Skip to main content
Version: Current

Understanding User Groups and Permissions Basics

Zudello uses a role-based access control system built around User Groups and Permissions to manage what actions users can perform within the platform.

Permissions:

  • What they are: Specific authorisations that allow a user to perform an action (e.g., view an invoice, create a PO, delete a supplier, approve an expense claim).
  • Format: Permissions have a specific key, often like {Module}:{Submodule}#{Action} (e.g., PURCHASING:INVOICE#VIEW, EXPENSES:CLAIM#APPROVE, SYSTEM:TAG#CREATE).
  • Granularity: Permissions are granular, allowing administrators to grant precise levels of access.

User Groups:

  • What they are: Collections of users, typically grouped by role or function (e.g., "AP Clerks", "Department Managers", "Read Only Users", "System Admins").
  • How Permissions are Assigned: Permissions are assigned to User Groups, not directly to individual users.
  • How Users Get Permissions: Users are added as members to one or more User Groups within each Team they belong to. A user inherits the combined set of all permissions granted by all the groups they are a member of in that specific team. Permissions are additive.
  • Purpose: Simplifies administration. Instead of managing permissions for each user, administrators manage permissions for roles (groups) and simply add/remove users from those groups as needed.

Example:

  1. An "AP Clerk" User Group is created.
  2. Permissions like PURCHASING:INVOICE#VIEW, PURCHASING:INVOICE#UPDATE, RELATIONSHIPS:SUPPLIER#VIEW are assigned to the "AP Clerk" group.
  3. User Anya Sharma is added as a member to the "AP Clerk" group within the "Accounts Payable" Team.
  4. When Anya works in the "Accounts Payable" Team, she can now view and update invoices and view suppliers because she inherited those permissions from the group. She cannot, however, delete invoices unless a group she belongs to also grants the PURCHASING:INVOICE#DELETE permission.

Key Takeaway: User Groups define roles, Permissions define actions, and users get permissions by belonging to groups within a specific team context.

See also: User Groups Explained (How-To)

See also: Troubleshooting: User Cannot Perform Actions