Enter your idea

Granular Access Control – Secure, Zero Trust Permissions
Control-C’s new security model introduces a level of granularity never seen before in managing access to your Xero financial data. Traditionally, giving an employee access to run an Aged Payables or Aged Receivables report meant exposing your entire financial landscape – including sensitive areas like your Profit & Loss, balance sheet, bank transactions, and even other employees’ bonus information. Xero’s native user roles are fairly broad (e.g. standard user or advisor roles grant wide access). Not anymore.

With Control-C’s Zero Trust-based security framework, you can now restrict access to just the specific data or reports your team members need – and nothing more. Want a staff member to run only the Aged Receivables report? You can grant that exact permission, without also giving away the rest of your accounting info. No more over-exposure or “all-or-nothing” access. For example, an accounts clerk can be set up to view and export customer invoices and aging reports, but cannot see the general ledger or payroll details. A junior bookkeeper could be limited to inputting bills and viewing the payables report, without any visibility of bank balances or management reports. You define roles at a fine-grained level – a stark contrast to Xero, where even a read-only user can see almost everything.

This precision access control is built from the ground up, aligning with modern Zero Trust security principles that assume no implicit trust – every access is explicitly granted and minimal. For accountants and compliance officers, this means better internal controls and cleaner audit trails. You can demonstrate that even within your organisation, sensitive financial data is only accessible on a strict need-to-know basis. For instance, an auditor or external accountant could be given a special “Auditor” role on Control-C: read-only access to relevant reports and the audit log, but nothing else. Meanwhile, your sales manager might have access to customer contact list backups (for business continuity) but not to any financials. These tailored permissions greatly reduce the risk of internal data leaks or unnecessary snooping.

For business owners, the benefit is peace of mind and professionalism. You no longer have to say, “I’ll give my assistant access to Xero, but I hope they don’t poke around the salaries or bank accounts.” Instead, you define their role on Control-C to exactly what they require (perhaps invoice creation and nothing else). It shows a commitment to confidentiality: employees see only what’s relevant to their job, which also reduces temptation and errors. And because the platform logs every access and download, you have a full audit trail of who viewed or exported data.

This Zero Trust security model is a unique selling point of Control-C’s platform. It effectively adds a new permission layer on top of Xero’s data, one that many businesses have long wished Xero itself had. By deploying it, you protect sensitive information by default while still empowering your team with the tools they need. The result is a more secure, compliant operation, where data access is precisely aligned with role and purpose – no more, no less.

If you would like to learn more visit Control-C.com or find us in the Xero App Store.

It would be extremely useful for us to select approvers or an approval limit by user to help us control costs and spending within the business

We want to add approvals for edit purchase orders

We need to be able to set user permissions so that only managers can authorise purchase orders to be paid, in the very least we need to be able to set the system so that the same person that raises a purchase order cannot be the same person that authorises it. Also it would be useful to be able set different levels of authority, so managers of a department can only authorise purchase orders under $500 but executive managers can authorise purchase orders of more than $500 etc.

Having the ability for a user to create both invoices and bills but choose whether they can approve neither/either/both is fundamental. Please add to roadmap asap!

This is an essential feature

the ability to just be able to issue/send quotations without access to anything else

Xero please provide an update as to when flexibility on this will be in the roadmap

Frankly, I can't get my mind around how accounting software designed for multiple users would be developed without this basic function. An update here should be a priority.

This function is absolutely necessary to protect vital financial information and maintain proper internal control.

For internal control purposes, this is so important. Is there any update on this?

Absolutely agree with Steve Ziara on this! Can we please get an update?

Having User Access Roles is extremely important! Not everyone in an organization should have full access to all financial information.

The very basic user limitation limits the ability to implement appropriate internal controls.

It would be great to be able to set users with specific access, read, write, draft, approve, edit permissions for specific tasks in Xero.

Read, Draft, Write, Edit, Approve Invoices
Edit, approve Invoice payments
Read, Draft, Write, Edit, Approve Quotes
Read, Draft, Write, Edit, Approve Purchase orders
Read, Draft, Write, Edit, Approve Bills
Edit, approve Invoice bill payments
Read, Draft, Write, Edit, Approve Manual Journals
Read Specific reports
View, Edit, approve Bank transactions/Posting

This should be implemented in the same way Practice manager and WFM handles user access.

Absolutely necessary. Can't move forward without this feature.

a. A user should be able to build customer batch deposits that include an overpayment and/or refund without having access to see the Bank accounts (balances)
b. The ability to enter bills, but not execute payment on those bills. Enter checks, but not execute payment on those checks and not be able to actually print checks.
c. Ability to restrict visibility to account balances and ability to update vendor information with this role, above, as well.
d. The ability to limit user access to only certain bank accounts (would be nice to choose user access by bank account)

I agree! It would be nice to have different levels or to be able to check off various permissions. I would be more apt to pay for more users if this was a possibility. Right now I am looking to be able to have a user only be able to add/update contact info, but that's not offered right now.