User Roles in Xero: How to Define Them

If you have multiple users in Xero, you’ll probably want to restrict them to specific areas of the site.

If you were still using a paper accounting system, it’s unlikely that you would let everyone dig through file folders, peer at your checkbook register, or look at other employees’ pay stubs.

Xero knows this, so it provides an easy way to assign employees to access levels. By requiring everyone to sign in using their own unique user names and passwords, you can limit them to only the screens that you’ve determined they need to see. You can also specify what activities they’re allowed to do there.

Here’s how it looks and works.



Figure 1: The Standard and Advisor roles have access to more areas of Xero — and more activity options — than anyone else.

Click on Settings | General Settings | Users. Since you are ostensibly the Subscriber (the individual who set up Xero and is responsible for subscription payments), your name should be there, designated (if you’ve assigned full privileges to yourself) as:

 Standard+Manage Users+Payroll Administration+Contact Bank Account Administration

Basically, you can do everything except those activities that are limited to an Advisor only.

When you designate someone as a Standard user, you are granting him or her permission to visit and interact with almost all of Xero’s screens, though cash-coding is optional and there are restrictions on reports.

When you “invite” your accountant in (see below), his or her role will be Advisor, which allows full access to accounts as well as extra permissions, like the ability to work with lock periods and to publish reports.

 Employee Levels

To give an employee access to Xero and assign a role with specific permissions, you’ll have to “invite” him or her. Click on Invite a User on the main Users page. Enter a first and last name and email address.

Before you send the email (and you’ll have a chance to personalize it), you’ll need to assign a role to the individual and select from the activity options available. Besides the Standardand Advisor levels, Xero’s access levels are:

 None would be assigned to a person who works only on payroll.

 Read Only is given to someone who needs to be able to view bank accounts, bills, purchase orders, invoices, reports, etc., but who will not have occasion to add or edit anything.

 Invoice Only is a more active role. It’s granted to an employee who will actually be processing transactions but doesn’t need to see bank accounts or reports. You can choose one of four activity levels. If you select:

  • Draft only, the employee can add, copy, save, and submit (for approval) invoices, bills, quotes, and purchase orders.
  • Approve & Pay, the employee can do all of that plus approve transactions and pay bills, in addition to doing other work with expense claims, contacts, and currencies.
  • Sales Only, the employee can create, approve, print, and record payment for invoices, quotes, and customer credit notes
  • Purchases Only, the employee can create and approve bills, supplier credit notes and purchase orders, as well as pay bills.

Payroll Admin is granted access to the Payroll menu, settings, and reports, and can process and post a pay run. There is also a Payroll Employee role.

You’ll notice in the grid below that actions are either not available or are limited for some levels. Others can be selected, but you’ll have to choose the allowed actions from drop-down lists.



Figure 2: These are the access levels that can be assigned to employees.

Once you’ve established the employee’s access level and permissions, click Continue. You’ll then have the option to personalize and send an invitation. Click Send Invite. The employee will receive an email containing a link to Xero, where he or she can click to accept the invite. If he or she does so, two buttons will appear: Create Login (for a new user) and Login now(for an existing user).

That’s it. The mechanics of assigning access levels to Xero are pretty straightforward, but this is an area where you must be clear on exactly what employees can see and do. We can give you a more thorough description of each role and help you match your employees to the correct ones.

You undoubtedly trust your employees or you wouldn’t have hired them; however  a lot of business fraud comes from within an organization. So be safe.