Rights per user role in domain

Disclaimer

All screenshots in the article were taken in the Dutch version of Yuki.

In Yuki, the management of users and their rights is very important for the effective and secure management of data within a domain.

Here are the main aspects of users:

• Access management
   For each user within a domain can be determined which administration(s) they have access. This ensures that users only have access to relevant data necessary for their work.
• Roles and rights
   Roles are used in Yuki to control the rights of a user. Each user has basic rights, and by assigning specific roles, users can get additional rights.
• Add additional users
  Adding additional users to a domain is possible when a user with the 'Management' role has chosen the bundle Medium, Large, or Unlimited in the Yuki Store. This is done at an additional monthly cost per added user.
• Grant or deny access
  A user with the 'Management' role has the power to grant or deny access to specific administrations within the domain at any time.
  
  For a detailed description, see article Access control of administration(s) in domain.

Access to users and their role(s) overview

To access:

• click on the Switch domain icon above the navigation bar
• click on My domain
  OR
• click on the Settings icon in the navigation bar
  
  
• then, in the now-opened screen, in the Domain section click on Users.

Rights per user role overview

The screen with the user details of the domain is always opened in the Default view.

This screen shows the log-in name and roles (with the associated rights) which each user currently has in the domain.

Below the basic rights of each user and then the additional rights per role are described

Basic rights of each user

Each user in Yuki has the following basic rights: 

• Scan, upload or email documents
• Ask questions to Yuki
• View documents with security level 'all users'
• Create new documents
• View projects and create new projects
• View, create and modify contacts
• Manage personal email box
• View calendar and create new appointments
• View and create tasks.

TIP!

A special role is 'Read-only user'. A user with this role can never scan, upload, change or create something in Yuki. 

Additional rights per role

At the moment you can assign the following roles in a domain in Yuki:

• Back Office
  
  ATTENTION!
  When the accountant has activated the self accounting feature for your domain, a user with the “Management” role in the domain can assign the role “Back Office” to a user.
  
  For a detailed description, see article Assign 'Back office' role (self-accounting) to user(s) in your domain.
  
  
• Sales
• Purchase
• Financial administration
• External accountant
• HRM
• Management
• Security manager
• Procurement
• Read-only user.

ATTENTION!

In an accountant portal you can assign special roles to the back office, see article Assign or change back office roles.

Below, you will find a description of the additional rights per role in a domain.

Special role Read-only user (only in combination with another role) 

An user with this role can only view all the data in a domain. So it is not possible to create, change or upload documents when an user has this role. The 'Read-only user' role must be combined with one of the other roles. When you want somebody to view all the financial data without being able to change this data you can assign the 'Financial administration' role as well as the 'Kijkgebruiker' role to this person.

Additional rights Sales

• Create and send sales invoices
• View sales and revenue lists
• View sales data per customer
• View outstanding invoices per customer.

Additional rights Purchase

• View Purchase list
• View purchase invoices and expense claims
• View balance list of suppliers.

Additional rights Financial administration

Someone with the 'Financial administration' role has all the rights of the 'Purchase' role plus the following rights:

• View and handle points of attention in administration (PO Box)
• View financial monitor 
• View bank statements
• View profit and loss account
• View balance sheet
• Zoom in on ledger accounts
• View all documents in the archive folders 'Sales', 'Purchase', 'Bank', 'Human resources', 'Tax' and 'Other financial'. In the 'Human resources' folder only the financial documents.
• Perform invoice actions from the document (see article Invoice actions)
• Perform actions from the GL account card
• Perform actions from the debtors and/or creditors card (match, write off, change payment method, etc)
• Perform actions from a bank transaction (match, record and split)

Additional rights External accountant

An 'External accountant' has the rights of someone with the 'Financial administration' role. This role also provides access to several additional overviews and features:

• View and handle points of attention in administration (PO Box)
• View journal entries
• Create general journal entries
• Match outstanding balance
• Perform actions from GL account card (like accrue costs, changing GL account, change VAT rate, etc.) (see article Editing features of GL account) 
• View trial balance
• Export financial data
• Create XML audit file
• Block administrations
• Create or change default values of contact.

Additional rights HRM

• View the archive folder 'Human resources'.
• Create tabs in 'Human Resources' folder. In this way access to confidential documents like salary details, employment contracts and assessment interviews can be blocked for the basic user.

Additional rights Management

Someone with the 'Management' role has all the rights of the 'HRM', 'Purchase', 'Sales' and 'Financial administration' (except the recently added) roles. Furthermore this role provides access to several additional features:

• View and handle points of attention in administration (PO Box)
• Create task types
• Create work types
• Create archive folders (This is the only role with this right)
• Create tabs (HRM is also allowed to do this but only in the 'Human resources' folder)
• Add users
• Manage access control
• Record bank transactions that are still outstanding in the debtors or creditors account. These can only be recorded directly in the costs or revenue via the Yuki PO Box.

He or she doesn't have the rights of the 'External accountant' role automatically. In order to get these rights the 'External accountant' role must also be assigned to this user.

Special Security manager role

This role must be used together with the 'Management' role. This role makes it possible to assign the 'Security manager' and 'Procuration' role to other users. 

The owner doesn't have the 'Security manager' role but however has all the corresponding rights. The 'Security manager' role is intended to give somebody else besides the owner the rights to be able to assign the Procuration roles to users.

Additionally this role gives access to several extra features:

• Enable payment list security
• Enable payment discount.

Special role Procurement

When payment list security is enabled, this role is required in combination with the 'Financial administration' role in order to be able to create SEPA payment files.