Skip to Content

Users & security

Lite+

Who can sign in and what they can do — user accounts, the roles that grant permissions, plus password and audit policy.

When to use

Adding a user, changing what a role can access, or tightening security policy.

Step by step

Roles list
1. Roles are how access works — each grants a set of permissions.
Is Administrative (column)
2. Administrative roles bypass the permission checks — grant them sparingly.
Users (Security sub-group)
3. Users are the accounts that sign in. Give each user the roles and branches that fit their job.
Password Policy / Audit Settings (Security sub-group)
4. Set your password rules and what gets audited here.

Adding a user

Settings → Security → Users → New.

  1. Enter the User Name (the login — usually their email).
  2. Leave Is Active ticked so they can sign in.
  3. Tick Is Kiosk Login if this account is only for the shop-floor kiosk, and Has Employee to link it to an employee record.
  4. In the Roles grid, Link the roles that give them their access — this is what actually decides what they can see and do.
  5. Save, then use Change Password on the toolbar to set their first password.
The New User form
A user is a login plus the roles that grant access. Link one or more roles, then set a password with Change Password.

What a role controls

Settings → Security → Roles. A role is a named bundle of permissions you assign to users. Open one to see and shape what it grants.

SettingWhat it does / affects
NameThe role’s name (e.g. Administrators, Sales).
Is AdministrativeThe role bypasses all permission checks — full access. Grant it sparingly.
Can Edit ModelLets the role change the application model (advanced — normally off).
Permission PolicyThe starting point — usually Deny all by default, so the role only grants what you explicitly allow.
Users tabWho’s in the role.
Type Permissions tabWhat data the role can read/write/create/delete, by record type.
Navigation Permissions tabWhich menu items the role can open.
Denied Actions tabSpecific actions taken away from the role.
A Role's permissions
A role starts from Deny all by default; Type and Navigation Permissions open up exactly what its users can see and do. Is Administrative overrides everything.

For everyday staff, the simplest path is to give them a position (which carries the day-to-day capability flags) and one standard role here — you rarely need to hand-craft permissions per person.

Last updated on