User Role - Restrict access to specific Settings
Ability to customise user roles to restrict some access in Xero.
Purpose: Some staff should only have limited access in Xero.

Hi everyone, we appreciate all your feedback on how we could evolve roles for customers using Xero. As you can see through the ideas on the platform, there are a wide range of combinations of permissions our customers want to see us build. As user roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs.
We’re beginning to conduct research on the current landscape and how we might approach some of the most predominant needs in roles for our customers. Front footing this, the discovery of this work will be long winded and there will be multiple phases of research and forms of engagement with users that’ll help shape the path ahead in this space.
We’d like to invite you, our community to be part of this research and discovery. This may involve interviews and sharing further feedback through direct surveys or questionnaires.
✍️ If this is something you’d be interested in taking a part of please fill in our short form here.
Though we won’t be able to invite everyone into every stage, our research team will be in touch with many of you over the coming months.
We will be back to share on the outcomes of our research and any progress around development of roles in Xero.
-
Leanne Fromont commented
I think Xero's approach should be, "Where can we make access available now?" It should also be a table of selectable access that gives the owners the decision on what access they need for their staff, rather than creating pre-defined roles.
I understand that software functionality creates restrictions for flexibility, but I have worked with many different software platforms that do this well. -
Stuart Mohamed commented
@Chris Fox - I hadn't condsidered the security issues in the manner you describe to be honest but now you mention it, it is inconceivable what might happen if an employee goes 'rogue'.
-
Chris Fox commented
We need to be able to restrict the users who can make changes to the branding themes (invoice templates). If users are not authorised to update supplier bank details, then they should not be authorised to add/edit bank details on the .docx templates either. This represents an unacceptable risk, as incorrect bank details could be added, leading to customer payments being diverted.
Furthermore, there is no audit trail of changes to the templates, so a user could temporarily change them and then reinstate the originals without leaving any trace.
-
Michelle Bertucci commented
Variable user restrictions on bank accounts is vital to privacy within our business.
-
Anthony Jelich commented
I need the ability to limit the bank accounts which are visible to users. Some staff only need access to our trust account transactions, others doing accounts receivable only need access to our deposit account. Currently it appears to be all or nothing and I don't need every employee I have knowing all of my business.
-
Helen Shadbolt commented
Please enable ability to restrict the Invoice Only-->Sales role from being able to approve and send invoices. This should be a simple tick box like ability to lodge BAS. I need staff to be able to access any invoice created (not just their own) but the only option then is to enable full access to approve and send invoices which can be a disaster. The placement of the 'save and close' and 'approve and send' buttons do not help this situation.
-
Emma Hards commented
We need to block invoice only users from creating contacts, I do not have the time to keep housekeeping hundreds of contacts that lower level staff are creating, I have no control over this.
-
Sue Griggs commented
Hello I would like my assistant to access vendor reports and customer reports but not the balance sheet or other reports as this has cause our company problems where they can see what other people get paid
Xero needs to be more flexible with permissions, this needs to be actioned fast as my assistant can not do half of her job and would look at moving away from Xero for all of our companies. -
Leisa Sheath commented
I would like to see more options in user access.
Payroll not just Admin or not. Example need admin access but not all the emails like timesheet approvals.
If you have multiple users doing similar work but not all you should be able to give partial access (not just in Payroll)
-
Campbell Green commented
Hi everyone,
I understand that many of you are facing challenges with Xero's current permissions settings, especially when it comes to restricting access to specific bank accounts or transactions. While Xero may not have an immediate solution for these issues, I wanted to let you know that Control-C might be able to help.
As an add-on partner for almost 10 years, Control-C has developed a platform that can surface the required access to view-only data that your team members need to do their job. This ensures that sensitive information, such as staff wages and bonuses, remains confidential while allowing your colleagues to perform their roles effectively.
Having worked at Xero, I appreciate the complexities involved in retrofitting features into an established system. It's a challenging task, and I understand why some features might not be available yet. Our goal at Control-C is to provide you with the tools you need to manage your financial data securely and efficiently, complementing Xero's capabilities.
If you're interested in learning more about how we can help, please feel free to reach out to us through the Xero app store or the Control-C website.
Best regards,
Campbell Green
control-c.com -
Stuart Mohamed commented
@Luke Abbott - 368 days since last update
-
Ritesh Kapadia commented
My new companies are setup in Quickbooks Online because of this issue. QBO has much better roles defined. GAAP is not possible with the current roles that Xero has, putting customers at risk.
-
Luke Abbott commented
@Kelly Munro, isn't it about time for an annual update? We're eleven years into this version of an idea for customisable user roles, and a week away from there being a full year of radio silence.
Xero just need to get a grip on some of these basic software functions.
-
Charlotte Woodbridge commented
I am in exactly the same situation as Stuart Mohamed! Reconciling customer payments (deposit summaries) is causing a huge problem, as the owner of the business I should not have to perform this task myself but am left with no choice as the permissions do not allow for any other way.
-
Stuart Mohamed commented
Just wanted to add my thoughts on here to the many that have taken the time already to provide feedback.
The level of flexibility in this area is seriously behind
i) customer expectations/requirements and
ii) Xero's competitorsIn my example, I have a colleague who reconciles customer and supplier payments. This is a key area of her role, which she carries out to a high standard. However, with permissions settings as they currently stand, she also has access to other bank payments such as staff wages/bonuses/petty cash claims etc which are private and confidential.
My only option as it stands is to reduce her user rights, but by doing this I would be removing access to the very things she needs to do her role. It's an impossible situation.
In my opinion, Xero would do very well to allocate resources looking at it's competition to understand how they can roll out greater depth to the user rights/access options like for example Quickbooks.
-
Darleen Cai commented
please have specific permissions for users, i.e., they can draft the bills, POs, but cannot self approve it. it's very hard to detect... thank you!
-
Anh Nguyen commented
How can we add 'permission feature' to specific users especially at Standard level (junior account staff) who would not have ability to delete/void repeating invoices or single invoices or any transactions related in our accounting system without prior authorisation/approval from their supervisors.
Would there be an app that can connect to our Xero subscription and provide notification at the back end perhaps. We can not keep reconciling manually at repeating invoices level if we are looking after a significant amount of invoices -
Cathy Ely commented
Is there an update on this facility?
-
Hannah Terry commented
PLEASE create greater options with user access! I'm actually quite shocked that this is not already a function!
The fact that I may have an employee doing my books who can see my entire business and all of my bank account balances or basically nothing at all is quite ridiculous. This is NOT supportive of small - med sized businesses in my opinion. Especially in small towns!
It should be completely customizable down to which bank accounts can be seen and which reports can and cannot be run.
despite the simplicity of this I have little to no hope of this being done however if it has not been already.
We will be considering swapping to another platform that will support this functionality asap. -
Henry Khoo commented
To limit a user access to manage (create and update) the tracking categories in the Xero, but cannot have the visibility on the bank accounts details.
Current system behaviour:
I tested to give invoices only access. but the user reported that cannot access tracking categories.And if provide standard access, by default accounts will be visible.