Enter your idea

We would like to see a feature to restrict invoice and bill approvals, so the user only has the option to submit for approval.
Not having this feature is a major financial security issue because bills and invoices can skip the approval process if the person creating them has the option to approve them.

This is a message directly from my client....We were able to access reports in Sage and there is an expectation to do the same thing in Xero.
Are we the only ones who ask for this reporting functionality without having to see bank account?
Is it unreasonable to request this functionality from Xero, in the immediate future?

We are reaching out to seek clarification and assistance regarding the governance of user settings within our Xero system.
Restricting user access in Xero is essential for data security, ensuring compliance with regulations and protecting sensitive financial information. It allows organizations to align access with specific roles, minimizing risks of unauthorized exposure. This control is especially important when collaborating with external auditors, enabling them to work effectively without compromising sensitive data like bank balances. Proper access management also supports audit readiness by creating clear trails and demonstrating robust user permission controls.

I vote for this BIG TIME

like with most systems the idea of preset permissions is always essential but there should be an advance menu where Xero experts can modify and customise roles. For example my team are allowed to draft invoices and quotes. But this means they cannot print the quotes to look nice for Clients. And if they are granted "approval" they basicalyl get full access to my bank account which I do not want. Needs to be set inbetween for senior management who arent members of the board

The ability to change the company settings should be restricted. Currently it is available in the advisor and standard user settings. We should be able to turn user permissions on/off for this. As I discovered yesterday anyone with an advisor or standard user role can change the company bank details on an invoice, send the invoice and then put the old bank account back in. A major security issue here!

I didn't have to scroll far to find someone else with exactly my scenario. I'd like to incorporate my payroll account but filter it so that only certain users can see the balance and reconcile it. Hope you can add this feature as it would make life so much better.

I think this has already been mentioned, but we have a client that would like to hide payroll payments from certain staff members, but to have them still able to generally balance the bank. If it could be a case of choosing which banks staff had access to, this would solve the issue as they could use a separate bank account.

Why Xero is fixing something that's working so well eg the current invoicing interface and come up with this new template that's is irritating me like crazy when i have to manually key in the additional email address when I want to send it to additional members of the team? Why dont you fix the user restriction issue thats irritating so many of us instead?

Hello,
Regarding access roles. We have API imports into Xero from our management software but this can only be achieved by a high level user with advisor or standard. We have multiple staff that we do not want having access to all the data but need permission to authorize a product update, customer update or just import invoice details. This isn't achievable at present and is a lot of duplicate work.

Please can this be rectified so under the standard role you can pick and chose what access you want to give to staff members to best achieve their role

Hello,

In relation to user permissions, Xero should consider implementing a more flexible system for user restrictions. Currently, we have a significant number of staff who are responsible for creating sales invoices. However, these users also require access to edit templates. Unfortunately, with Xero's current limited user permission options, the standard permissions not only allow them to edit templates but also provide access to bank accounts, which is not ideal.

It would be highly advantageous to introduce an option to remove bank account access from the standard role, allowing for more specific user restrictions without compromising essential functions like editing templates.

Hi Gary, Just to reply to your comment as we relate to it.

We just made the move from MYOB Account Right to Xero at the start of the new financial year and starting to think it is the biggest business mistake we have made. While we tried and tested the core product - many teething issues have popped up. We are considering moving back to MYOB because of this core issue.

Hi.

Can I ask if there has been any updates with regard to user roles within XERO.

I have been complaining about this since I moved over to XERO which in hindsight was probably the biggest mistake I've ever made in my 35 years in business.
As mentioned in other posts, if the access rights were fixed within XERO you would have an exceptional product. As it stands its sub standard and not really fit for purpose. Fine for a one man band but nothing else.

Its a shame that the money spent on advertising couldn't be put to better use by fixing the problems raised by your employers which are the paying users !

Dear Xero Support Team,

We are encountering challenges related to segregation of duties within Xero, particularly concerning user access rights and the number of journal entries passed. Our internal audit team has raised concerns about this issue. While we have implemented manual controls to mitigate risks, the current system does not adequately support segregation of duties.

We would appreciate any guidance or solutions you could provide to address this concern.

Thank you for your assistance.

I need to add an employee to do the bank reconciliations for me, without all the other access that the 'standard' user permissions gives

Its a simple add on to the 'invoice only' permissions. The system seems to restrictive as currently setup.

Some of our clients needs staff to have access to reporting, Inventory, etc. but not the bank. If we can separate the access and viewing to the bank.

I would like to see option for users given access to chosen bank accounts as opposed to default where they can see all bank feeds. This is critical. We have a separate account for payroll which I would like users not to see. Thanks

I want users to be able to manage discreet P&Ls within Xero, without seeing other people's P&L. Don't care how this is implemented, but I did make a suggestion in a separate chain that it could be done via tracking. e.g. tracking category for each, say, shop P&L. Each shop manager can only access data that is coded to his shop's tracking code.

Limiting bank account access/visability surely has to be the big one?

I'm an accountant with one employee using ledgers to produce financials for a number of clients. Ledger subscriptions that restrict accees to reporting to one user only are an expensive frustration. I either need to give them my credtentials to use to prepare those financials, or I need to upgrade to a subscription that costs 3 times as much