User groups and permissions guide
This guide provides a comprehensive overview of Zudello's user access control system, covering all user groups and visibility permission levels available in the platform.
Key points
- Two-layer security model
- User groups control functionality access, while visibility permissions determine data access
- User groups
- Available user groups include a mix of Core and Add-on groups, for customised, role-based access
- Visibility permissions
- The standard permissions of Full, Own only, Subsidiary only and Location only are detailed below
Critical implementation note
User groups define what users can do. Visibility permissions define which records they can see.
Both user groups and visibility permissions must be configured for every user.
Best practices
- Start with restrictive access and expand only as needed
- Always configure both user groups and visibility permissions for each user
- Test access thoroughly before rolling out to the wider team
- Document all access decisions for audit purposes
- Review permissions regularly to ensure they remain appropriate
Understanding Zudello's access control model
Zudello uses a two-layer security model to control user access:
Layer 1: User groups
- Define what modules, submodules, and system functions a user can access
- E.g. Purchasing Invoice, Relationships Customers
- Determine which specific actions a user can perform
- E.g. View, Create, Update
- Multiple groups can be assigned to each user, enabling customised user permissions
Layer 2: Visibility permissions
- Define which records a user can see within their permitted modules
- E.g. Locations - All, Invoices - Own
- Visibility permissions are assigned to corresponding user groups with the same name
- E.g. Own only visibility permissions are assigned to the user group Own only
- Must be set for every user, and are applied globally across all users within a user group
How they work together
User groups define what users can do. Visibility permissions define which records they can see. Both controls must be configured for each user.
Example: A user assigned to the AP Standard group
- With Full visibility
- Can view, edit, and process all invoices in the organisation
- With Own Only visibility
- Can view, edit, and process only invoices assigned to them
- With Subsidiary Only visibility
- Can view, edit, and process only invoices assigned to the entity they are assigned to
Visibility permissions
There are four standard visibility permissions:
Full
Scope: Unrestricted access to all data within assigned modules.
Use cases:
- Senior management
- Department heads
- Centralised processing or finance teams
- System administrators
Own Only
Scope: Visibility is limited to:
- Transactions assigned to the user
- Documents created by the user
- Items where the user is a designated approver
- User's own expense claims and requisitions
Use cases:
- Individual contributors
- Segregated duties roles
- New employees
- Confidential data handlers
Subsidiary Only
Scope: Visiblity is limited to records related to a specific subsidiary/entity.
Use cases:
- Multi-entity company with segregated business units
Note
Giving a user this visibility permission is not the only step. The user will also have to be assigned to the subsidiary in settings.
For help with assigning users to subsidiaries see Assigning users to records
Location Only
Scope: Visiblity is limited to records related to a specific location.
Use cases:
- Multi-location company with segregated business units
Note
Giving a user this visibility permission is not the only step. The user will also have to be assigned to the location in settings.
For help with assigning users to locations see Assigning users to records
Complete user groups list
Core vs Add-On Groups
There are 40 user groups available in Zudello, organised into Core and Add-on groups:
- Core groups
- Comprehensive user groups that provide all required permissions for a certain level of system access.
- Can be assigned independently to provide system access, without requiring additional groups.
- Add-on groups
- Supplementary user groups that provide specific, additional permissions.
- Do not provide complete system access and must be combined with a core user group.
Accounts payable groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| AP Approver | Core | Review, update, and approve vendor invoices and credits | View and update invoices, approve/reject documents, view POs for matching |
| AP Read Only | Core | View-only access to AP information | View invoices and credits - no modifications allowed |
| AP Standard | Core | Process vendor bills and routine AP operations | Upload and update invoices and credits, match to POs |
Sales groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Sales Order Approver | Core | Review, update, and approve sales orders | View and update sales documents, approve/reject orders |
| Sales Order Read Only | Core | View-only access to sales information | View all sales orders - no modifications allowed |
| Sales Order Standard | Core | Create and manage sales orders | Create/update sales orders |
Purchase order groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Purchase Order Approver | Core | Review, update, and approve purchase orders | View and update POs, approve/reject orders, view receipts and invoices |
| Purchase Order Read Only | Core | View-only access to PO information | View POs - no modifications allowed |
| Purchase Order Standard | Core | Create and manage purchase orders | Create/update POs, email to vendors |
Expense groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Expense Card Claimant (Corporate Card Expenses) | Core | Submit corporate card expense claims | Create/submit claims, view and reconcile cards, upload receipts and view payments |
| Expense Claim Approver | Core | Review, update, and approve expense claims | View and update claims, approve/reject expenses, view payment info |
| Expense Payments Admin | Core | Process expense payments | Import credit card feeds via CSV |
| Expense Read Only | Core | View expense information | View expense claims and payment data - no modifications allowed |
| Expense Reimbursement Claimant (Personal Expenses) | Core | Submit expense reimbursement claims | Create/submit reimbursement claims, upload receipts |
Procurement and inventory groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Receipting Role | Core | Process goods receipts | Create/update receipts, view POs and invoices, match to POs and invoices, upload documentation |
| Requisition Approver | Core | Review, update, and approve purchase requisitions | View and update requisitions, approve/reject requests |
| Requisition Requestor | Core | Create purchase requisitions | Create/submit requisitions |
Master data management groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Budgets | Add-on | Manage organisation budgets | Create/update budgets |
| Customer Manager | Add-on | Manage customer master data | Create/update customer records, manage relationships |
| Customer Read Only | Add-on | View customer information | View customer data - no modifications allowed |
| Dataset Manager | Add-on | Manage dataset rows | Create/update dataset rows (DOAs, customer fields etc) |
| Dimension Manager | Add-on | Manage organisational dimensions | Create/update dimensions (cost centres, departments etc) |
| Dimensions Read Only | Add-on | View organisational dimensions | View dimensions - no modifications allowed |
| Employee Manager | Add-on | Manage employee records | Create/update employee records |
| Employee Read Only | Add-on | View employee information | View employee records - no modifications allowed |
| Item Catalogue Admin | Add-on | Manage inventory catalogue | Create/update items |
| Item Catalogue Read Only | Add-on | View inventory catalogue | View items |
| Price Book Admin | Add-on | Manage pricing data | Create/update pricing, manage price books |
| Price Book Read Only | Add-on | View pricing data | View pricing |
| Supplier Admin | Add-on | Manage supplier master data | Create/update suppliers, manage relationships |
| Supplier Read Only | Add-on | View supplier information | View supplier data - no modifications allowed |
System function groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Automations Manager | Add-on | Configure automation rules | Create/update document coding rules |
| Change Approver (!) | Add-on | Modify document approvers | Ability to change approvers on any document type |
| Complete Without Processing (!) | Add-on | Bypass approval workflows | Mark documents complete without approvals, this moves documents into complete status without posting to the ERP |
| Document Studio | Add-on | Design document workflows | Create/update workflows, configure custom extraction |
| Force Approver (!) | Add-on | Override approval requirements | Force approve any document type |
| Export | Add-on | Export system data | Export data, create templates |
| Import | Add-on | Import data | Import data, manage templates |
| System Administrator (!) | Add-on | System configuration | Manage global settings, inbox configuration and budget configuration |
Warning
User groups marked with a (!) are considered high-risk due to their powerful capabilities.
Only assign these user groups when absolutely necessary, and ensure the list of assigned users is monitiored frequently.
Reporting and audit groups
| Group | Type | Purpose | Key Functions |
|---|---|---|---|
| Reporting | Add-on | Access analytics and reports | View all reports |
| View Only - Auditor | Core | Comprehensive read-only access | View all data across all modules - no modifications allowed |
Implementation patterns
Centralised AP department
| Role | User Groups | Visibility | Rationale |
|---|---|---|---|
| AP Clerk | AP Standard | Own Only | Process assigned invoices |
| Senior AP Clerk | AP Standard + Supplier Manager | Full | Manage vendors and all invoices |
| AP Supervisor | AP Standard + AP Approver + Change Any Approver | Full | Full AP oversight |
| AP Auditor | AP Read Only | Full | Review all transactions |
Sales organisation
| Role | User Groups | Visibility | Rationale |
|---|---|---|---|
| Sales Rep | Sales Order Standard + Customer Manager | Own Only | Manage own customers |
| Sales Manager | Sales Order Standard + Sales Order Approver + Price Book Admin | Full | Team oversight and pricing |
| Sales Support | Sales Order Read Only | Full | Assist all sales staff |
General employees
| Role | User Groups | Visibility | Rationale |
|---|---|---|---|
| Employee | Expense Card Claimant OR Expense Reimbursement Claimant | Own Only | Submit own expenses |
| Manager | Expense Claim Approver + Requisition Approver | Own Only | Approve team items |
| Dept Head | AP Approver + Expense Claim Approver + Budgets | Full | Department oversight |
List of user groups by type
Core groups (can operate independently)
- Accounts Payable
- AP Standard
- AP Approver
- AP Read Only
- Sales
- Sales Order Standard
- Sales Order Approver
- Sales Order Read Only
- Purchase Orders
- Purchase Order Standard
- Purchase Order Approver
- Purchase Order Read Only
- Expenses
- Expense Card Claimant
- Expense Reimbursement Claimant
- Expense Claim Approver
- Expense Read Only
- Expense Payments Admin
- Procurement
- Receipting Role
- Requisition Requestor
- Requisition Approver
- Reporting
- View Only - Auditor
Add-on groups (enhance core groups)
- Master Data
- Customer Manager
- Customer Read Only
- Dataset Manager
- Dimension Manager
- Dimensions Read Only
- Employee Manager
- Employee Read Only
- Item Catalogue Admin
- Price Book Admin
- Supplier Admin
- Supplier Read Only
- System Functions
- Automations Manager
- Change Approver (!)
- Complete Without Processing (!)
- Document Studio
- Force Approver (!)
- Import
- Export
- System Administrator (!)
- Other
- Budgets
- Purchase Order Admin
- Reporting
Warning
User groups marked with a (!) are considered high-risk due to their powerful capabilities.
Only assign these user groups when absolutely necessary, and ensure the list of assigned users is monitiored frequently.
Important distinction: Read Only vs Approver groups
- Read Only Groups
- Can only view data
- Cannot update data or approve transactions
- Approver Groups
- Can view, update, and approve transactions
- Standard Groups
- Can create, view, and update transactions, but not approve
Approvers have editing permissions to correct or modify transactions before approving, if the approval workflow allows for editing.
Read-only users cannot make any changes.
High risk permissions
The following groups require extra monitoring due to their powerful capabilities:
- Force Approver
- Complete Without Processing
- System Administrator
- Change Approver
Implementation checklist
For each new user:
- Identify primary job function and select relevant Core user group(s)
- Determine additional needs, and add any relevant Add-on groups
- Assess data scope requirements, and set visibility (Own Only, Subsidiary/Location Only, or Full)
- Verify segregation of duties compliance
- Document the exact settings for each user, along with the business justification
- Test access before go-live
- Schedule periodic review
Red flags to avoid
- Giving Full visibility without clear business need
- Assigning Force Approver or Complete Without Processing widely
- Not documenting access decisions
- Assigning Reporting to an employee with own only or various module access restrictions
Quick reference guide
-
Just viewing AP data?
- AP Read Only + Full/Own Only
-
Approving and correcting invoices?
- AP Approver + Own Only/Full
-
Basic AP Processing?
- AP Standard + Own Only
-
Department AP Management?
- AP Standard + Supplier Manager + Budgets + Full
-
Sales Operations?
- Sales Order Standard + Customer Manager + Own Only
-
Expense Submission?
- Expense Card Claimant OR Expense Reimbursement Claimant + Own Only
-
Financial Reporting?
- Reporting
-
System Audit?
- View Only - Auditor + Full
Final notes
Proper user controls are an esential part of your security and compliance strategy. To ensure your Xudello environment remins compliant, ensure that you:
- Always start with minimum required access
- Test thoroughly before production use
- Document all access decisions
- Review permissions regularly
Need help?
Contact your organisation administrator or Zudello support for assistance with user groups and permissions configuration.