Enter your idea

It is important that I can give certain staff access to edit an invoice without seeing our bank information. Also, they need to see how the customer paid their invoice, via Cash, Cheque or Credit Card. Right now, if my staff need this information they have to call me and I have to look it up for them.

Textbook handling from Xero here on the whole user role issue : https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/44960731-user-role-restrict-access-to-specific-settings

State that the issue is far more complex than it really is, then split it down to get people to vote more specifically and then close-off the original. Next, wait 12 months, still doing nothing, at which point you then merge all the individual ideas, because "they're all part of the bigger picture" around user roles! 🤷🏻

See you all in 12 months I guess!!

Every other platform in the market that I know of already offers detailed managing of user roles and access as standard.
a) This should already exist in Xero and
b) (if anything is ever done about it) No organisation should be made to pay more than another to use a business critical function.

One of the key requirements we have is the ability to assign granular security permissions within the system. Specifically, we need to restrict access so that only designated users can:

Issue, send, and accept quotations
View stock levels
Access selling prices

Currently, this level of control is not possible without granting full access to the invoicing module, which poses significant operational and security concerns.
This functionality is critical for our workflows and has been repeatedly requested by users since 2015. Implementing more refined permission controls would greatly enhance usability and compliance across various business environments.
We strongly urge the development team to prioritise this enhancement.

This is critical for security reasons, as there is currently nothing to prevent a user from editing the invoice templates to add fake bank details, and no audit trail to indicate who the templates have been edited by.

This should preferrably be restricted for not only read only access types but for process only access types as well.

Please can Xero look at adding a layer of security on the invoice setting bank details. There have been a number of fraud cases in South Africa where the accountants/bookkeepers/users have edited bank details so that the money comes to them. It would be great to provide assurance to our clients that there is an additional security measure, to protect the integrity of the invoice.

Only to allow Adviser the full invoice option settings. Standard users and invoice only users should not have the option to edit or void an invoice if the invoice was approved and send to client.

I completely agree. Hi Xero - is there any way that this can be added?