Enter your idea

When are we going to get an update on the research and engagement that took place last year. This is becoming a real limitation for our business.

User permission should be based on the menu options available. It doesn't make any sense that we need to give access to bank statement information to all users that might need to have access to the following features:
- products and services
- invoice templates
- chart of accounts
- tracking categories
and so on.

We do not have a payroll grouping function with our company bank account so accessing bank statement means having access to payroll information even though the user doesn't have access to the payroll function. Non sense.

It would be extremely essential to get user restrictions to the level of Invoicing certain customers - for instance a Customer Manager being able to raise invoices in Xero only for his/her customer portfolio not being able to see all the invoices. "Customer group" related limitations might work.

While there are only 344+ votes. There is a whole conversation of 6000+ complaints on this front. Perhaps you should email a voting poll to all users and you will find the 1000's of issues with user roles.

Is there any news on this being prioritised? We are in jeopardy of losing two clients because we cannot give the staff narrow enough access to the accounting platform. Surely this is a basic thing for Xero to get right. Difficult to beleive only 300+ votes.

Xero needs to prioritise this. They are leagues behind when it comes to user role customisation options. If MYOB, Sage, etc. can do it, why can't Xero?

Please up the priority on this one. The permissions need to be MUCH more granular. I need team members to be able to access particular reports, but, as someone else has commented, it's all or nothing. And - and this is more crucial - they can see bank accounts which means they can see what everyone is paid! Not good for staff outside of certain members of the finance team!

I used Sage before changing to Xero, I could tick which reports I would like my assistant to have access to, Xero doesn't have this option if I give them access to reports they have access to all reports which is not right with sensitive reports and information on view. When will Xero allow this function which other accounting systems have as standard?

The function of user roles would be incredibly useful to have. Please could you provide an update on likely timings? I think the last update came on this thread was in April 2024 by Kelly Munro, and she said that it was in the research and testing stage.

Any development on this yet!?! I desperately need to give team members access to features within Xero without them being able to see confidential information in payroll or financial reports. This is a must have for financial teams!!
For example I should be able to give my team access to do manual tasks such as entering employee timesheets without them accessing employees wages and HR profiles.

https://www.change.org/p/petition-for-xero-to-stop-making-changes

Please sign and share this petition.

THis issue goes beyond data security and customer preferences - For Xero to start effectively providng a platform suitable for larger companies, internal controls related to internal and external audit standards must be considered. Quick example: virtually all internal control standards will assess who has rights to add/edit a payee/vendor and/or access the check creation process, and the bank reconciliation data (i.e.Xero bank feed transactions). Any proposed enhancements that does not recognize these standards of controls and limitations is fruitless for addressing the needs of larger organizations.

In another example of how Xero communicates with its users by gaslighting them... I logged a support case about this issue. I was told that giving only two options for user permissions was a security feature that protected data privacy.

How allowing a user with either very limited access or full access and nothing in between is supposed to enhance data privacy, well, that wasn't explained. Xero staff just say what they have been told to say, even if it makes no sense. And when you ask them to explain it, they respond with words that explain nothing.

". User roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs - As you can see there is a large range of ideas for different roles shared by customers in Product Ideas."

One thing that is common to all these comments is the ability to choose what level of access to give a user.

The ability to limit a user's access to what is necessary is a basic security practice. There is nothing to research here - the administrator should be able to pick what level of access a user gets.

The lack of flexibility in user permissions is the biggest limitation with Xero as system for medium sized business. To not provide user permissions to a tracking category allows users to see sensitive information in other tracking categories, a serious issue for our business. We have had to turn off P&L access to our managers and provide them with offline reports as we are unable to restrict them to their P&L (for tracking category) only, which is creating significant inefficiency and reduced functionality which is impeding our business operations. We are trying to find alternative software solutions to fill this gap and I urge Xero to please undertake some development in space this as a priority.

1. I agree that the permissions for user access should be more granular. This would allow better risk management.

2. Therefore, it is crucial for a business using Xero to have the ability to :
a) manage access to sensitive information (i.e. financial, clients, suppliers, and staff)
b) control changes that can made to our settings including what can be added, edited, and deleted.
c) segregate between preparer and approver for various tasks and key changes.

3. Among all other limitations already raised:
a) I can't give a user access to raise a purchase order or bills and access to supplier contacts without also giving them access to all customer contacts and related financial information such as amount owed by customers and details into how much they are invoiced.
b) I can't control their ability to add, edit, and delete supplier and client contacts and in some cases banking details.

4. More granular user access controls would encourage more users to be on Xero, which will be great business for Xero and its subscribers.

we should be able to grant different access to users. as the member above explained. One does not want all users to be able to access all data. we need to give access to quotations, sales, invoicing and purchase orders for example. this is currently not possible

Ramnarong is so correct. It is NOT hard to see what is needed. It is simple and being made complicated by ZERO.

All that is needed as a stary are the classic permissions structure of;

Reports title eg Profit and Loss
View (tick Box for the user to see this)
Print (tick fBox or the user to do this)

The other functions are catered for in the main roles such as edit et6c

Come on XERO get on with it.

Look at how many users NEED this!

This can be a progressive roll out across the entire program - do not overcomplicate it!

Come on - Each user has a range of check boxes theadministrator controls- have a look at BNZ Business Banking, where there are many settings for variouus users

Critical! I would like to be able to give an admin access to add in timesheets for staff but not access all of the payroll and personal details. We receive manual timesheets for offshore staff and currently only I can add their timesheets because I don't want admin staff to be able to view salaries!

Similarly I would like to give various people in the business as we grow access to PO's, Quotes etc without being able to view ALL of the sensitive business financials!