Rights per user role in domain (Beta)

Disclaimer

All screenshots in the article were taken in the Dutch version of Yuki.

For each user in a domain, it can be determined which administration(s) he or she has access to. Roles are used in Yuki to control rights. Every user has certain basic rights. By assigning someone a role, you can give someone additional rights.

In the domain settings, you can see which users with which role(s) have access to which administration(s).

Adding one or more additional users to a domain (additional cost per added user per month) is only available when a user with the ‘Management’ role has selected the Medium, Large or Unlimited bundle through the Yuki Store in the domain.

In a domain, only a user with the role ‘Management’ role can grant or deny one or more additional users access to an administration.

ATTENTION!

At any time, a user's access to an administration can be denied or just granted.

For a detailed description see article Access control of administration(s) in domain.

All defined settings such as which users have which roles are grouped and categorized in one place in your domain.

The overview of users and their role(s) can be accessed from different places in Yuki:

• Above the navigation bar, click on the Swtich domain icon, then click on My domain. In the now-opened screen, in the Domain section, click on Users.
  OR
• In the navigation bar, click on the Settings icon. Then, in the Domain section, click on Users.

• Open the Default view.

The following screen is opened:

Below the basic rights of each user and the additional rights per role are described.

Basic rights of each user

Users without a role also have rights in Yuki. Therefore it is not necessary to assign a role to somebody. Each user in Yuki has the following basic rights: 

• Scan, upload or email documents
• Ask questions to Yuki
• View documents with security level 'all users'
• Create new documents
• View projects and create new projects
• View, create and modify contacts
• Manage personal email box
• View calendar and create new appointments
• View and create tasks.

TIP!

A special role is 'Read-only user'. A user with this role can never scan, upload, change or create something in Yuki. 

Additional rights per role

At the moment you can assign the following roles in a domain in Yuki:

• Back Office
  
  ATTENTION!
  When the accountant has activated the self accounting feature for your domain, a user with the “Management” role in the domain can assign the role “Back Office” to a user.
  
  
• Sales
• Purchase
• Financial administration
• External accountant
• HRM
• Management
• Security manager
• Procurement
• Read-only user.

ATTENTION!

In an accountant portal you can assign special roles to the back office, see article Assign or change back office roles.

Below, you will find a description of the additional rights per role in a domain.

Special role Read-only user (only in combination with another role) 

An user with this role can only view all the data in a domain. So it is not possible to create, change or upload documents when an user has this role. The 'Read-only user' role must be combined with one of the other roles. When you want somebody to view all the financial data without being able to change this data you can assign the 'Financial administration' role as well as the 'Kijkgebruiker' role to this person.

Additional rights Sales

• Create and send sales invoices
• View sales and revenue lists
• View sales data per customer
• View outstanding invoices per customer.

Additional rights Purchase

• View Purchase list
• View purchase invoices and expense claims
• View balance list of suppliers.

Additional rights Financial administration

Someone with the 'Financial administration' role has all the rights of the 'Purchase' role plus the following rights:

• View and handle points of attention in administration (PO Box)
• View financial monitor 
• View bank statements
• View profit and loss account
• View balance sheet
• Zoom in on ledger accounts
• View all documents in the archive folders 'Sales', 'Purchase', 'Bank', 'Human resources', 'Tax' and 'Other financial'. In the 'Human resources' folder only the financial documents.
• Perform invoice actions from the document (see article Invoice actions)
• Perform actions from the GL account card
• Perform actions from the debtors and/or creditors card (match, write-off, change payment method, etc)
• Perform actions from a bank transaction (match, record and split)

Additional rights External accountant

An 'External accountant' has the rights of someone with the 'Financial administration' role. This role also provides access to several additional overviews and features:

• View and handle points of attention in administration (PO Box)
• View journal entries
• Create general journal entries
• Match outstanding balance
• Perform actions from GL account card (like accrue costs, changing GL account, change VAT rate, etc.) (see article Editing features of GL account) 
• View trial balance
• Export financial data
• Create XML audit file
• Block administrations
• Create or change default values of contact.

Additional rights HRM

• View the archive folder 'Human resources'.
• Create tabs in 'Human Resources' folder. In this way access to confidential documents like salary details, employment contracts and assessment interviews can be blocked for the basic user.

Additional rights Management

Someone with the 'Management' role has all the rights of the 'HRM', 'Purchase', 'Sales' and 'Financial administration' (except the recently added) roles. Furthermore this role provides access to several additional features:

• View and handle points of attention in administration (PO Box)
• Create task types
• Create work types
• Create archive folders (This is the only role with this right)
• Create tabs (HRM is also allowed to do this but only in the 'Human resources' folder)
• Add users
• Manage access control
• Record bank transactions that are still outstanding in the debtors or creditors account. These can only be recorded directly in the costs or revenue via the Yuki PO Box.

He or she doesn't have the rights of the 'External accountant' role automatically. In order to get these rights the 'External accountant' role must also be assigned to this user.

Special Security manager role

This role must be used together with the 'Management' role. This role makes it possible to assign the 'Security manager' and 'Procuration' role to other users. 

The owner doesn't have the 'Security manager' role but however has all the corresponding rights. The 'Security manager' role is intended to give somebody else besides the owner the rights to be able to assign the Procuration roles to users.

Additionally this role gives access to several extra features:

• Enable payment list security
• Enable payment discount.

Special role Procurement

When payment list security is enabled, this role is required in combination with the 'Financial administration' role in order to be able to create SEPA payment files.