User Role - Restrict access to specific Settings
Ability to customise user roles to restrict some access in Xero.
Purpose: Some staff should only have limited access in Xero.
Hi everyone, we appreciate all your feedback on how we could evolve roles for customers using Xero. As you can see through the ideas on the platform, there are a wide range of combinations of permissions our customers want to see us build. As user roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs.
We’re beginning to conduct research on the current landscape and how we might approach some of the most predominant needs in roles for our customers. Front footing this, the discovery of this work will be long winded and there will be multiple phases of research and forms of engagement with users that’ll help shape the path ahead in this space.
We’d like to invite you, our community to be part of this research and discovery. This may involve interviews and sharing further feedback through direct surveys or questionnaires.
✍️ If this is something you’d be interested in taking a part of please fill in our short form here.
Though we won’t be able to invite everyone into every stage, our research team will be in touch with many of you over the coming months.
We will be back to share on the outcomes of our research and any progress around development of roles in Xero.
-
Jacco du Toit commented
Unfortunately, many other cloud-based systems are one ahead of Xero in this area.
Xero's user access settings are EXTREMELY limited. Other systems offer the basic requirement to set user access at a granular level. This is a basic requirement in.
A good starting point is to focus on the reports. The way the access settings are structured is manageable to a lesser degree, but without the ability to limit access to reports, it is then impossible to effectively manage user access.
For example, a user with "Invoice Only" rights may need limited access to reports, but this level does not allow any access to reports.
Or, a user with "Standard" access rights may not be allowed to process invoices or bills since the user is processing the cashbook, but this profile allows access to both. This is a general internal control risk. YOU, being Xero, realises that you are providing a system with INTERNAL CONTROL RISKS.
I truly hope that these requests are being considered with high priority.
Jacco du Toit
-
Rebecca Jones commented
There is also no need for the staff member to be able to access the bank accounts, again, she should not be privy to this information.
Xero, please sort this as a priority.
-
Rebecca Jones commented
This is crucial and I'm surprised that it's not already possible. We have a staff member who needs to be an Adviser as she does reports etc but then there is no way of stopping her from gaining access to staff wages via contacts which she should not be privy to. It would be good to have an option to be able to restrict/hide access to some contacts.
-
Ethan Edwards commented
This is critical to us and many clients are being put off of using Xero due to it not having this feature.
I need staff to be able to run reports etc. but not have visibility of the bank (particularly other employees wages).
This should surely be a priority.
-
Rosario Mancuso commented
I agree with this idea. Currently, we're having to duplicate projects so that our employees don't see how many hours we have estimated per task they have been assigned to. Please make it so that we can further filter what each user has access to.
-
Sophia Humphreys commented
We need an employee who runs lots of budget accounts to be able to log in and see what is spent in cost of sales under all the different tracking codes.
This would help them organise the budgets better and see what is spent and what is outstanding.
They don’t need to see sales or overheads or bank feeds.They should also be able to set a budget for that tracking code if possible.
-
Sarah Treweek commented
Users that can invoice out, view supplier invoices, and do general acccounts "data entry" actions without the ability to view the company bank feeds, this needs to be sensitive data for higher level users!!
-
Pitcher Partners commented
One of the expense claim approvers for an organisation needs to have his expenses approved by the other approver. This is not possible - currently Xero does not require that he gets any approval. If I update his access to Submitter, then he is unable to approve the other employees expenses. Would greatly appreciate this feature being added.
-
Paul Wright commented
This is totally critical to any growing business. Segregation of duties is essential
-
Jackie Wright commented
To my horror, I have just "accidentally" discovered that all purchasing staff have access to see payments made all employees, via contacts. They don't even have to have a level of access as high as standard user, just access to purchases within the invoice level. I am horrified. As an absolute minimum this should be explained alongside the tick box in the permissions screen. In my mind, only users with access to payroll should have any way of seeing this incredibly sensitive, and what should be confidential, information. It is bad enough that the user roles are so unrefined, but having access to certain payroll information, hidden behind a "purchasing" façade is beyond belief. To clarify, I opened up a support case and a Xero representative has confirmed that this is, indeed, the case.
-
Aaron Brown commented
Agree on this - needs to be a lot more functionality put into Xero around this - in Sage you can drill right down to specific pages and tabs within a module for a user, rather than just having an overall category for a user role, it needs to be much more customizable.
-
Alison Gunn commented
I Would like to be able to give access to someone doing my invoicing the ability to update/edit products and services for invoicing without giving them access to bank accounts purchases etc
-
Elaine McKilligan commented
I would like to be able to give clients full access to create sales invoices, send statements etc but have read only access to everything else. This means they can deal with their invoicing but cannot interfere with anything else (where we do the book-keeping).