Enter your idea

This is very important.
Currently any staff member that we need to have access to quotes and purchase orders also has access to all reports and financials.

It would be great if in the invoice only user option, you could tick as many as you want with invoices, purchase orders and approve and pay.

We have a small business and have technician's on the road who will quote and invoice customers. When they use parts they need to send PO's to replenish their stock. We need technician's to have access to invoices and purchase orders but no financials. So currently unfortunately they have access to all financials.

Please update this asap!!

Such a basic requirement of a system in a business and is still not there.

This is insanity that it is not a base function of Xero.

We don't want our admin/debt collectors/sales staff being able to see & dig into the P&L and B/S but obviously they need access to the debtors report.

You know full well that a paid addon isn't sufficent for this, come on.

I think the simplest way of doing this would be to allow us to give a user access to a specific report. I only have one report that I need my staff to see but it is critical in running our business. I need them to be able to balance the day and make sure our cash, cheques and debits balance. I urge you to look at Quickbooks as they do a really good job with User rolls.

Textbook handling from Xero here on the whole user role issue : https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/44960731-user-role-restrict-access-to-specific-settings

State that the issue is far more complex than it really is, then split it down to get people to vote more specifically and then close-off the original. Next, wait 12 months, still doing nothing, at which point you then merge all the individual ideas, because "they're all part of the bigger picture" around user roles! 🤷🏻

See you all in 12 months I guess!!

Every other platform in the market that I know of already offers detailed managing of user roles and access as standard.
a) This should already exist in Xero and
b) (if anything is ever done about it) No organisation should be made to pay more than another to use a business critical function.

This is a must at a basic level of operation, with out we can not grow our company. It is limiting what we do.

After 12 years of asking on here I am looking for an alternative system.

This should not be an add on feature - it a a base requirement

An add on is not acceptable, the ability to restrict report access is business critical. Management reports should have privacy restrictions as standard. Why are Xero being so ignorant to this basic requirement?

Another 'Add-on' $$?!?? This should be standard

I feel that this is a very critical update - should be a standard feature.

Some of the organisations are now splitting the roles of doing only Accounts payables/receivables and not Bank Reconciliation- at least have the related reports such Aged payables and Receivables reports available to SALES & PURCHASES users - this allows them to check the accounts payables/receivables balances at end of each month without accessing any management accounts...

Granular Access Control – Secure, Zero Trust Permissions
Control-C’s new security model introduces a level of granularity never seen before in managing access to your Xero financial data. Traditionally, giving an employee access to run an Aged Payables or Aged Receivables report meant exposing your entire financial landscape – including sensitive areas like your Profit & Loss, balance sheet, bank transactions, and even other employees’ bonus information. Xero’s native user roles are fairly broad (e.g. standard user or advisor roles grant wide access). Not anymore.

With Control-C’s Zero Trust-based security framework, you can now restrict access to just the specific data or reports your team members need – and nothing more. Want a staff member to run only the Aged Receivables report? You can grant that exact permission, without also giving away the rest of your accounting info. No more over-exposure or “all-or-nothing” access. For example, an accounts clerk can be set up to view and export customer invoices and aging reports, but cannot see the general ledger or payroll details. A junior bookkeeper could be limited to inputting bills and viewing the payables report, without any visibility of bank balances or management reports. You define roles at a fine-grained level – a stark contrast to Xero, where even a read-only user can see almost everything.

This precision access control is built from the ground up, aligning with modern Zero Trust security principles that assume no implicit trust – every access is explicitly granted and minimal. For accountants and compliance officers, this means better internal controls and cleaner audit trails. You can demonstrate that even within your organisation, sensitive financial data is only accessible on a strict need-to-know basis. For instance, an auditor or external accountant could be given a special “Auditor” role on Control-C: read-only access to relevant reports and the audit log, but nothing else. Meanwhile, your sales manager might have access to customer contact list backups (for business continuity) but not to any financials. These tailored permissions greatly reduce the risk of internal data leaks or unnecessary snooping.

For business owners, the benefit is peace of mind and professionalism. You no longer have to say, “I’ll give my assistant access to Xero, but I hope they don’t poke around the salaries or bank accounts.” Instead, you define their role on Control-C to exactly what they require (perhaps invoice creation and nothing else). It shows a commitment to confidentiality: employees see only what’s relevant to their job, which also reduces temptation and errors. And because the platform logs every access and download, you have a full audit trail of who viewed or exported data.

This Zero Trust security model is a unique selling point of Control-C’s platform. It effectively adds a new permission layer on top of Xero’s data, one that many businesses have long wished Xero itself had. By deploying it, you protect sensitive information by default while still empowering your team with the tools they need. The result is a more secure, compliant operation, where data access is precisely aligned with role and purpose – no more, no less.

If you would like to learn more visit Control-C.com or find us in the Xero App Store.

Look at Syft Analytics and potentially Syft Segments. These allow you to create live report links which anyone can open without a Syft or Xero log-in and see the latest reports from Xero plus top 10 transactions within each account balance. Or you can use a password to make the link more secure if needed. These Syft reports are available with the higher versions of Xero.

Such an important feature, I really hope this gets addressed.

Xero action the ideas that get the most traction so the more we can push this request the better chances we have. Share it with your peers everyone :)

Jessica Pillow - that sounds interesting, would like to know how you are getting this to work?

Similar to Reckon, have the option to provide access for admin staff to view selected reports, eg, AR & AP without providing permission to view all financial information.

We're exploring Syft to get this functionality & it's looking good! You get Syft with your Xero account now for no additional charge.

So you have combined the ideas but still no update on any progress or timeline for this to be actioned?

Please can we get an update on this feature as it is essential for businesses to be able to control their financial privacy.

This seems quite critical. More granular permissions for access to certain types of data are essential.

Is there any update on this? I have several clients requesting this. There should be an option for Sales & Purchase officers to access Sales & Purchase related reports.

If you give someone access to Reports they have automatic access to the bank account and can see everything (including payroll net payments).

Hannah - Admin Xero, said there would be an update after the older versions of reports were retired on 31 July 2023, and this thread would be updated. So fair, 2 years later there is no update on this thread. This is such a necessary feature when you would like a staff member to manage something like debtors and access reports to do so, without letting them see bank balances and info which includes things like staff salary payments. Come on Xero, give this request some air!