Table of Contents

  1. Introduction

  2. Why Use Groups for User Rights Management?

  3. Understanding Dolibarr's Rights Hierarchy

  4. Creating User Groups in Dolibarr

  5. Assigning Permissions to a Group

  6. Creating Users and Assigning Them to Groups

  7. Managing Multiple Group Memberships

  8. Testing Access and Effective Rights

  9. Inheritance and Conflict Resolution in Group Rights

  10. Group Rights vs. Individual User Rights

  11. Best Practices for Group Design (Per Role, Department, or Site)

  12. Audit and Review of Group Permissions

  13. Restricting Access by Module or Feature

  14. Restricting Access by Third Party (for External Users)

  15. Deactivating or Modifying Group Rights

  16. Managing Permissions After Module Upgrades

  17. Automation: Cloning and Reusing Groups

  18. Logging and Tracking Permission Changes

  19. Common Mistakes to Avoid When Managing Groups

  20. Conclusion: Secure, Scalable Rights Management in Dolibarr

1. Introduction

As your business grows, managing user access manually becomes inefficient and error-prone. Dolibarr ERP/CRM offers a flexible user group system that allows you to assign rights collectively. This article provides a comprehensive walkthrough for managing user group rights effectively in Dolibarr.

2. Why Use Groups for User Rights Management?

Groups help you:

  • Save time when assigning rights to multiple users

  • Maintain consistency across similar roles

  • Quickly update permissions for teams or departments

3. Understanding Dolibarr's Rights Hierarchy

Dolibarr applies permissions in the following order:

  • SuperAdmin rights override all

  • Group permissions are inherited by users

  • Individual user permissions can override group rights

  • Modules must be enabled before rights apply

4. Creating User Groups in Dolibarr

To create a group:

  • Navigate to Home > Users & Groups > New Group

  • Name the group (e.g., Sales Team, HR Managers)

  • Optionally describe its function for documentation

5. Assigning Permissions to a Group

Once the group is created:

  • Click on the group name

  • Go to the Permissions tab

  • Select module-specific rights (e.g., read, create, delete)

  • Save changes

6. Creating Users and Assigning Them to Groups

You can assign users during or after creation:

  • Go to the User record

  • Click on the "Groups" tab

  • Check the groups to which the user belongs

7. Managing Multiple Group Memberships

A user can belong to more than one group:

  • Rights from all groups are combined

  • If any group denies access to a module, ensure at least one group grants it

8. Testing Access and Effective Rights

Use a test account or simulate login:

  • Verify the user sees only authorized modules

  • Confirm actions are allowed (edit, delete, validate, etc.)

9. Inheritance and Conflict Resolution in Group Rights

Dolibarr does not currently support negative rights (explicit deny). A lack of permission in one group does not cancel out rights from another.

10. Group Rights vs. Individual User Rights

Best practice:

  • Use groups for baseline rights

  • Only use individual rights for exceptions (e.g., Admin override)

11. Best Practices for Group Design (Per Role, Department, or Site)

Design groups based on:

  • Job functions (e.g., Accountants, Warehouse)

  • Access level (e.g., Read-Only, Supervisors)

  • Entity or subsidiary (for multi-company installations)

12. Audit and Review of Group Permissions

Perform regular audits:

  • Quarterly reviews of all active groups

  • Use built-in Dolibarr reports or export rights via database query

13. Restricting Access by Module or Feature

  • Disable unused modules to reduce clutter

  • Ensure only relevant rights are assigned per group

14. Restricting Access by Third Party (for External Users)

Use contact-based user accounts:

  • Link each user to their third party (customer/supplier)

  • Grant only access to their own records

15. Deactivating or Modifying Group Rights

To change a group:

  • Navigate to the group > Permissions

  • Add or remove rights as needed

  • Users will inherit changes instantly

16. Managing Permissions After Module Upgrades

After installing or updating a module:

  • Visit each group

  • Confirm that new permissions are correctly assigned

17. Automation: Cloning and Reusing Groups

No built-in clone feature, but you can:

  • Create template groups manually

  • Assign standard permissions for reuse

18. Logging and Tracking Permission Changes

Enable audit logging in conf.php:

$dolibarr_main_prod = 0;

View logs in Admin > Tools > Audit > User Logs

19. Common Mistakes to Avoid When Managing Groups

  • Assigning conflicting rights through multiple groups

  • Forgetting to reassign users when departments change

  • Leaving inactive users in sensitive groups

20. Conclusion: Secure, Scalable Rights Management in Dolibarr

Dolibarr's user group management system is powerful and flexible when used properly. Group-based permission assignment ensures consistent, scalable, and secure access control—especially as your user base expands. With thoughtful design, periodic audits, and smart inheritance, you can streamline operations and protect sensitive data effectively.