Enter your idea

Restricting user access to Invoice Only permissions should definitely not allow them to see any financial information, including You Owe data. Maybe have the contacts as restricted, but only visible to create invoices and quotes when drafting them.

Business critical disaster! - I have added users to allow them to draft invoices only (the lowest level access possible). They cannot see bank accounts BUT, if I have drafted their collegues wages as a bill that is "Awaiting Payment" THEY can see it by looking at their collegue as a contact and reading across the "You Owe", "They Owe" coloumns.....this has created a catastrophe. WHY do they see what the business "owes" a contact?????? Law suits pending

100% needed. I want someone to be able to send remittances for payments made but this can only be done if they have access to all the bank accounts and reports.

It would be good if access to the details contained within nominals that contain sensitive info such as wages, could be restricted for certain users within an organisation. You may want somebody to be able to post bills/invoices but not be able to see private salary information or bank balance levels for example.

I want to restrict users Applying Payments and at the same time they can see that reports, balances, etc..

We have users set up with various access, the sales team need to have access to add/edit quotes and invoices, along with customer records and tracking categories - they seem to be able to add/edit new clients but not new tracking to match the clients for reporting needs, why does user access need to change - any suggestions?

Absolutely critical.

Sales staff need access to monitor overdue customer accounts, without having access to view bank account and supplier information.

Xero needs to work on fixing these issues. I have clients that want to give their employees the ability to enter supplier bills and issue the payment and print the checks. However a USERS cannot print a check unless they have access to all the reports, including all the financial reports, Profit and Loss, Balance sheet, etc. My clients have had to give USERS access to ALL the companies financial data and ask the USER not to look at the financials, very unprofessional and problematic. This is especially frustrating because we were told by Xero the parameters were built in and we would not have this issue. Xero has great software and it's unfortunate but my clients are looking into moving to Quickbooks.

Payroll reports are restricted but unfortunately a standard user can run wages & salary in account transactions report, please limit the accounts visibility.

This is linked to Idea: User Role - Restrict access to individual bank accounts, which has also been around for some years!
Xero have admitted they have not been ready for larger organisations, but if that's the case it doesn't make sense that they keep on advertising - unless they are hoping that companies who are NOT a sole trader will give up with them & they can just have lots of sole traders who won't need the same functionality....................
Generally I like the software, but get very frustrated at their lack of communication & disinterest in their customers' needs.

Voting in favour of filters, for incoming balances only

Hey Dave 😁

It is not currently possible to limit a user when they are reconciling, so they only see incoming payments 👍.

However this is a request that's already been raised with us and I've found an idea that's similar to what you’re suggesting in our Xero Product Ideas. Xero Product Ideas is a Xero website where our customers can share and support ideas for change. You can click 👉here 👈 to add your vote on the product idea.

Collapse

As a new user coming over from Myob ( another business I have )
it very disappointing find so many problems that have not been fixed
I caught one of my employees looking up other employees' pay details and information
why has this not been fixed here in Australia there are privacy laws and i don't wont to be sued from a employee details being read or let out on the net if some one got angry with each other
i surprised this software ware been around a long time and no one in the USA has sued them for this lack of data security

THIS NEED FIX ASAP MAKE IT TOP PRIORITY

(Or am I going to have go delete this software at this new business and ( a bad word in your office i reckon )
use MYOB

As a new user to xero
(coming over from Myob from another business that i run )
it's very disappointing that there is no privacy with employees' details as i had caught one member looking at other employees payment details to make shall he was stilling get payed more ,
this has to be fixed asap as here in Australia there are privacy laws that this breaks and also risking their data/confidentiality)
so when i get sued from information being read from different employees does this mean i go after you xero
i reckon if this was in the usa it would be fixed straight away

It's nice to see I am not alone in needing this feature for our business. Every update or improvement they do is great... BUT I become so frustrated that they aren't making actual important improvements such as this one. This should be top priority. I have been with Xero since 2019 and have been trying to be heard.

Hello all,

I raised this with Xero in April 2023 when the prices were increased. After much emailing back & forth & some conversations with the customer support team I received an email from Richie in the Leadeship team who stated it wasn't part of their near term plans. As it was first raised in 2012, this does seem very poor.
I have recently posted on LinkedIn about this idea as well as the requirment to be able to have different user access levels (other than the all or nothing currently avaliable) If you want to also add your voice to this, hopefully they may be more inclined to listen on that platform? https://www.linkedin.com/feed/update/urn:li:activity:7159090871684988928/

@Wendy Xing I'm surprised auditors are not jumping up and down about this. It's a huge risk to businesses. It seems that Xero is not designed to support businesses in their growth phase - either they grow (and allow additional users into Xero (risking their data/confidentiality)) or the owner/bookkeeper has to remain the sole authority on the accounts.

I am writing to express my serious concern regarding the current permission system implemented in our XERO platform, which I believe poses a significant risk to management processes. The existing system lacks a crucial middle layer of permissions, offering an all-or-nothing approach that is neither secure nor practical.

At present, the permissions are so broadly defined that they allow for only very limited or almost complete access. This lack of granularity means that accountants, among others, can view and even edit almost everything within the system. Such extensive access is not only unnecessary for their role but also represents a substantial security risk that could potentially lead to data breaches, unauthorized transactions, or other forms of misuse.

The absence of a nuanced permission structure does not allow for the balanced distribution of access rights, which is essential for maintaining the integrity and confidentiality of sensitive company information. It is unsettling to know that the current system does not provide the means to effectively control or limit access based on the specific needs and responsibilities of different roles within the organization.

We are struggling with this issue as well. Managers have to do the work themselves because we don't want juniors having access to all financial data. Xero please look at this.

Ability to restrict delete options ( users cannot delete invoices or contacts)

This is a problem with junior staff seeing information they should have no access to and breaches workplace contracts.
I suppose at least we can see who made the change - but not the why why why