Permission Roles for Multi-Team and Full User Access
Creating multi-team and full permission roles requires the Tempo Team Administrator permission.
Users must have the Browse Projects Jira Project permission to access worklog and plan data for multiple teams or their entire organization.
Tempo permission roles let you grant specific permissions to Tempo users. In cases where managers need access to multiple teams – or even to their entire organization – you can create permission roles to give them the permission to view, manage, and/or approve all plans and timesheets, as well as manage teams. The Permission Roles page in Tempo Settings allows you to create these multi-team and/or full permission roles quickly and easily, as well as get a clear view of who has access to which teams' data.
Within the context of these permission roles:
Role users are the people who have access to the applicable groups.
Role access defines the teams or groups to which these people have access. Full access gives people access to the entire organization (including individuals who are not part of a team), while Restricted access limits access to specific teams.
Only users with Tempo Timesheets installed will see the permissions listed under Worklogs.
Only users with Tempo Planner installed will see the permissions listed under Plans.
Creating Permission Roles for Multiple Teams
To grant managers access to data from users in multiple teams, you can create a separate permission role to define their access. These multi-team permission roles are helpful for managers who would like to see multiple teams' data in reports, as well as managers who need to approve timesheets and/or plans for multiple teams.
To create multi-team permission roles:
Go to Tempo Settings and select Permission Roles in the sidebar (under Data Access). This shows you all of the team permission groups in your organization.
To add a new permission role, click + Add permission role in the upper right.
Enter a name for the permission role, and select the permissions this role should have.
Click + Add users and select the Role users who should have these permissions.
Select which teams the Role users can access by clicking Restricted and then Set Teams.
Click the checkmark icon to save.
When users are granted access to a team via a Permission Role on this page, this permission role will be visible on the respective team's Permissions page, but it can't be altered there. You can control access to and edit multi-team permission roles only from the Permission Roles page.
Please note that when you add users to multi-team permission roles, it may take up to 30 minutes for the permission settings to take effect.
Creating Permission Roles for Full Access
To grant a select group of managers full access to all Tempo users, you can create a permission role to define their access. Full permission roles are intended in particular for your organization's upper management, such as your CEO and CFO, so that they can generate reports on Tempo data across your company.
To create full permission roles:
Go to Tempo Settings and select Permission Roles in the sidebar (under Data Access). This shows you all of the team permission groups in your organization.
To add a new permission role, click + Add permission role in the upper right.
Enter a name for the permission role, and select the permissions this role should have.
Click + Add users and select the Role users who should have these permissions.
Select Full, which gives the selected Role users full access to all Tempo teams and users.
Click the checkmark icon to save.
If you grant the Approve Timesheets team permission across your organization, administrators can approve timesheets only for people who are members of teams.
If you have the View Worklogs permission at the Full access level for a permission role, you can see all worklogs created by all Tempo users (even non-team members), regardless of the users’ Jira status: active, inactive, or deleted. See Tempo Permissions and Inactive or Deleted Jira Users for more information.
Managing Permission Roles
Since all teams' permission roles are displayed on the Permissions Roles page, it provides you with a powerful tool to manage and streamline permission roles across your organization. For example, if you see that the same permission role is shared across many teams, you can consolidate them all into a single role.
Roles with the highest level of access appear first (farthest left), while roles with less access are displayed on the right. That means that full permission roles are displayed first, followed by multi-team permission roles and then single team permission roles.
Single team permission roles are displayed first by team (in alphabetical order) and then by role name (also by alphabetical order).
To manage permission roles:
Search by team name or permission role name using the search bar in the upper left.
Filter by user using the drop-down next to the search field.
Add or remove specific permissions for a permission role by checking or unchecking their boxes.
Add or remove users from a permission role by clicking on the user names in the Role users field, then adding or deleting users in the dialog box.
Change the type of access for a permission role by toggling between Restricted and Full.
Add or remove teams included in a Restricted permission role by clicking on the team names in the Role access field, then adding a team or removing its access in the dialog box.
Save all changes you made to a permission role by clicking the checkmark icon .
Delete a permission role by clicking the trashcan icon.
As noted above, when users are granted access to teams via the Permission Roles page, this permission role will be visible within the respective team's permissions page. However, it is only possible to control access and edit privileges for multi-team or full permission roles from within the Permission Roles page.