Intermediate
How to manage user roles permissions on Xero
Quick Answer
Managing user roles and permissions in Xero involves accessing the Settings menu, navigating to Users, and configuring specific access levels for each team member. You can assign predefined roles or create custom permissions to control what users can view, edit, or approve in your accounting system.
Prerequisites
- Xero organization administrator access
- Active Xero subscription with multi-user capabilities
- Knowledge of your team's accounting responsibilities
- Understanding of accounting principles and data sensitivity
1
Access User Management Settings
Log into your Xero account and click on Settings in the main navigation menu. From the dropdown, select Users to access the user management dashboard where you can view all current users and their assigned roles.
Tip
Ensure you're logged in as an organization administrator to access all user management features.
2
Review Current Users and Roles
In the Users section, review the list of current users and their assigned roles. Click on any user's name to view their current permissions. Note the different role types: Standard, Advisor, Read Only, and Invoice Only. Each role has predefined permission sets that determine access levels.
Tip
Document existing permissions before making changes to ensure you can restore settings if needed.
3
Modify User Permissions
To change a user's role, click on their name and select Edit User. In the permissions section, choose from predefined roles or select Custom to create specific permission combinations. Configure access to areas like Contacts, Bank Accounts, Reports, Settings, and Payroll by checking or unchecking the appropriate boxes.
Tip
Use the principle of least privilege - only grant the minimum permissions necessary for each user's job function.
4
Set Financial Approval Limits
For users who can create or approve transactions, set spending limits by clicking Financial Settings in their user profile. Configure Purchase Order Limits, Bill Approval Limits, and Payment Authorization Levels. Enter specific dollar amounts or select No Limit for trusted administrators.
Tip
Consider implementing a dual approval system for high-value transactions by setting appropriate limits.
5
Configure Report Access Levels
In the user's permission settings, navigate to the Reports section. Control access to sensitive financial reports by selecting specific report categories. You can grant access to Basic Reports, Detailed Financial Reports, Management Reports, or All Reports depending on the user's role and responsibilities.
6
Enable Two-Factor Authentication
For enhanced security, require two-factor authentication for users with elevated permissions. In the user settings, check Require Two-Factor Authentication and select the preferred method: SMS, Authenticator App, or Email. This adds an extra security layer for accessing sensitive financial data.
Tip
Mandate 2FA for all users with Standard or Advisor roles to protect against unauthorized access.
7
Set Up Role-Based Notifications
Configure email notifications based on user roles by accessing Notification Settings in each user's profile. Enable relevant alerts such as Invoice Approvals, Payment Notifications, Bank Feed Updates, and Report Generation. Customize frequency settings to avoid notification overload while maintaining accountability.
Tip
Tailor notifications to each user's responsibilities to improve workflow efficiency and response times.
8
Save and Test User Permissions
After configuring all permissions, click Save Changes and notify affected users of their updated access levels. Test the permissions by having users log in and verify they can access appropriate features while being restricted from unauthorized areas. Document the permission structure for future reference and compliance audits.
Tip
Create a permission matrix document that maps user roles to specific Xero features for easy reference and onboarding.
Troubleshooting
User cannot access required features after permission changes
Check if the user's role has the necessary permissions enabled. Go to Settings > Users, edit the user, and verify all required permission checkboxes are selected. Allow 5-10 minutes for changes to take effect, then ask the user to log out and back in.
Unable to modify permissions for certain users
Ensure you have administrator privileges and the user isn't the primary account holder. Only organization administrators can modify user permissions. If the user is an external advisor, they may need to adjust permissions from their own Xero account.
Two-factor authentication setup failing for users
Verify the user's contact information is current in their profile. For SMS 2FA, confirm the phone number is correct and can receive texts. For authenticator apps, provide step-by-step setup instructions and ensure time synchronization is accurate on their device.
Custom permission combinations not saving properly
Clear your browser cache and try again. Ensure you're not mixing conflicting permissions (like giving read-only access while enabling transaction creation). Save permissions one section at a time rather than making multiple changes simultaneously.
Ready to get started with Xero?
Put this tutorial into practice. Visit Xero and follow the steps above.
Visit Xero →