Table of Contents

  1. Introduction to Access Control in Dolibarr

  2. Understanding Users and Groups

  3. The Permissions System in Dolibarr

  4. Standard Rights vs Advanced Rights

  5. Why Configure Advanced Rights?

  6. Setting Up User Groups

  7. Assigning Standard Permissions

  8. Activating the Advanced Permissions Module

  9. Advanced Rights: How It Works

  10. Real-Life Use Cases of Advanced Permissions

  11. Best Practices in Rights Management

  12. Troubleshooting Common Issues

  13. Security Considerations

  14. Summary and Recommendations

1. Introduction to Access Control in Dolibarr

Dolibarr ERP & CRM is designed to be modular, flexible, and suitable for businesses of all sizes. One of its most important features is the ability to manage who can do what within the system. This is achieved through its user rights and permissions architecture. Properly configuring these permissions is crucial for securing business data and defining appropriate workflows.

2. Understanding Users and Groups

Dolibarr distinguishes between individual users and user groups. Users represent individuals who log into the system, while groups serve to simplify permission management. Instead of assigning rights to each user individually, administrators can create groups with predefined rights and add users to them. This streamlines administration and ensures consistency.

3. The Permissions System in Dolibarr

Permissions in Dolibarr are assigned per module. Each module (like Products, Invoices, Projects, etc.) defines its own set of rights, such as Read, Create, Modify, and Delete. These permissions can be assigned either to users directly or, preferably, to groups. By default, permissions are applied globally, meaning that if a user has access to invoices, they can view all invoices unless further restrictions are set.

4. Standard Rights vs Advanced Rights

Standard rights are the out-of-the-box permissions available in Dolibarr. These are basic and provide broad access to entire modules or actions within them. Advanced rights, on the other hand, offer more granular control. For example, you can limit a user to see only invoices they created or restrict product modification to certain categories.

5. Why Configure Advanced Rights?

As businesses grow, their organizational structure becomes more complex. Standard permissions often fall short in defining precise access levels for different departments or roles. Advanced rights allow businesses to:

  • Protect sensitive data from unauthorized access

  • Enforce separation of duties

  • Tailor workflows to user roles

  • Improve system security and auditability

6. Setting Up User Groups

To begin configuring permissions, start by creating groups:

  • Navigate to "Home > Users & Groups > Groups"

  • Click "New Group"

  • Name the group according to its function (e.g., Sales, HR, Logistics)

  • Save the group

  • Add users to the group from the user profile or group settings

Once groups are in place, permissions can be assigned collectively.

7. Assigning Standard Permissions

  • Go to the group profile

  • Click on "Permissions"

  • You'll see a list of all modules

  • Expand each module to set permissions (Read, Write, Delete)

  • Apply changes to all users in the group

Remember that standard permissions affect the entire module. If you grant Read permission on the Products module, the user will see all products unless advanced permissions are enforced.

8. Activating the Advanced Permissions Module

Dolibarr includes an optional module called "Advanced Permissions". To activate it:

  • Go to "Home > Setup > Modules"

  • Look for the module named "Advanced Permissions" (or similar, depending on your version)

  • Enable the module

  • Additional configuration tabs will now appear within relevant modules (e.g., Invoices, Orders)

9. Advanced Rights: How It Works

Once the module is activated, administrators can define more specific rules. For example:

  • Only show documents created by the user

  • Restrict access to third parties based on sales area

  • Allow product editing only for certain users

  • Grant modification rights only when documents are in draft status

Each module that supports advanced permissions will now have an "Advanced permissions" tab where conditions can be configured.

These rules are usually based on conditions such as:

  • The owner of the record

  • The status of the document

  • The assigned user or group

  • Custom fields or categories

10. Real-Life Use Cases of Advanced Permissions

Sales Department Access

  • Sales users can only view their own quotations and proposals

  • Sales managers can view and edit proposals from their team

HR and Payroll

  • HR users can only access employee records within their department

  • Payroll staff can view salary-related documents but not personal evaluations

Inventory Management

  • Warehouse managers can modify stock only in their assigned locations

  • Procurement team can create purchase orders but not validate them

Client Access in SaaS Model

  • Clients can access their own invoices and tickets

  • Support users can only interact with tickets assigned to them

11. Best Practices in Rights Management

  • Use groups instead of assigning permissions to individual users

  • Regularly audit user and group permissions

  • Document your rights configuration for future reference

  • Combine standard and advanced permissions to maximize flexibility

  • Train users to understand their access rights and responsibilities

12. Troubleshooting Common Issues

Some common problems include:

  • Users not seeing records they expect (due to over-restrictive rules)

  • Conflicts between standard and advanced permissions

  • Misunderstanding the impact of module-level versus record-level permissions

Steps to resolve:

  • Re-examine group and user assignments

  • Review advanced permission rules

  • Temporarily elevate rights to identify issues

13. Security Considerations

Advanced permissions significantly enhance security, but they must be properly configured:

  • Avoid giving broad rights to default groups

  • Remove users from groups when changing roles

  • Regularly check logs for unauthorized access attempts

  • Use audit trails and change logs for sensitive modules

14. Summary and Recommendations

Configuring advanced rights in Dolibarr is a powerful way to tailor the system to your business needs. While standard permissions offer quick setup, advanced permissions unlock more refined access control. By combining both approaches and following best practices, businesses can ensure their data remains secure, workflows remain efficient, and users only access what they need.

Administrators should invest time in understanding how rights interact and evolve with business growth. With thoughtful planning and configuration, Dolibarr can support even the most complex organizational structures.