Security User Roles
Create User Role and Assign to User
First, ensure that the “Always Show Technical Groups” configuration is enabled.
If it is disabled, go to Settings → Security User Roles, locate Always Show Technical Groups, and enable it.

User Role Creation and Assignment Guide
Complete Documentation for Managing User Roles and Permissions
Table of Contents
1. Overview
This comprehensive guide provides step-by-step instructions for creating custom user roles and assigning them to specific users in the system.
User roles enable you to define granular access permissions across different modules and features, ensuring that each user has appropriate access to
perform their job functions while maintaining security and data integrity.
Purpose
User roles serve several critical purposes:
- Control access to sensitive information and features
- Ensure users only have permissions necessary for their job functions
- Maintain compliance with data protection and security policies
- Streamline user management by applying consistent permissions
2. Prerequisites
Before creating or assigning user roles, ensure you meet the following requirements:
- Administrative Access: You must have administrative privileges to access Settings and User Management
- System Permissions: Appropriate permissions to create and modify user roles
- Advance Setting Mode Enabled: Required for viewing all available module permissions
3. Creating a New User Role
Step 1: Navigate to User Roles
Follow this navigation path to access the User Roles configuration:
- Click on
Settingsfrom the main menu - Select
Users & Companies - Click on
User Roles
This will display a list of all existing user roles in the system.
Step 2: Create a New Role
- Review the existing user roles list
- If the role you need does not exist, click the
Newbutton - A new user role form will open for configuration
Step 3: Configure Role Settings
A. Role Name
Enter a descriptive name for the role in the Name field:
- Use clear, meaningful names that reflect the role's purpose
- Examples: "Sales Manager", "Accountant", "Warehouse User", "Administrator"
- Avoid generic names like "User" or "Role1" when possible
B. Access Rights Tab
Navigate to the Access Rights tab to configure permissions.
User Type Selection
Select the appropriate User Type based on the role requirements:
| User Type | Description |
|---|---|
| Internal User | For employees and staff members who require full access to the system with various permissions |
| Portal | For external users such as customers or partners who need limited access to specific features |
| Public | For public-facing access with minimal permissions, typically for website visitors |
Module Permissions
Assign module-wise permissions for the following sections:
- Sales: Define sales-related permissions including quotations, orders, and customer management
- Services: Configure service management access including projects and timesheets
- Accounting: Set accounting module permissions for invoicing, payments, and financial reports
- Inventory: Manage inventory access rights including stock movements and warehouse operations
- Website: Control website management permissions for content and e-commerce
- Marketing: Assign marketing module access for campaigns and automation
- Human Resources: Define HR-related permissions for employee management and recruitment
- Other: Configure additional module permissions as needed
If you cannot see all module permissions, you need to open the Advance setting mode (see Step 4 below).
Step 4: Open the Advance Setting Mode
If you cannot see all module permissions in the Access Rights tab, you must open the Advance setting mode.
To open the Advance setting mode:
- Locate the top header section of the interface
- Find the
Advance setting modeicon from the header section - Click the icon to activate the Advance setting mode
- All module permissions will now be visible in the Access Rights tab
Note: Advance setting mode provides access to advanced settings and technical features that are hidden by default to prevent accidental configuration changes.
Step 5: Configure Extra Rights
In the Extra Rights section, enable the following permissions as needed for the role:
- Contact Creation: Allows users to create new contacts and maintain the contact database
- Multi Companies: Enables access across multiple companies in a multi-company environment
- Product Creation: Permits users to create new products and manage the product catalog
Select only the permissions that are relevant to the user role you're creating. Following the principle of least privilege ensures better security.
Step 6: Configure Other Permissions
In the Other section, assign additional specific permissions as required:
- Digital Document: Grants access to digital document features for document management and sharing
- Can Create a Frame in Frame Wizard: Allows frame creation in the frame wizard for specialized workflows
These permissions provide access to specialized features within the system that may be specific to your organization's configuration.
Step 7: Save the Role
- Review all configured permissions to ensure accuracy
- Verify that the role name is descriptive and appropriate
- Click the
Savebutton to create the user role - The new role will now appear in the User Roles list and be available for assignment
Your user role has been created successfully and is ready to be assigned to users!
4. Assigning a Role to a User
Once you have created a user role, you can assign it to one or more users. There are two methods to accomplish this:
Method 1: From User Record
- Navigate to
Settings > Users & Companies > Users - Select the user you want to assign the role to from the user list
- In the user form, locate the
RolesorAccess Rightssection - Select the newly created role from the dropdown list or role selector
- Click
Saveto apply the role to the user
Method 2: From User Role
- Navigate to
Settings > Users & Companies > User Roles - Open the user role you created from the list
- Navigate to the
Userstab (if available) - Click
Addand select the users who should have this role - Click
Saveto apply the role to all selected users
Method 1 is best for assigning roles to individual users, while Method 2 is more efficient for assigning the same role to multiple users at once.
5. Troubleshooting
Common Issues and Solutions
Issue: Cannot See All Module Permissions
Problem: Some module permissions are not visible in the Access Rights tab.
Solution: Open the Advance setting mode from the header section as described in Step 4.
This will reveal all available module permissions and advanced configuration options.
Issue: User Cannot Access Features After Role Assignment
Problem: A user cannot access certain features even after being assigned a role.
Solutions:
- Verify that the role has the correct permissions enabled for the required features
- Check that the user type (Internal/Portal/Public) is appropriate for the required access level
- Ensure the user has been correctly assigned to the role in their user record
- Ask the user to log out and log back in to refresh their session and apply new permissions
Issue: "Access Denied" Error
Problem: User receives an "Access Denied" error when trying to access a feature.
Solutions:
- Check if the required module is installed and activated in the system
- Verify that the role has explicit permissions for that specific module or feature
- Review the Extra Rights and Other sections for any missing required permissions
- Ensure that company access permissions are correctly configured if using multi-company setup
Issue: Role Not Appearing in User Assignment
Problem: The newly created role doesn't appear when trying to assign it to a user.
Solutions:
- Verify that the role was saved successfully
- Refresh the page or clear browser cache
- Check if you have the necessary permissions to view and assign roles
- Ensure the role is not archived or deactivated
6. Best Practices
Use Descriptive Role Names
Give roles clear, meaningful names that describe their purpose and scope.
For example, use "Sales Manager - Regional" instead of generic names like "User2" or "Role Manager."
This makes it easier to understand what each role does and helps with future maintenance.
Follow Least Privilege Principle
Only grant permissions that are absolutely necessary for users to perform their job functions.
Avoid giving excessive permissions "just in case" as this increases security risks and can lead to accidental data modifications.
Regular Permission Audits
Periodically review user roles and permissions to ensure they remain appropriate.
Remove access that is no longer needed and update roles as job responsibilities change.
Conduct these audits at least quarterly or when employees change positions.
Test Thoroughly
After creating a new role, test it with a test user account before assigning it to production users.
This helps identify any permission issues or access problems early, preventing disruption to actual users.
Document Custom Roles
Keep a record of custom roles and their intended use cases, including:
- Who should have each role
- What permissions are included
- The business justification for the role
- Date created and last modified
This documentation is invaluable for troubleshooting, training, and compliance purposes.
Group Similar Users
Create roles that can be shared by multiple users with similar job functions rather than creating individual roles for each person.
This simplifies management and ensures consistency across users with the same responsibilities.
Separate Duties
For sensitive operations, consider implementing segregation of duties by creating separate roles for different parts of critical processes. For example:
- One role for creating purchase orders
- Another role for approving purchase orders
- A different role for processing payments
Use Role Hierarchy
When appropriate, create a hierarchy of roles where higher-level roles inherit permissions from lower-level roles.
This reduces duplication and makes it easier to maintain consistent permissions.
Monitor Role Usage
Keep track of which roles are actively being used and which are obsolete.
Regularly review and archive roles that are no longer needed to keep the system organized and reduce confusion.
Provide Training
Ensure that users understand their roles and the permissions they have. Provide training on:
- What they can and cannot do with their assigned role
- How to request additional permissions if needed
- Security best practices for protecting their access
- Who to contact if they encounter permission issues
Version Control for Roles
When making significant changes to an existing role, consider creating a new version rather than modifying the existing one.
This allows you to:
- Test changes without affecting current users
- Roll back if issues occur
- Track the evolution of role permissions over time
Additional Notes
Modifying Existing Roles
- User roles can be modified at any time by editing the role record
- Changes will apply to all users who have that role assigned
- Consider the impact on all users before making major changes
- Document any changes made to track the role's evolution
Permission Refresh
- Changes to roles may require users to log out and log back in for the new permissions to take effect
- In some cases, clearing the browser cache may also be necessary
- Plan role changes during off-peak hours when possible
Module Dependencies
- Some permissions may depend on specific modules being installed
- If a module is not installed, related permissions will not have any effect
- Ensure all required modules are installed before assigning roles
Database Backups
- Always create a backup of your database before making significant permission changes
- This is especially important in production environments
- Test major changes in a development environment first
Multiple Roles
- Users can be assigned multiple roles simultaneously
- The system will combine permissions from all assigned roles
- Users receive the union of all permissions from their roles
- Be cautious when assigning multiple roles to avoid unintended permission escalation