Question

What are the different user roles in TenderBoard and what permissions does each role have?

Answer

TenderBoard uses a role-based access control (RBAC) system to manage what users can see and do within the platform. Understanding these roles is essential for setting up your organization correctly and ensuring users have the right level of access.

Standard User Roles

TenderBoard has four standard roles available to all organizations:

1. Buyer Admin

Purpose: Full administrative control over the organization's TenderBoard settings.

Key Permissions:

  • Access to the Management menu to configure all modules and settings
  • View all transactions within the organization, regardless of involvement
  • Manage users, approval workflows, forms, budgets, contracts, and reports
  • Configure supplier management and payment gateway settings
  • Set up organization-wide settings and integrations
  • Can be placed in approval workflows

Cannot do: Initiate Purchase Requests or Direct Invoices (unless also assigned the Purchaser role)

2. Purchaser

Purpose: Create and submit procurement requests and invoices.

Key Permissions:

  • Create Purchase Requests
  • Create Direct Invoices
  • Can be placed in approval workflows

Viewing Access: By default, purchasers can only view transactions they created or are involved in through the approval workflow. They cannot view all organizational transactions.

Cannot do: Access the Management menu or configure system settings

3. Approver

Purpose: Review and approve transactions as part of approval workflows.

Key Permissions:

  • Can be placed in approval workflows to review and approve transactions
  • Access is granted through the approval workflow designer
  • Can only view transactions where they are part of the approval chain

Note: The Approver role has no inherent system permissions. All rights are granted through being assigned to approval workflows.

4. Manager

Purpose: Similar to Approver, used for organizational hierarchy in workflows.

Key Permissions:

  • Can be placed in approval workflows
  • Access is granted through the approval workflow designer

Note: The Manager role has no inherent system permissions. All rights are granted through being assigned to approval workflows.

Advanced Access Control Roles

Organizations with the Access Control List (ACL) functionality have access to two additional roles for more granular permission management:

5. Master Admin

Purpose: Control and delegate administrative permissions.

Key Permissions:

  • Access to the Access Control List (ACL) page
  • Assign specific menu access rights to Buyer Admins and Sub-Admins
  • Control which administrative functions different users can access
  • Can be placed in approval workflows

Use Case: Organizations that want to delegate certain administrative tasks without giving full Buyer Admin access to all users.

6. Sub-Admin

Purpose: Perform specific administrative tasks as delegated by Master Admin.

Key Permissions:

  • No default permissions
  • Permissions are granted by Master Admin through the ACL page
  • Can be assigned specific menu access (e.g., only Supplier Management, only Budget Management)
  • Can be placed in approval workflows

Limitation: Even with User Management rights, Sub-Admins cannot update the user roles of Buyer Admins or other Sub-Admins. Only Master Admins can do this.

Role Permissions Comparison Table

Permission Buyer Admin Purchaser Approver Manager Master Admin* Sub-Admin*
View all organizational transactions
Access Management menu ❌**
Can be placed in approval workflows
Initiate Purchase Requests and Direct Invoices
Assign menu access in ACL
Can be assigned menu access in ACL

* ACL-enabled organizations only

** Sub-Admins can access specific Management menu items only when granted by Master Admin via ACL

How to Assign or Change User Roles

Adding a New User

  1. Navigate to Account tab in the main menu
  2. Click the Add button
  3. Fill in the required information:
    • Name and email address
    • Select one or more roles from the available options
    • Assign approval chains (optional)
    • Set department (if applicable)
  4. Click Save to create the user
  5. The system will send credentials to the user's email address

Editing an Existing User's Role

  1. Navigate to Account tab
  2. Find the user in the list
  3. Click on the user's name or the edit icon
  4. Update the role assignments
  5. Click Save to apply changes

Note: Users can be assigned multiple roles. For example, a user can be both a Buyer Admin and a Purchaser, giving them both administrative access and the ability to create purchase requests.

Deactivating Users

  1. Navigate to Account tab
  2. Find the user in the list
  3. Click the deactivate option
  4. Confirm the deactivation

Deactivated users cannot log in but their historical data remains in the system.

Understanding Viewing Permissions

By default, users can only view transactions they are directly involved in. Direct involvement means:

  • The user created the Purchase Request or Direct Invoice, OR
  • The user is in the approval chain and has completed or is currently completing their assigned step

Users who can see transactions they're not directly involved in:

  1. Buyer Admins - Can view all organizational transactions automatically
  2. Users actively covering another user - Can view transactions of the user they're covering
  3. Users granted viewing rights via ACL - Can view specific users' or departments' transactions

Best Practices for Managing User Roles

1. Apply the Principle of Least Privilege

Only assign users the minimum roles they need to perform their job functions. Don't make everyone a Buyer Admin just for convenience.

2. Use Multiple Roles When Appropriate

Many users will need multiple roles. For example:

  • A procurement manager might be: Buyer Admin + Purchaser + Approver
  • A department head might be: Approver + Manager
  • A regular staff member might be: Purchaser only

3. Leverage ACL for Complex Organizations

If you have a large organization where different admins manage different areas (e.g., one admin for budgets, another for suppliers), consider enabling ACL functionality to create Master Admins and Sub-Admins.

4. Document Your Role Assignments

Keep track of which users have which roles, especially for Buyer Admins and Master Admins who have elevated permissions.

5. Regular Audits

Periodically review user roles to ensure:

  • Former employees are deactivated
  • Users who changed positions have appropriate updated roles
  • No users have excessive permissions they don't need

6. Use Departments for Organization

Assign users to departments to make it easier to:

  • Filter and search for users
  • Grant viewing permissions by department
  • Run department-specific reports

Multi-Entity Considerations

If your organization uses TenderBoard's multi-entity functionality (multiple organizations or sub-entities):

  • Each user can only belong to ONE parent organization
  • Users can be assigned access to multiple entities within that parent organization
  • Role assignments can differ per entity (e.g., Buyer Admin in one entity, Purchaser in another)
  • Workflows and forms are not shared across entities
  • Master Entity Buyer Admins (MEBA) can create cross-entity reports and manage cross-entity functionality

Common Questions

Can a user have multiple roles?

Yes. Users can be assigned multiple roles, and this is often necessary. For example, a Buyer Admin might also need the Purchaser role to create purchase requests.

What happens when I change a user's role?

The change takes effect immediately. The user will gain or lose permissions based on their new role assignment. They may need to log out and log back in to see the full effect.

Can I create custom roles?

No, TenderBoard uses predefined roles. However, organizations with ACL functionality can create custom combinations of permissions using the Sub-Admin role.

Who can see all transactions in the organization?

Only Buyer Admins can view all transactions by default. Other users can only see transactions they're directly involved in, unless granted specific viewing permissions.

How do I give someone admin access to only one area (e.g., only supplier management)?

This requires the Access Control List (ACL) functionality. You would:

  1. Create a Master Admin role
  2. Assign the user as a Sub-Admin
  3. Have the Master Admin grant specific menu access (e.g., Supplier Management) to the Sub-Admin via the ACL page

What's the difference between Approver and Manager roles?

Functionally, they are the same in terms of system permissions. Both roles are primarily used for workflow assignments. Some organizations use different role names for clarity in their approval hierarchies (e.g., "Manager" for supervisors, "Approver" for finance controllers).

Need More Help?

If you need assistance with user role management:

  • Buyer Admins: Contact your organization's TenderBoard administrator
  • Administrators: Email support@tenderboard.biz or use the in-platform support chat
  • For ACL functionality: Contact your TenderBoard account manager to enable this feature

Related Articles

  • Setting Up Approval Workflows
  • Managing Users in Multi-Entity Organizations
  • Configuring Access Control List (ACL)
  • Understanding Viewing Permissions and Coverage