Table of Contents
-
Introduction
-
Understanding User Roles in Dolibarr
-
The Importance of Permission Management
-
Internal vs External Users
-
Creating Internal User Accounts
-
Accessing and Navigating the Permissions Interface
-
Default Permission Sets and Profiles
-
Module-Based Permission Assignment
-
Managing User Groups for Internal Staff
-
Combining Group Permissions with Individual Adjustments
-
Practical Examples of Permission Scenarios
-
Advanced Permission Options and Restrictions
-
Managing Access to Financial and HR Modules
-
Configuring Project and Task Visibility
-
Integrating Permissions with Multicompany Setups
-
Monitoring Permission Changes and User Activity
-
Avoiding Common Permission Configuration Errors
-
Securing Sensitive Data through Fine-Grained Rights
-
Best Practices for Ongoing Permission Audits
-
Conclusion and Strategic Insights
1. Introduction
Dolibarr ERP & CRM provides businesses with a comprehensive platform to manage operations such as accounting, sales, projects, inventory, and HR. A critical part of ensuring the system is secure, efficient, and aligned with business processes is the correct configuration of user permissions. This article serves as an in-depth guide to managing permissions specifically for internal users within Dolibarr.
2. Understanding User Roles in Dolibarr
Dolibarr classifies users into two main roles:
-
Internal users: Employees or staff members who have broad access to the internal operations of the business.
-
External users: Typically clients, partners, or contractors with restricted access.
This article focuses exclusively on internal users and how to manage their permissions effectively.
3. The Importance of Permission Management
Proper permission configuration ensures:
-
Users can perform their tasks without unnecessary access
-
Sensitive data is protected from unauthorized views
-
Compliance with audit and security policies
-
Scalability of operations with new team members
Without structured permissions, there's a higher risk of data leaks and operational inefficiencies.
4. Internal vs External Users
Internal users are defined as those without an associated third party (company) in the system. These users are typically part of one or more operational departments (sales, accounting, etc.) and need access to various modules based on their responsibilities.
5. Creating Internal User Accounts
To create an internal user:
-
Navigate to "Home > Users & Groups > New User"
-
Fill in user information such as login, name, email
-
Do not associate them with a third party
-
Choose "Internal User" in the account type
-
Assign them to one or more groups
6. Accessing and Navigating the Permissions Interface
Dolibarr provides an intuitive interface for managing permissions:
-
Go to "Home > Users & Groups > Permissions"
-
Select a group or individual user
-
Modules are listed vertically, and rights (Read, Write, Delete, etc.) are listed horizontally
-
Use checkboxes to activate or deactivate specific rights
7. Default Permission Sets and Profiles
Out-of-the-box, Dolibarr does not enforce predefined roles. However, you can create role-based permission profiles by:
-
Setting up user groups (e.g., Sales Team, Finance Department)
-
Assigning typical permissions based on job descriptions
-
Using groups as templates for onboarding
8. Module-Based Permission Assignment
Each module (Invoices, Orders, Projects, etc.) has its own permission set:
-
Read: view data without making changes
-
Create: add new entries
-
Modify: update existing records
-
Delete: remove entries permanently
-
Export: download data in CSV, PDF, etc.
Assign permissions based on job function. For example:
-
Sales staff: Full access to Proposals and Orders
-
Accountants: Full access to Invoices and Bank modules
-
Project managers: Full access to Projects and Tasks
9. Managing User Groups for Internal Staff
Groups allow batch management of permissions:
-
Create groups based on departments or locations
-
Assign users to multiple groups if necessary
-
Permissions are cumulative across all groups a user belongs to
To create a group:
-
Go to "Users & Groups > Groups > New Group"
-
Define the group name and purpose
-
Assign permissions via the Permissions tab
10. Combining Group Permissions with Individual Adjustments
Although group-based management is recommended, Dolibarr allows user-specific permissions. Use this feature sparingly to:
-
Override group restrictions for a specific individual
-
Grant temporary elevated access for special projects
Navigate to "User > Permissions" to edit personal rights.
11. Practical Examples of Permission Scenarios
Example 1: Sales Team Member
-
Modules: Proposals, Orders, Customers
-
Rights: Read, Create, Modify
Example 2: Accountant
-
Modules: Invoices, Payments, Bank Reconciliation
-
Rights: Full access including Export
Example 3: HR Manager
-
Modules: HRM, Leave Requests, User Directory
-
Rights: Read/Write on employee records, read-only on salaries
12. Advanced Permission Options and Restrictions
Dolibarr’s Advanced Permissions module (optional) enables finer control:
-
Limit data access to entries created by the user
-
Restrict actions based on record status
-
Enable or disable field-level access
Install this module via Dolistore or manual upload.
13. Managing Access to Financial and HR Modules
Special care should be taken with modules that contain sensitive data:
-
Limit access to the Accounting module to certified personnel
-
HR and payroll data should be restricted to authorized HR staff
-
Log access attempts to these modules for compliance
Use the Audit or Log module for better visibility.
14. Configuring Project and Task Visibility
By default, internal users with access to the Projects module can:
-
View all projects (unless restricted)
-
See tasks and time entries
To restrict visibility:
-
Assign users as project contacts
-
Limit project access to assigned members using Advanced Permissions
-
Configure task-level ownership
15. Integrating Permissions with Multicompany Setups
In Multicompany configurations:
-
Users must be linked to specific companies
-
Permissions are managed per entity
-
SuperAdmins must assign company-specific rights
Use filters to switch contexts when viewing permissions.
16. Monitoring Permission Changes and User Activity
Dolibarr logs user activity in the Audit module. For tracking permission changes:
-
Enable logs for permission alterations
-
Document changes during employee onboarding/offboarding
-
Schedule periodic audits of high-privilege accounts
17. Avoiding Common Permission Configuration Errors
Pitfalls to avoid:
-
Granting admin rights to regular users
-
Failing to restrict export/download rights
-
Overlapping conflicting group permissions
Always test access with a sandbox user account before rollout.
18. Securing Sensitive Data through Fine-Grained Rights
Sensitive information (e.g., salary, supplier pricing) requires:
-
Use of Advanced Permissions to restrict based on record ownership or user level
-
Disabling export/download where not required
-
Separate permission roles for viewing vs. editing
19. Best Practices for Ongoing Permission Audits
-
Review user permissions quarterly
-
Use documentation templates for group profiles
-
Automate removal of rights upon employee departure
-
Keep permissions lean—assign only what is necessary
20. Conclusion and Strategic Insights
Configuring permissions for internal users in Dolibarr is a foundational task that impacts data security, workflow efficiency, and compliance. By leveraging group-based management, modular permissions, and advanced restriction tools, businesses can ensure their ERP system aligns with operational needs.
Regular audits, clear documentation, and role-specific access ensure that users have the tools they need without exposing the system to unnecessary risks. As Dolibarr evolves, permission management will remain a cornerstone of sustainable ERP governance.