yes

General Manager

Admin

Yes

Payroll Officer

Admin

Yes

Important things to know

  • Default permission levels cannot be deleted

  • The default Admin role cannot be customised

  • Other default roles can be customised

  • General Manager and Payroll Officer are Admin-based roles that are turned off by default

To make General Manager or Payroll Officer available, edit the role and tick Role can be applied to staff.

Customise a permission level

You can customise any permission level except the default Admin role.

To customise a permission level:

  1. Go to Settings > Permissions > Advanced Permissions > Customise access & roles

  2. Select View next to the permission level you want to edit

  3. Use the toggles to enable or disable specific permissions

  4. Save your changes

Restore default settings

If changes are made unintentionally, select Apply defaults to restore the role to its original configuration.

Example: Allow managers to view employee start dates

By default, the Manager role cannot view certain employee details (such as start dates), as these are treated as sensitive data.

To allow managers to view start dates:

  1. Open Advanced Permissions

  2. Select the Manager permission level (or your custom manager role)

  3. Enable View sensitive data

  4. Save your changes

Things to note

  • This permission controls visibility only

  • Editing employee details may require additional permissions

  • General Managers can view start dates by default, as their role is Admin-based

Create a new permission level

You can create custom permission levels to better reflect your organisation’s structure.

To create a new permission level:

  1. Select + New role

  2. Enter:

    • Name

    • Description

    • Sort order

  3. Choose an underlying role type

  4. Tick Role can be applied to staff if the role should be assignable

  5. Save the role

Delete or disable a permission level

  • Only custom permission levels can be deleted

  • Default permission levels cannot be deleted

To delete a custom permission level:

  1. Open the role

  2. Select Edit role

  3. Choose Delete

To stop a role being assigned without deleting it:

  • Untick Role can be applied to staff

This keeps the role available for reference but prevents it being used.

Understand underlying role types

Each permission level is based on one of three role types.


The role type defines the scope of access, while permissions control specific actions.

Admin (default Admin role)

What it allows

  • Full access to all settings and data

  • Full visibility of pay and organisation information

  • Ability to manage roles and permissions

Limitations

  • The default Admin role cannot be customised or deleted

  • Only default Admins can assign default Admin access to other users

Custom Admin roles (Admin-based)

What they allow

  • Broad access to organisation and pay data

  • Ability to manage most system settings

Limitations

  • Cannot assign default Admin access to other users

Manager

What it allows

  • Team-based management

  • Creating and managing rotas

  • Approving timesheets and leave for managed staff

Limitations

  • Access is limited to managed teams

  • Organisation-wide settings remain restricted to Admin-based roles

Employee

What it allows

  • Clocking in and out

  • Viewing rotas

  • Requesting leave

  • Using employee self-service features

Limitations

  • Cannot approve timesheets or leave

  • Cannot access management or administrative settings

Important things to know about permission levels

  • Permission levels define what actions a role can perform

  • Manager Permissions and Employee Permissions work alongside role permissions

  • Viewing, editing, approving, and publishing are controlled separately

  • Permissions for your own data and other users’ data may differ

  • Changes apply immediately once saved

Assign Permissions to Staff

Did this answer your question?