Command Palette

Search for a command to run...

Log In
  1. Users
  2. Roles & Permissions

Roles & Permissions

Astalty has four user roles: Administrator, Manager, Team Member, and Support Worker. Each role has a default set of permissions. Some permissions marked with ⚙ can be customised per-user or per-role in your account settings.

There is also an Auditor role which is a read-only version of Team Member with access to user records and HR details.

Dashboard & Home

PermissionAdminManagerTeam MemberSupport Worker
Team Dashboard
Finance Dashboard✅ ⚙
Home Page

Tasks

PermissionAdminManagerTeam MemberSupport Worker
Task Board
View, Create, Update & Delete Tasks
Delegate Tasks✕ ⚙
Update Tasks Owned by Others
Reassign Tasks
View Task Invoices
Override Charge Price✅ (non-contractors)

Calendar

PermissionAdminManagerTeam MemberSupport Worker
View & Manage Events
Manage Calendar Events for Other Users✕ ⚙✕ ⚙
External Calendar Integration

Participants

PermissionAdminManagerTeam MemberSupport Worker
View All Participants✅ ⚙
View Assigned Participants (My Participants)
View Limited Participant Detail
Create Participants
Create Participants for Other Users
Update Participants
Delete Participants
Archive Participants
Update Coordinator
Update Information Items
View Participant Invoices✅ ⚙✕ ⚙✕ ⚙

NDIS Plans & Services

PermissionAdminManagerTeam MemberSupport Worker
View Plans & Services
Create Plans
Update Plans✅ ⚙
Delete Plans
Create Services✅ ⚙
Update Services✅ ⚙
Delete Services✅ ⚙
Implementations (full access)
Budgets (full access)

Participant - Goals, Alerts, Risks & Records

PermissionAdminManagerTeam MemberSupport Worker
Goals (full access)
Alerts (full access)View only
Risks (full access)
Records (full access)
Documents (full access)
Participant Tags - Create✅ ⚙✅ ⚙
Participant Tags - Update✅ ⚙✅ ⚙
Tags - Delete
Preferences✅ ⚙View onlyView only
Compatibility
Generate Templates
Sensitive Invoice Settings

eSignatures

PermissionAdminManagerTeam MemberSupport Worker
Access eSignatures Module✅ ⚙✕ ⚙✕ ⚙
Create Signature Requests✅ ⚙✅ ⚙✅ ⚙
Create for Team Members✅ ⚙
Manage Signature Requests for Others✕ ⚙
Delete Signed Requests✅ ⚙

Incidents

PermissionAdminManagerTeam MemberSupport Worker
View All Participant Incidents
View Scoped Participant Incidents
Create Participant Incidents
Update & Archive Participant Incidents
View Staff Incidents
Create Staff Incidents
Update & Archive Staff Incidents
Manage Incident CategoriesView onlyView onlyView only

Referrals

PermissionAdminManagerTeam MemberSupport Worker
View All Referrals
View Assigned Referrals
Create, Update & Archive

Feedback

PermissionAdminManagerTeam MemberSupport Worker
View All Feedback
View Assigned Feedback
Create, Update & Archive

Reports - Participants

PermissionAdminManagerTeam MemberSupport Worker
Utilisation
Plans
Birthdays
Participant Alerts
Participant Goals
Participant RecordsMy only
Participant Risks
Participant Documents
Participant Incompatibility

Reports - Team

PermissionAdminManagerTeam MemberSupport Worker
My Billable Hours
My Billables
My Billable Charges✕ ⚙
Team Billable Hours
Team Billables
User Records Report✅ ⚙
Capacity Report
Staff Birthdays

Reports - Finance

PermissionAdminManagerTeam MemberSupport Worker
Billable Charges Report✅ ⚙✅ ⚙
Staff Payments Report✅ ⚙

Reports - Tasks

PermissionAdminManagerTeam MemberSupport Worker
All Tasks Report
My Tasks Report

Reports - Sites

PermissionAdminManagerTeam MemberSupport Worker
All Sites Records Report
My Sites Records Report

Directory

PermissionAdminManagerTeam MemberSupport Worker
View, Create & Update Plan Managers
Archive Plan Managers
Bulk Reassign Plan Managers
Plan Manager TagsView only
View, Create & Update Organisations
View All Organisations✅ ⚙
Organisation TagsCreate & Update only
View All Contacts✅ ⚙
Create, Update & Delete Contacts

Resources

PermissionAdminManagerTeam MemberSupport Worker
View All Resources
Create & Update Resources
Resource TagsView onlyView only

Finance

PermissionAdminManagerTeam MemberSupport Worker
Access Finance Module✅ ⚙✅ ⚙
Direct Charges✕ ⚙✕ ⚙
Recurring Direct Charges✕ ⚙✕ ⚙
Staff Payment Batches✅ ⚙
Staff Payment Settings✅ ⚙
Cost Codes
Timesheet Batches✅ ⚙

Scheduling

PermissionAdminManagerTeam MemberSupport Worker
Access Scheduling Module✕ ⚙
View All Shifts✅ ⚙
View Own Shifts
Clock In/Out (if rosterable)
Report Unscheduled Travel
Create, Update & Delete Shifts✅ ⚙
Manage Shift Status✅ ⚙
Shift Approvals✅ ⚙
Shift Board✅ ⚙
Supports (full access)✅ ⚙
Group Supports✅ ⚙
Support Notes - Own
Support Notes - All✅ ⚙
Support Charges✅ ⚙✅ ⚙
Scheduling Costs✕ ⚙
Cancellation ReasonsView only ⚙
Charge Item SetsView only
Public HolidaysView only ⚙
Activities✅ ⚙
Pay Groups

Availability

PermissionAdminManagerTeam MemberSupport Worker
View All Availability✅ ⚙
Manage Others' Availability✅ ⚙
View Own Availability
Create Own Availability

Forms

PermissionAdminManagerTeam MemberSupport Worker
Manage Forms
Form Submissions
Form Submission Requests

Notes

PermissionAdminManagerTeam MemberSupport Worker
View Note Revisions
Edit Notes Created by Others

Documents & Templates

PermissionAdminManagerTeam MemberSupport Worker
Document Categories - Create✅ ⚙✅ ⚙
Document Categories - Update✕ ⚙✕ ⚙
Document Categories - Archive/Restore
Provider Document Templates
Note TemplatesView onlyView only

Notifications (Create & Manage)

PermissionAdminManagerTeam MemberSupport Worker
All Notification TypesView only
User Record Notifications

Exports

PermissionAdminManagerTeam MemberSupport Worker
Access Exports Module
Login History ExportOwner only

Chat

PermissionAdminManagerTeam MemberSupport Worker
Create & Manage Channels
Send Messages
Edit & Delete Own Messages
Delete Others' Messages
Message Managers✅ ⚙✅ ⚙✅ ⚙
Message Team Members✅ ⚙✅ ⚙✅ ⚙
Message Support Workers✅ ⚙✅ ⚙✅ ⚙

SMS

PermissionAdminManagerTeam MemberSupport Worker
SMS Inbox Access✅ ⚙✕ ⚙✕ ⚙

Sites

PermissionAdminManagerTeam MemberSupport Worker
View All Sites
View Managed Sites
Create & Delete Sites
Update Sites
Site TagsView only
Site Records
Site Record Types & NotificationsView only
Site Forms & Participants

Users & User Management

PermissionAdminManagerTeam MemberSupport Worker
View All Users
View Admin Detail
View Manager Detail
View Team Member Detail
Create Users✅ ⚙
Update Users
Delete Users
Restrict / Deactivate / Reactivate
Update Roles & Permissions
Manage Permissions for Admin Users✕ ⚙
Update User Groups
Update Own Details on Web
Update Bank Details✅ ⚙
Update Financial Details
Manage HR Details✕ ⚙
User Documents & Generated Docs✅ ⚙
User Notes✅ ⚙
User Records - OwnCreate onlyCreate onlyCreate only
User Records - Manage for Others✕ ⚙
Auditor Assignment
Disable Own 2FA

Settings

PermissionAdminManagerTeam MemberSupport Worker
View & Update Settings
Charge ItemsView onlyView list only
Information ItemsView onlyView only
User GroupsView list onlyView list only
TeamsView only, can be leader
Record Types (Participant & User)View onlyView only
Imports

Account Owner Only

PermissionAdminManagerTeam MemberSupport Worker
Billing & SubscriptionOwner only
API KeysOwner only
WebhooksOwner only
Self-Serviceable FeaturesOwner only
Update Account OwnershipOwner only
Manage 2FA for Other UsersOwner only
Update Own/Admin PermissionsOwner only

Other

PermissionAdminManagerTeam MemberSupport Worker
My Billable Hours Widget

Legend

  • = Access granted by default
  • = No access
  • = Configurable — this permission can be toggled on or off per-user or per-role in your account's permission settings.
  • Owner only = Restricted to the Account Owner

Configurable Permissions Reference

The following section explains what each configurable permission (⚙) does when enabled, including what additional features it unlocks. There are two types:

  • Per-user permissions — toggled individually for a specific user on their profile permissions page
  • Per-role permissions — toggled for all users of a given role under Settings > Permissions

Administrator — Per-User Permissions

These permissions can be toggled on or off for individual Admin users.

PermissionDefaultWhat It Does
Create UsersONAllows creating and inviting new users to the account. Also allows reactivating deactivated users. When disabled, the admin cannot add new team members. ↑ Matrix
User Records - Manage for OthersOFFAllows viewing and managing user records across all users, not just their own. Also unlocks: User Records Report, and the ability to create, update, and delete User Record Types in Settings. ↑ Matrix
Access eSignatures ModuleONGrants access to the eSignatures module. Also unlocks: creating, updating, and deleting signature requests; managing owned signatures; creating signatures for team members; and deleting signed requests. ↑ Matrix
Manage Signature Requests for OthersOFFAllows viewing and managing signature requests created by other users. Requires: eSignatures access must also be enabled. ↑ Matrix
Access Finance ModuleONGrants access to the Finance module. Also unlocks: Finance Dashboard, Staff Payments module, View Participant Invoices, Update Bank Details, Billable Charges Report, Staff Payment Batches and Settings, and Timesheet Batches. ↑ Matrix
Direct ChargesOFFAllows creating and managing direct charges and recurring direct charges. Requires: Access Finance Module must also be enabled. ↑ Matrix
Manage HR DetailsOFFAllows viewing and managing HR details for users. Also unlocks: User Documents & Generated Docs, and User Notes. ↑ Matrix
Manage Calendar Events for Other UsersOFFAllows creating and managing calendar events on behalf of other users. ↑ Matrix
Manage Scheduling CostsOFFAllows managing scheduling cost items and site cost items. ↑ Matrix
Manage Permissions for Admin UsersOFFAllows editing the roles and permissions of other Admin users. The Account Owner's permissions can never be edited. ↑ Matrix
SMS Inbox AccessONGrants access to the two-way SMS inbox. Requires: the SMS feature must be enabled for your account. ↑ Matrix

Manager — Per-User Permissions

These permissions can be toggled on or off for individual Manager users.

PermissionDefaultWhat It Does
Access Finance ModuleONGrants access to the Finance module. Also unlocks: Finance Dashboard, Billable Charges Report, and View Participant Invoices (if also enabled at role level). ↑ Matrix
Access eSignatures ModuleOFFGrants access to the eSignatures module and the ability to create and manage their own signature requests. ↑ Matrix
Access Scheduling ModuleOFFGrants access to the Scheduling module. Also unlocks: View All Shifts, Create/Update/Delete Shifts, Manage Shift Status, Shift Approvals, Shift Board, Supports and Group Supports (full CRUD), Support Notes - All, Support Charges, Cancellation Reasons (view), Public Holidays (view), Activities, View All Availability, and Manage Others' Availability. ↑ Matrix
Direct ChargesOFFAllows creating and managing direct charges and recurring direct charges. Requires: Access Finance Module must also be enabled. ↑ Matrix
Manage Calendar Events for Other UsersOFFAllows creating and managing calendar events on behalf of other users. ↑ Matrix
SMS Inbox AccessOFFGrants access to the two-way SMS inbox. Requires: the SMS feature must be enabled for your account. ↑ Matrix

Manager — Role-Level Permissions (all Managers)

These permissions apply to all Manager users and can be toggled under Settings > Permissions.

PermissionDefaultWhat It Does
Document Categories - CreateONAllows all Managers to create new document categories. ↑ Matrix
Document Categories - UpdateOFFAllows all Managers to update existing document categories. ↑ Matrix
Participant Tags - CreateONAllows all Managers to create new participant tags. ↑ Matrix
Participant Tags - UpdateONAllows all Managers to update existing participant tags. ↑ Matrix
View Participant InvoicesOFFAllows all Managers to view invoices on participant profiles. ↑ Matrix

Team Member — Per-User Permissions

These permissions can be toggled on or off for individual Team Member users.

PermissionDefaultWhat It Does
View All ParticipantsONWhen enabled, the user can see all participants. When disabled, they can only see participants assigned to them. Also affects: participant alert, goal, and risk reports for all participants; plan manager participant visibility; organisation participant visibility; and contact participant visibility. ↑ Matrix
Delegate TasksOFFAllows the user to delegate tasks to other users. ↑ Matrix
Access eSignatures ModuleOFFGrants access to the eSignatures module and the ability to create and manage their own signature requests. ↑ Matrix
Update PlansONAllows the user to update participant NDIS plans. ↑ Matrix
Update ServicesONAllows the user to update participant plan services. Note: creating and deleting services can also be restricted at the role level for all Team Members. ↑ Matrix
My Billable ChargesOFFAllows the user to view their own billable charges report under Reports. ↑ Matrix
SMS Inbox AccessOFFGrants access to the two-way SMS inbox. Requires: the SMS feature must be enabled for your account. ↑ Matrix

Team Member — Role-Level Permissions (all Team Members)

These permissions apply to all Team Member users and can be toggled under Settings > Permissions.

PermissionDefaultWhat It Does
View All ContactsONAllows all Team Members to view all contacts in the directory. When disabled, they cannot browse the contacts list. ↑ Matrix
View All OrganisationsONAllows all Team Members to view all organisations in the directory. When disabled, they cannot browse the organisations list. ↑ Matrix
Create ServicesONAllows all Team Members to create new services under participant NDIS plans. ↑ Matrix
Delete ServicesONAllows all Team Members to delete services from participant NDIS plans. ↑ Matrix
Document Categories - CreateONAllows all Team Members to create new document categories. ↑ Matrix
Document Categories - UpdateOFFAllows all Team Members to update existing document categories. ↑ Matrix
Participant Tags - CreateONAllows all Team Members to create new participant tags. ↑ Matrix
Participant Tags - UpdateONAllows all Team Members to update existing participant tags. ↑ Matrix
View Participant InvoicesOFFAllows all Team Members to view invoices on participant profiles. ↑ Matrix
View Other Team Members' CalendarsOFFAllows all Team Members to view other team members' calendars. ↑ Matrix
View All Notes and TasksONAllows all Team Members to see every note and task across the organisation. When off, visibility falls back to the user-group option below. ↑ Matrix
View Notes and Tasks for Their User GroupONWhen "View all notes and tasks" is off, also lets Team Members see notes and tasks owned by others in their user group. ↑ Matrix

Other Configurable Permissions

PermissionDefaultWhat It Does
Disable Own 2FA (all roles)Controlled by a provider-level setting, not per-user. When the provider allows users to disable their own 2FA, all users of any role can do so. Account Owners can always disable their own 2FA. ↑ Matrix
Message Managers / Team Members / Support WorkersONPer-role override controlling which roles a user can send direct messages to (Managers, Team Members, and/or Support Workers). Defaults to ON for all messaging targets. ↑ Matrix