If you have multitenancy enabled on your site there are two additional roles available. These two roles can be assigned to users within tenants.
Tenant Domain Manager: This user can create content and audiences within the tenant and customise the tenant theme
Tenant User Manager: This user can manage other users within the tenant, including adding and deleting users and resetting passwords
Capability summary
The drop down below lists the standard capabilities for the Tenant Domain Manager and the Tenant User Manager. These capabilities can be viewed by going to the Quick-access menu > Permissions > Capability overview.
Tenant Domain Manager
Capabilities |
|---|
Access samples page |
Access any program |
Access the performance activities management interface |
Add and remove audience members |
Add content marketplace |
Administrate all workspaces |
Audit program messages |
Clone Program |
Clone existing workflows |
Configure certification |
Configure certification details |
Configure program assignments |
Configure program content |
Configure program messages |
Create Approval Workflow |
Create certification |
Create courses |
Create hidden workspace |
Create performance activities |
Create performance activities |
Create playlist |
Create private workspace |
Create programs |
Create resource |
Create survey |
Create workflows |
Create workflows from templates |
Create workspace |
Create, delete and move audiences |
Create, edit and delete report builder reports |
Delete certification |
Delete programs |
Delete survey |
Edit program details |
Handle program exceptions |
Hide/show programs |
Join a public workspace |
Manage API client settings |
Manage API clients |
Manage audience-based visibility |
Manage categories |
Manage comment notifications |
Manage form plugin lookup tables |
Manage inappropriate content |
Manage theme settings |
Manage workflows |
Move applications to a different workflows |
Override export formats at report level |
Remove playlist |
Request to join private workspace |
Save workflows as templates |
See hidden categories |
Share playlist |
Share resource |
Share survey |
Unlink playlist |
Update survey |
View API documentation |
View archive |
View course overview report |
View hidden certifications |
View hidden programs |
View participants in tenant domain |
View workspaces |
Tenant User Manager
Capability Name |
|---|
Create tenant users |
Upload tenant users |
View tenant details |
Delete users |
Edit user messaging profile |
Edit user profile |
Manage user logins |
View user full information |
View hidden details of users |
View user last ip address |
Assign roles to users |
Review permissions for others |
View and manage engage resources and surveys |
View report for the most engaged users |
View workspaces engagement and activity |
View report for the most engaging content |
View playlists engagement report |
See full user identity in lists |
Note, on new Totara sites Tenant Domain Managers will be able to use report builder by default, but if you have upgraded from an earlier version of Totara you will need to assign the totara/reportbuilder:managereports capability to the Tenant Domain Manager role.
To highlight the key differences between the tenant roles:
The Tenant User Manager is focused on user lifecycle management, such as creating, updating, or deleting user accounts within their tenant and assigning roles.
The Tenant Domain Manager has broader access across the tenant domain, including content configuration, report visibility, and dashboard management.
Next steps
The Totara Academy has a whole course dedicated to using Multitenancy in Totara. Here you can learn more on how to set up and use tenants, see best practice, and give it a go yourself.
Join the Totara Community for more resources to help you get the most out of Totara.
© Copyright 2025 Totara Learning Solutions. All rights reserved.