User Role - Access to specific feature only
"Business and accounting" role needs ability to more narrowly define. I want an employee to access invoices (receivables) but that then gives them access to ALL financial reporting, e.g. P&L, which I don't want them to see.
Hi community, thank you for your engagement and sharing how you'd like us to evolve roles for customers using Xero. User roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs - As you can see there is a large range of ideas for different roles shared by customers in Product Ideas.
We’re conducting research on the current landscape and how we might approach some of the most predominant needs in roles for our customers. To be upfront, the discovery of this work will be long running and there'll be multiple phases of research and forms of engagement with users that’ll help shape the path ahead in this space.
We’d like to invite you, our community to be part of this research and discovery. This may involve interviews and sharing further feedback through direct surveys or questionnaires.
✍️ If this is something you’d be interested in taking a part of please fill in our short form here.
We may not be able to invite everyone into every stage, however our research team will be in touch with many of you over the coming months.
We'll return to share on the outcomes of our research and any progress around development of roles in Xero.
-
Fiona Davidson commented
https://www.change.org/p/petition-for-xero-to-stop-making-changes
Please sign and share this petition.
-
Alton Duncan commented
THis issue goes beyond data security and customer preferences - For Xero to start effectively providng a platform suitable for larger companies, internal controls related to internal and external audit standards must be considered. Quick example: virtually all internal control standards will assess who has rights to add/edit a payee/vendor and/or access the check creation process, and the bank reconciliation data (i.e.Xero bank feed transactions). Any proposed enhancements that does not recognize these standards of controls and limitations is fruitless for addressing the needs of larger organizations.
-
Martin Danger commented
In another example of how Xero communicates with its users by gaslighting them... I logged a support case about this issue. I was told that giving only two options for user permissions was a security feature that protected data privacy.
How allowing a user with either very limited access or full access and nothing in between is supposed to enhance data privacy, well, that wasn't explained. Xero staff just say what they have been told to say, even if it makes no sense. And when you ask them to explain it, they respond with words that explain nothing.
-
Martin Danger commented
". User roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs - As you can see there is a large range of ideas for different roles shared by customers in Product Ideas."
One thing that is common to all these comments is the ability to choose what level of access to give a user.
The ability to limit a user's access to what is necessary is a basic security practice. There is nothing to research here - the administrator should be able to pick what level of access a user gets.
-
Nicole Gillard commented
The lack of flexibility in user permissions is the biggest limitation with Xero as system for medium sized business. To not provide user permissions to a tracking category allows users to see sensitive information in other tracking categories, a serious issue for our business. We have had to turn off P&L access to our managers and provide them with offline reports as we are unable to restrict them to their P&L (for tracking category) only, which is creating significant inefficiency and reduced functionality which is impeding our business operations. We are trying to find alternative software solutions to fill this gap and I urge Xero to please undertake some development in space this as a priority.
-
BT Toh commented
1. I agree that the permissions for user access should be more granular. This would allow better risk management.
2. Therefore, it is crucial for a business using Xero to have the ability to :
a) manage access to sensitive information (i.e. financial, clients, suppliers, and staff)
b) control changes that can made to our settings including what can be added, edited, and deleted.
c) segregate between preparer and approver for various tasks and key changes.3. Among all other limitations already raised:
a) I can't give a user access to raise a purchase order or bills and access to supplier contacts without also giving them access to all customer contacts and related financial information such as amount owed by customers and details into how much they are invoiced.
b) I can't control their ability to add, edit, and delete supplier and client contacts and in some cases banking details.4. More granular user access controls would encourage more users to be on Xero, which will be great business for Xero and its subscribers.
-
Ben Steenkamp commented
we should be able to grant different access to users. as the member above explained. One does not want all users to be able to access all data. we need to give access to quotations, sales, invoicing and purchase orders for example. this is currently not possible
-
Chris Curlett commented
Ramnarong is so correct. It is NOT hard to see what is needed. It is simple and being made complicated by ZERO.
All that is needed as a stary are the classic permissions structure of;
Reports title eg Profit and Loss
View (tick Box for the user to see this)
Print (tick fBox or the user to do this)The other functions are catered for in the main roles such as edit et6c
Come on XERO get on with it.
Look at how many users NEED this!
This can be a progressive roll out across the entire program - do not overcomplicate it!
-
Ramnarong Sitthidamrong commented
Come on - Each user has a range of check boxes theadministrator controls- have a look at BNZ Business Banking, where there are many settings for variouus users
-
Louise Birnie commented
Critical! I would like to be able to give an admin access to add in timesheets for staff but not access all of the payroll and personal details. We receive manual timesheets for offshore staff and currently only I can add their timesheets because I don't want admin staff to be able to view salaries!
Similarly I would like to give various people in the business as we grow access to PO's, Quotes etc without being able to view ALL of the sensitive business financials!
-
Leanne Fromont commented
A useful functionality would be multiple access levels where you assign staff to a level and a tick box for functions with in that access. This is common across all of the software packages we use.
I appreciate that this is a big undertaking if your software has not been designed this way to start with, but the community voice is overwhelmingly in favour of this flexibility. -
Michael Collins commented
What I need is a Read Only user to only have access to specific reports, not everything. For instance Sales and Marketing employees not to be able to see P&L etc.
-
Louise Alexander commented
What we need is for staff to be able to view their own project budgets without having access to salary information.
This would be a game changer for many of my clients.
Use the accessibility of Xero, but not have it so accessible that members of staff who are bright can access all the information!!
This is a key requirement that clients are facing and at the moment Xero can't deliver, so it's hard for me to recommend Xero
-
Katie Howell commented
We want staff to be able to view customer statements but not have access to our firm's bank account.
Currently this is not possible when editing the user permissions.
We have always used a QuickBooks desktop where this has been possible.
If one of the partners is no in the office, the staff cannot access a customer balance, and we do not want to provide them access to view the firm's bank account.
We hope this is rectified soon.
-
Chris Curlett commented
Come on XERO with 180+ users wanting this then it needs to be done. The permissions are far to generic to be of any real use or security.
We have the same problems as other users here re permissions and access - it needs ti be tightened up as a matter of urgency.
Please listen to your users and do what they need rather than "fads" like the new invoicing system
-
Daniel East commented
XERO - Where are you guys with this... This great idea is a MUST as we have many roles in our business & would like to have more options to restrict areas/customize of access to our staff.
- Invoices & only 1x bank account access for payment receivables & Purchase orders.
- Payable bills/ Purchase orders only without seeing "income/receivables -
Richard Costello commented
This is a great idea, it would be really helpful!!
-
Abigail Fry commented
After finding a new button for tracking in my invoice-only account I was disappointed to discover this button did not work because I did not have full access permissions from my superior.
Therefore after discussions with my manager we suggest that Xero induce personalised options for account permissions.
Making it so Invoice-only accounts can be added to specific areas of the software such as tracking options.
Some employers would like to give their accounts department these kinds of permissions to reduce time spent on basic admin tasks that can be set to invoice only employees. However they might not want to give the employee access to payment allocation settings.
Giving companies the ability to tailor their accounts to meet specific needs and reduce time spent relaying information such as " This account manager needs adding to the software tracking" or " This end client needs adding to the company".
-
Nicole Clark commented
This would be incredibly helpful for clients, please prioritise this as an update.
-
Charlotte Rix commented
Yes I want staff to have access to debtors/creditors reports, reconcile credit card accounts only