User Role - Restrict access to specific Settings
Ability to customise user roles to restrict some access in Xero.
Purpose: Some staff should only have limited access in Xero.
Hi everyone, we appreciate all your feedback on how we could evolve roles for customers using Xero. As you can see through the ideas on the platform, there are a wide range of combinations of permissions our customers want to see us build. As user roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs.
We’re beginning to conduct research on the current landscape and how we might approach some of the most predominant needs in roles for our customers. Front footing this, the discovery of this work will be long winded and there will be multiple phases of research and forms of engagement with users that’ll help shape the path ahead in this space.
We’d like to invite you, our community to be part of this research and discovery. This may involve interviews and sharing further feedback through direct surveys or questionnaires.
✍️ If this is something you’d be interested in taking a part of please fill in our short form here.
Though we won’t be able to invite everyone into every stage, our research team will be in touch with many of you over the coming months.
We will be back to share on the outcomes of our research and any progress around development of roles in Xero.
-
Paul Hunniford commented
As a new user coming over from Myob ( another business I have )
it very disappointing find so many problems that have not been fixed
I caught one of my employees looking up other employees' pay details and information
why has this not been fixed here in Australia there are privacy laws and i don't wont to be sued from a employee details being read or let out on the net if some one got angry with each other
i surprised this software ware been around a long time and no one in the USA has sued them for this lack of data securityTHIS NEED FIX ASAP MAKE IT TOP PRIORITY
(Or am I going to have go delete this software at this new business and ( a bad word in your office i reckon )
use MYOB -
Paul Hunniford commented
As a new user to xero
(coming over from Myob from another business that i run )
it's very disappointing that there is no privacy with employees' details as i had caught one member looking at other employees payment details to make shall he was stilling get payed more ,
this has to be fixed asap as here in Australia there are privacy laws that this breaks and also risking their data/confidentiality)
so when i get sued from information being read from different employees does this mean i go after you xero
i reckon if this was in the usa it would be fixed straight away -
Brandy Wilde commented
It's nice to see I am not alone in needing this feature for our business. Every update or improvement they do is great... BUT I become so frustrated that they aren't making actual important improvements such as this one. This should be top priority. I have been with Xero since 2019 and have been trying to be heard.
-
Nikki Velinsky commented
Hello all,
I raised this with Xero in April 2023 when the prices were increased. After much emailing back & forth & some conversations with the customer support team I received an email from Richie in the Leadeship team who stated it wasn't part of their near term plans. As it was first raised in 2012, this does seem very poor.
I have recently posted on LinkedIn about this idea as well as the requirment to be able to have different user access levels (other than the all or nothing currently avaliable) If you want to also add your voice to this, hopefully they may be more inclined to listen on that platform? https://www.linkedin.com/feed/update/urn:li:activity:7159090871684988928/ -
Maria McAdam commented
@Wendy Xing I'm surprised auditors are not jumping up and down about this. It's a huge risk to businesses. It seems that Xero is not designed to support businesses in their growth phase - either they grow (and allow additional users into Xero (risking their data/confidentiality)) or the owner/bookkeeper has to remain the sole authority on the accounts.
-
Wendy Xing commented
I am writing to express my serious concern regarding the current permission system implemented in our XERO platform, which I believe poses a significant risk to management processes. The existing system lacks a crucial middle layer of permissions, offering an all-or-nothing approach that is neither secure nor practical.
At present, the permissions are so broadly defined that they allow for only very limited or almost complete access. This lack of granularity means that accountants, among others, can view and even edit almost everything within the system. Such extensive access is not only unnecessary for their role but also represents a substantial security risk that could potentially lead to data breaches, unauthorized transactions, or other forms of misuse.
The absence of a nuanced permission structure does not allow for the balanced distribution of access rights, which is essential for maintaining the integrity and confidentiality of sensitive company information. It is unsettling to know that the current system does not provide the means to effectively control or limit access based on the specific needs and responsibilities of different roles within the organization.
-
Eileen Cotton commented
We are struggling with this issue as well. Managers have to do the work themselves because we don't want juniors having access to all financial data. Xero please look at this.
-
A K commented
Ability to restrict delete options ( users cannot delete invoices or contacts)
-
Tracey G commented
This is a problem with junior staff seeing information they should have no access to and breaches workplace contracts.
I suppose at least we can see who made the change - but not the why why why -
Joe Van Elburg commented
Users - allow for full customizability of users in Xero.
I have a client that needs to have users to just invoice for sales. This is needed as the upgraded access to standard gives them access to the bank account and payables, potentially more confidential information. They can create invoices, edit and pay them. Unfortunately one the payment is posted, they can no longer edit the invoice and needs to contact the bookkeeper every time they need something changed. It would be nice to have full customizable user access in Xero where you can tailor to the specific needs of the client.
-
Virgilia Benczik commented
User role is fundamental to any system, and I am more than surprised to see that as of now Xero is still so behind with access rights.
There should be possible for an user to have different level of access for different areas, or even a read only access to a single module (e.g. read only for sales invoices, and no other Xero access) -
Adam Lim commented
It's ridiculous, I need to give my staffs access to approve invoice which we do not give this authority to sales reps in order to print packing slip? So I ended up having to print many packing slips a day because simply they cannot do it!
-
Xero Ideas at GT commented
Role based security is fundamental to any user based system and is required to properly manage user access efficiently and effectively, particularly when there are hundreds of users.
Because there is no granular user security, we have many users who can access areas they don't need to. This is a risk issue and also creates additional work.
This function is required across all Xero modules including HQ. -
Lalit Gopwani commented
This needs to be dealt with ASAP. Your next product updates better include this fix
-
Brendan Watt commented
xero arent going to listen until new subscriptions slow down.. post these issues on their ads that pop on facebook or instagram so new users see the massive downfalls...
#User Role - Restrict access to specific Settings -
Joanne Boardman commented
This has been raised under several different ideas in different areas with the same basic premise that user access can be personalised or be more differntiated than it currently is so the votes on this are well under recorded.
The only alternative seems to be different software as this has been requested for quite some time with nothing done by Xero about it. -
Martin Hawkes commented
Our standard office admin users can access the bank accounts, which we don't want as this information is confidential.
This needs to be resolved quickly, please.
-
Kerryn-Leigh Anning commented
It is critical for user to be able to access Bill and Invoice reports without being able to access absolutely every else.
-
Rosemary Swanepoel commented
Very important - access to change item pricing, for example, should be limited to certain users. The person responsible for preparing an invoice should not necessarily be able to change the price per item (human error, fraud etc.).
-
Sunbear Admin commented
So sad no this function