Rights matrix (rights per user role)

Modified on Thu, 21 Dec, 2023 at 9:53 AM

Access to one or more administration(s) can be determined for each user in a domain the access . In Yuki roles are used to manage rights. Each user has specific basic rights. By assigning a role to someone you can give that person additional rights. 

In the rights matrix you can view which users have access with which role(s) in which administration(s).

Adding one or more extra users to a domain (extra cost per added user per month) is only available when a user with the 'Management' role has chosen the bundle Medium, Large or Unlimited via the Yuki Store in the domain.

In a bundle pricing domain, only a user with the 'Management' role can grant or deny access to an administration to one or more additional users.


At any time, a user's access to an administration can be denied or, on the contrary, granted.

For a detailed description see article Access control of administration(s) in domain.

All configured settings such as the rights matrix, among others, are grouped and categorised in one place in your domain.

The rights matrix can be opened from different places in Yuki:

  • Click on the Switch domain icon above the navigation bar and then click on My domain. Subsequently, in the now-opened screen, click on the Rights matrix button.
  • Click on the Home icon in the navigation bar and then click on the My domain tile. Subsequently, in the now-opened screen, click on the Rights matrix
  • Click on the Settings icon in the navigation bar and then, in the now-opened screen, click on Rights matrix.

The following screen is opened:

Below the basic rights of each user and the additional rights per role are described.

Basic rights of each user

Users without a role also have rights in Yuki. Therefore it is not necessary to assign a role to somebody. Each user in Yuki has the following basic rights: 

  • Scan, upload or email documents
  • Ask questions to Yuki
  • View documents with security level 'all users'
  • Create new documents
  • View dossiers and create new dossiers
  • View, create and modify contacts
  • Manage personal email box
  • View calendar and create new appointments
  • View and create tasks
  • Registration of own hours by employee.


A special role is 'Read-only user'. A user with this role can never scan, upload, modify or create something in Yuki. 

Additional rights per role

At the moment you can use the following roles in Yuki:

  • Read-only user
  • Sales
  • Purchase
  • Financial administration
  • External accountant
  • HRM
  • Management
  • Security manager
  • Procuration
  • Special roles for the back office (see article Assign or change back office roles).

Below, you will find a description of the additional rights per role.

Special role Read-only user (only in combination with another role) 

An user with this role can only view all the data in a domain. So it is not possible to create, change or upload documents when an user has this role. The 'Read-only user' role must be combined with one of the other roles. When you want somebody to view all the financial data without being able to change this data you can assign the 'Financial administration' role as well as the 'Kijkgebruiker' role to this person.

Additional rights Sales

  • Create and send sales invoices
  • View sales and revenue lists
  • View sales data per customer
  • View outstanding invoices per customer.

Additional rights Purchase

  • View Purchase list
  • View purchase invoices and expense claims
  • View balance list of suppliers.

Additional rights Financial administration

Someone with the 'Financial administration' role has all the rights of the 'Purchase' role plus the following rights:

  • View and handle points of attention in administration (PO Box)
  • View financial monitor 
  • View bank statements
  • View profit and loss account
  • View balance sheet
  • Zoom in on ledger accounts
  • View all documents in the archive folders 'Sales', 'Purchase', 'Bank', 'Human resources', 'Tax' and 'Other financial'. In the 'Human resourcesfolder only the financial documents.
  • Perform invoice actions from the document (see article Invoice actions)
  • Perform actions from the GL account card
  • Perform actions from the debtors and/or creditors card (match, write-off, change payment method, etc)
  • Perform actions from a bank transaction (match, record and split)

Additional rights External accountant

An 'External accountant' has the rights of someone with the 'Financial administration' role. This role also provides access to several additional overviews and features:

  • View and handle points of attention in administration (PO Box)
  • View journal entries
  • Create general journal entries
  • Match outstanding balance
  • Perform actions from GL account card (like accrue costs, changing GL account, change VAT rate, etc.) (see article Editing features of GL account
  • View trial balance
  • Export financial data
  • Create XML audit file
  • Block administrations
  • Create or change default values of contact.

Additional rights HRM

  • View the archive folder 'Human resources'.
  • Create tabs in 'Human Resources' folder. In this way access to confidential documents like salary details, employment contracts and assessment interviews can be blocked for the basic user.

Additional rights Management

Someone with the 'Management' role has all the rights of the 'HRM', 'Purchase', 'Sales' and 'Financial administration' (except the recently added) roles. Furthermore this role provides access to several additional features:

  • View and handle points of attention in administration (PO Box)
  • Create task types
  • Create work types
  • Create archive folders (This is the only role with this right)
  • Create tabs (HRM is also allowed to do this but only in the 'Human resources' folder)
  • Add users
  • Manage access control
  • Record bank transactions that are still outstanding in the debtors or creditors account. These can only be recorded directly in the costs or revenue via the Yuki PO Box.

He or she doesn't have the rights of the 'External accountant' role automatically. In order to get these rights the 'External accountant' role must also be assigned to this user.

Special Security manager role

This role must be used together with the 'Management' role. This role makes it possible to assign the 'Security manager' and 'Procuration' role to other users. 

The owner doesn't have the 'Security manager' role but however has all the corresponding rights. The 'Security manager' role is intended to give somebody else besides the owner the rights to be able to assign the Procuration roles to users.

Additionally this role gives access to several extra features:

  • Enable payment list security
  • Enable payment discount.

Special role Procuration

When payment list security is enabled, this role is required in combination with the 'Financial administration' role in order to be able to create SEPA payment files. 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article