This article explains the key permissions that control system security, global account settings, business entities, and developer access in Deputy. It can help you select the appropriate permissions when creating a custom access level.
 

Before you read

• Target audience: This article is for users with System Administrator access.
• Plan restrictions: To check whether your plan includes custom access levels and permissions, see the Customization & Security section of our Pricing Plans.
• Feature update: Custom access levels has a new look in Business settings. This change is being gradually rolled out and will soon be available in all eligible Deputy accounts. If you're not on the new access level experience, go to Classic custom access levels and permissions (Discontinuing).
   

This article covers:

• Security and access permissions
  • View access levels and permissions
  • Manage access levels and permissions
• Account controls permissions  
  • Manage global settings
  • Manage kiosks and time clocks
  • Enable administrator privileges
• Business entity permissions
  • Create entity
  • Edit entity
• Developer access permissions  
  • Developer access
     

Security and access permissions

These permissions control who can view and change the account’s permissions structure. These are some of the most important settings in Deputy as they determine who can access and manage information across the platform.

Tip: When creating custom permissions for manager roles, consider whether they need view-only access to the permissions structure, or the ability to make changes. Many organisations limit Manage user access levels and permissions to their core System Administrators to keep access clear and controlled.

 View access levels and permissions

• If turned ON: Users can see all access levels in the business and the reporting structure within the company. This is a read-only permission and does not allow for any changes.
   
• If turned OFF: Users cannot see how access levels and permissions are configured.
   

 Manage access levels and permissions

Dependencies: Turning this permission ON will automatically enable the following permission: View access levels and permissions.

• If turned ON: Users can create, edit, or delete user access levels. They can also change the reporting structure and move around access levels within the management hierarchy.
   
• If turned OFF: Users cannot create, edit, or delete user access levels. 
   

Account controls permissions

These permission control system-level control permissions. They determine how Deputy behaves across locations and devices. 

Tip: If you're opening new work sites and setting up iPads for staff to clock in, you may want to assign Manage kiosks  access to location managers so they can authorize and troubleshoot devices on-site without relying on head office support.
 

 Manage global settings

Dependencies: This is a legacy setting that only applies to Enterprise plan accounts.

• If turned ON: The users can change and manage settings that apply to all locations.

• If turned OFF: Users cannot change or manage settings that apply to all locations.

   

 Manage kiosks and time clocks

• If turned ON: Users can set up, disable, and modify settings for Deputy Kiosks and Time Clocks at the locations they manage.
   
• If turned OFF: Users cannot set up, disable or modify any settings for Deputy Kiosks and Time Clocks.

 Enable administrator privileges

Note: This is the highest level of access possible in Deputy.

Dependencies: Turning this permission ON will automatically enable ALL user permissions. 

• If turned ON: Users have full control over all permissions, billing, and operational settings in the account.
• If turned OFF: Users are limited to their specific assigned permissions.

Business entity permissions

These permissions control who can manage your company’s business entity details in Deputy.

Tip: If your company operates under different legal names in different regions, those profiles may need to be set up in Deputy so payroll information is linked to the appropriate entity. To help keep records organized and consistent, many businesses restrict these permissions to Finance or Payroll leads, as they commonly manage payroll setup and entity information.
 

 Create entity

Note: This permission is typically reserved for the role that manages the overall group settings for the business across multiple entities in a multi-entity environment.

• If turned ON: Users can create a new business entity within HR Onboarding settings and Payroll, including assigning people to the default pay calendar for the entity.
   
• If turned OFF: Users cannot add new legal entities within HR Onboarding settings and Payroll. 
   

 Edit entity

• If turned ON: Users can update existing business entity details in Payroll, including tax IDs, legal address information, and payroll bank account details.
   
• If turned OFF: Existing entity details are locked and cannot be updated by the user. 

Developer access permissions

This permission controls who can use Deputy’s API and developer tools to build custom integrations.

Tip: This setting is typically assigned to technical users, IT staff, or authorised developers who need API access to connect Deputy with other systems. Changes made through the API can affect how certain features, such as timesheet exports, function, so it should be enabled with care.
 

 Developer access

• If turned ON: Users can create custom web applications and write scripts using the Deputy API. This includes viewing the DeXML scripts and creating new ones inside the Deputy tenant.
   
• If turned OFF: Users cannot access developer tools or generate API credentials.