Skip to main content
Version: Current

FAQ: What are User Groups?

User Groups are the primary mechanism in Zudello for managing user access and permissions efficiently. Instead of assigning permissions directly to individual users, administrators assign permissions to User Groups, and then add users as members to those groups.

Key Concepts:

  • Purpose: To group users with similar roles, responsibilities, or access needs together.
  • Permissions: Specific permissions (controlling what actions users can perform, e.g., view invoices, create POs, approve expenses, delete suppliers) are assigned to the group.
  • Data Permissions: Data visibility rules (controlling which specific records users can see) are also assigned to the group.
  • Membership: Individual users are added as members to one or more User Groups within each team they belong to.
  • Combined Access: A user's total access within a team is the sum of all permissions and data visibility granted by all the User Groups they are a member of in that team. Permissions are additive.

Benefits:

  • Efficiency: Easier to manage permissions for many users. Add/remove users from groups instead of managing individual permissions.
  • Consistency: Ensures users with the same role have the same access levels.
  • Scalability: Simplifies onboarding/offboarding and role changes.

Types of User Groups (Conceptual):

While you can name groups freely, they often fall into categories based on the permissions assigned:

  • Access Groups: Grant basic visibility and action permissions (e.g., "AP Clerks", "Purchasing Officers", "Expense Submitters").
  • Approval Groups: Specifically used in approval workflows (e.g., "Finance Approvers", "Department Managers").
  • Visibility Groups: Primarily used to assign specific Data Permissions rules (e.g., "View Own Department Invoices", "View All Suppliers").

Example:

An "AP Clerk" User Group might have permissions like:

  • PURCHASING:INVOICE#VIEW
  • PURCHASING:INVOICE#UPDATE
  • PURCHASING:INVOICE#VISIBLE
  • RELATIONSHIPS:SUPPLIER#VIEW
  • And Data Permissions to view Invoices assigned to them or their team.

A user added to this group automatically inherits these permissions.

Administrators manage User Groups via Organisation Settings > User Groups and assign users to groups via Organisation Settings > Group Membership or individual user profiles.

See also: User Groups Explained.