Permission Roles for Multi-Team and Full User Access
Creating multi-team and full permission roles requires the Tempo Team Administrator permission.
Users must have the Browse Projects Jira Project permission to access worklog and plan data for multiple teams or their entire organization.
Tempo permission roles let you grant specific permissions to Tempo users. In cases where managers need access to multiple teams – or even to their entire organization – you can create permission roles to give them the permission to view or manage worklogs, as well as manage teams. The Permission Roles page in Tempo Settings allows you to create these multi-team and/or full permission roles quickly and easily, as well as get a clear view of who has access to which teams' data.
Within the context of these permission roles:
Role users are the people who have access to the applicable groups.
Role access defines the teams or groups to which these people have access. Full access gives people access to the entire organization (including individuals who are not part of a team), while Restricted access limits access to specific teams.
Creating Permission Roles for Multiple Teams
To grant managers access to data from users in multiple teams, you can create a separate permission role to define their access. These multi-team permission roles are helpful for managers who would like to see multiple teams' data in reports, as well as managers who need to approve timesheets and/or plans for multiple teams.
Â
To create multi-team permission roles:
Go to Tempo Settings and select Permission Roles in the sidebar (under Data Access). This shows you all of the team permission groups in your organization.
To add a new permission role, click + Add permission role in the upper right.
Enter a name for the permission role, and select the permissions this role should have.
Click + Add users and select the Role users who should have these permissions.
Select which teams the Role users can access by clicking Restricted and then Set Teams.
Click the checkmark icon to save.
When users are granted access to a team via a Permission Role on this page, this permission role will be visible on the respective team's Permissions page, but it can't be altered there. You can control access to and edit multi-team permission roles only from the Permission Roles page.
Please note that when you add users to multi-team permission roles, it may take up to 30 minutes for the permission settings to take effect.
Creating Permission Roles for Full Access
To grant a select group of managers full access to all Tempo users, you can create a permission role to define their access. Full permission roles are intended in particular for your organization's upper management, such as your CEO and CFO, so that they can generate reports on Tempo data across your company.
To create full permission roles:
Go to Tempo Settings and select Permission Roles in the sidebar (under Data Access). This shows you all of the team permission groups in your organization.
To add a new permission role, click + Add permission role in the upper right.
Enter a name for the permission role, and select the permissions this role should have.
Click + Add users and select the Role users who should have these permissions.
Select Full, which gives the selected Role users full access to all Tempo teams and users.
Click the checkmark icon to save.
If you have the View Worklogs permission at the Full access level for a permission role, you can see all worklogs created by all Tempo users (even non-team members), regardless of the users’ Jira status: active, inactive, or deleted.
Managing Permission Roles
Since all teams' permission roles are displayed on the Permissions Roles page, it provides you with a powerful tool to manage and streamline permission roles across your organization. For example, if you see that the same permission role is shared across many teams, you can consolidate them all into a single role.
To manage permission roles:
Search by team name or permission role name using the search bar in the upper left.
Filter by user using the drop-down next to the search field.
Add or remove specific permissions for a permission role by checking or unchecking their boxes.
Add or remove users from a permission role by clicking on the user names in the Role users field, then adding or deleting users in the dialog box.
Â
Change the type of access for a permission role by toggling between Restricted and Full.
Add or remove teams included in a Restricted permission role by clicking on the team names in the Role access field, then adding a team or removing its access in the dialog box.
Â
Save all changes you made to a permission role by clicking the checkmark icon .
Delete a permission role by clicking the trashcan icon.
As noted above, when users are granted access to teams via the Permission Roles page, this permission role will be visible within the respective team's permissions page. However, it is only possible to control access and edit privileges for multi-team or full permission roles from within the Permission Roles page.