Security User Roles

Create User Role and Assign to User


First, ensure that the “Always Show Technical Groups” configuration is enabled.

If it is disabled, go to Settings → Security User Roles, locate Always Show Technical Groups, and enable it.



User Role Creation and Assignment Guide

User Role Creation and Assignment Guide

Complete Documentation for Managing User Roles and Permissions

1. Overview

This comprehensive guide provides step-by-step instructions for creating custom user roles and assigning them to specific users in the system.
User roles enable you to define granular access permissions across different modules and features, ensuring that each user has appropriate access to
perform their job functions while maintaining security and data integrity.

Purpose

User roles serve several critical purposes:

  • Control access to sensitive information and features
  • Ensure users only have permissions necessary for their job functions
  • Maintain compliance with data protection and security policies
  • Streamline user management by applying consistent permissions

2. Prerequisites

Before creating or assigning user roles, ensure you meet the following requirements:

  • Administrative Access: You must have administrative privileges to access Settings and User Management
  • System Permissions: Appropriate permissions to create and modify user roles
  • Advance Setting Mode Enabled: Required for viewing all available module permissions

3. Creating a New User Role

Step 1: Navigate to User Roles

Follow this navigation path to access the User Roles configuration:

  1. Click on Settings from the main menu
  2. Select Users & Companies
  3. Click on User Roles

This will display a list of all existing user roles in the system.

Step 2: Create a New Role

  1. Review the existing user roles list
  2. If the role you need does not exist, click the New button
  3. A new user role form will open for configuration

Step 3: Configure Role Settings

A. Role Name

Enter a descriptive name for the role in the Name field:

  • Use clear, meaningful names that reflect the role's purpose
  • Examples: "Sales Manager", "Accountant", "Warehouse User", "Administrator"
  • Avoid generic names like "User" or "Role1" when possible

B. Access Rights Tab

Navigate to the Access Rights tab to configure permissions.

User Type Selection

Select the appropriate User Type based on the role requirements:

User Type Description
Internal User For employees and staff members who require full access to the system with various permissions
Portal For external users such as customers or partners who need limited access to specific features
Public For public-facing access with minimal permissions, typically for website visitors

Module Permissions

Assign module-wise permissions for the following sections:

  • Sales: Define sales-related permissions including quotations, orders, and customer management
  • Services: Configure service management access including projects and timesheets
  • Accounting: Set accounting module permissions for invoicing, payments, and financial reports
  • Inventory: Manage inventory access rights including stock movements and warehouse operations
  • Website: Control website management permissions for content and e-commerce
  • Marketing: Assign marketing module access for campaigns and automation
  • Human Resources: Define HR-related permissions for employee management and recruitment
  • Other: Configure additional module permissions as needed

ℹ Note: If you cannot see all module permissions, you need to open the Advance setting mode (see Step 4 below).

Step 4: Open the Advance Setting Mode

⚠ Important: If you cannot see all module permissions in the Access Rights tab, you must open the Advance setting mode.

To open the Advance setting mode:

  1. Locate the top header section of the interface
  2. Find the Advance setting mode icon from the header section
  3. Click the icon to activate the Advance setting mode
  4. All module permissions will now be visible in the Access Rights tab

Note: Advance setting mode provides access to advanced settings and technical features that are hidden by default to prevent accidental configuration changes.

Step 5: Configure Extra Rights

In the Extra Rights section, enable the following permissions as needed for the role:

  • Contact Creation: Allows users to create new contacts and maintain the contact database
  • Multi Companies: Enables access across multiple companies in a multi-company environment
  • Product Creation: Permits users to create new products and manage the product catalog

✓ Best Practice: Select only the permissions that are relevant to the user role you're creating. Following the principle of least privilege ensures better security.

Step 6: Configure Other Permissions

In the Other section, assign additional specific permissions as required:

  • Digital Document: Grants access to digital document features for document management and sharing
  • Can Create a Frame in Frame Wizard: Allows frame creation in the frame wizard for specialized workflows

These permissions provide access to specialized features within the system that may be specific to your organization's configuration.

Step 7: Save the Role

  1. Review all configured permissions to ensure accuracy
  2. Verify that the role name is descriptive and appropriate
  3. Click the Save button to create the user role
  4. The new role will now appear in the User Roles list and be available for assignment

✓ Success: Your user role has been created successfully and is ready to be assigned to users!

4. Assigning a Role to a User

Once you have created a user role, you can assign it to one or more users. There are two methods to accomplish this:

Method 1: From User Record

  1. Navigate to Settings > Users & Companies > Users
  2. Select the user you want to assign the role to from the user list
  3. In the user form, locate the Roles or Access Rights section
  4. Select the newly created role from the dropdown list or role selector
  5. Click Save to apply the role to the user

Method 2: From User Role

  1. Navigate to Settings > Users & Companies > User Roles
  2. Open the user role you created from the list
  3. Navigate to the Users tab (if available)
  4. Click Add and select the users who should have this role
  5. Click Save to apply the role to all selected users

ℹ Tip: Method 1 is best for assigning roles to individual users, while Method 2 is more efficient for assigning the same role to multiple users at once.

5. Troubleshooting

Common Issues and Solutions

Issue: Cannot See All Module Permissions

Problem: Some module permissions are not visible in the Access Rights tab.

Solution: Open the Advance setting mode from the header section as described in Step 4.
This will reveal all available module permissions and advanced configuration options.

Issue: User Cannot Access Features After Role Assignment

Problem: A user cannot access certain features even after being assigned a role.

Solutions:

  1. Verify that the role has the correct permissions enabled for the required features
  2. Check that the user type (Internal/Portal/Public) is appropriate for the required access level
  3. Ensure the user has been correctly assigned to the role in their user record
  4. Ask the user to log out and log back in to refresh their session and apply new permissions

Issue: "Access Denied" Error

Problem: User receives an "Access Denied" error when trying to access a feature.

Solutions:

  1. Check if the required module is installed and activated in the system
  2. Verify that the role has explicit permissions for that specific module or feature
  3. Review the Extra Rights and Other sections for any missing required permissions
  4. Ensure that company access permissions are correctly configured if using multi-company setup

Issue: Role Not Appearing in User Assignment

Problem: The newly created role doesn't appear when trying to assign it to a user.

Solutions:

  1. Verify that the role was saved successfully
  2. Refresh the page or clear browser cache
  3. Check if you have the necessary permissions to view and assign roles
  4. Ensure the role is not archived or deactivated

6. Best Practices

Use Descriptive Role Names

Give roles clear, meaningful names that describe their purpose and scope.
For example, use "Sales Manager - Regional" instead of generic names like "User2" or "Role Manager."
This makes it easier to understand what each role does and helps with future maintenance.

Follow Least Privilege Principle

Only grant permissions that are absolutely necessary for users to perform their job functions.
Avoid giving excessive permissions "just in case" as this increases security risks and can lead to accidental data modifications.

Regular Permission Audits

Periodically review user roles and permissions to ensure they remain appropriate.
Remove access that is no longer needed and update roles as job responsibilities change.
Conduct these audits at least quarterly or when employees change positions.

Test Thoroughly

After creating a new role, test it with a test user account before assigning it to production users.
This helps identify any permission issues or access problems early, preventing disruption to actual users.

Document Custom Roles

Keep a record of custom roles and their intended use cases, including:

  • Who should have each role
  • What permissions are included
  • The business justification for the role
  • Date created and last modified

This documentation is invaluable for troubleshooting, training, and compliance purposes.

Group Similar Users

Create roles that can be shared by multiple users with similar job functions rather than creating individual roles for each person.
This simplifies management and ensures consistency across users with the same responsibilities.

Separate Duties

For sensitive operations, consider implementing segregation of duties by creating separate roles for different parts of critical processes. For example:

  • One role for creating purchase orders
  • Another role for approving purchase orders
  • A different role for processing payments

Use Role Hierarchy

When appropriate, create a hierarchy of roles where higher-level roles inherit permissions from lower-level roles.
This reduces duplication and makes it easier to maintain consistent permissions.

Monitor Role Usage

Keep track of which roles are actively being used and which are obsolete.
Regularly review and archive roles that are no longer needed to keep the system organized and reduce confusion.

Provide Training

Ensure that users understand their roles and the permissions they have. Provide training on:

  • What they can and cannot do with their assigned role
  • How to request additional permissions if needed
  • Security best practices for protecting their access
  • Who to contact if they encounter permission issues

Version Control for Roles

When making significant changes to an existing role, consider creating a new version rather than modifying the existing one.
This allows you to:

  • Test changes without affecting current users
  • Roll back if issues occur
  • Track the evolution of role permissions over time

Additional Notes

Modifying Existing Roles

  • User roles can be modified at any time by editing the role record
  • Changes will apply to all users who have that role assigned
  • Consider the impact on all users before making major changes
  • Document any changes made to track the role's evolution

Permission Refresh

  • Changes to roles may require users to log out and log back in for the new permissions to take effect
  • In some cases, clearing the browser cache may also be necessary
  • Plan role changes during off-peak hours when possible

Module Dependencies

  • Some permissions may depend on specific modules being installed
  • If a module is not installed, related permissions will not have any effect
  • Ensure all required modules are installed before assigning roles

Database Backups

  • Always create a backup of your database before making significant permission changes
  • This is especially important in production environments
  • Test major changes in a development environment first

Multiple Roles

  • Users can be assigned multiple roles simultaneously
  • The system will combine permissions from all assigned roles
  • Users receive the union of all permissions from their roles
  • Be cautious when assigning multiple roles to avoid unintended permission escalation

Still need help? Contact Us Contact Us