Configuring Permissions for Internal Users in Dolibarr

Table of Contents

1. Introduction

2. Understanding User Roles in Dolibarr

3. The Importance of Permission Management

4. Internal vs External Users

5. Creating Internal User Accounts

6. Accessing and Navigating the Permissions Interface

7. Default Permission Sets and Profiles

8. Module-Based Permission Assignment

9. Managing User Groups for Internal Staff

10. Combining Group Permissions with Individual Adjustments

11. Practical Examples of Permission Scenarios

12. Advanced Permission Options and Restrictions

13. Managing Access to Financial and HR Modules

14. Configuring Project and Task Visibility

15. Integrating Permissions with Multicompany Setups

16. Monitoring Permission Changes and User Activity

17. Avoiding Common Permission Configuration Errors

18. Securing Sensitive Data through Fine-Grained Rights

19. Best Practices for Ongoing Permission Audits

20. Conclusion and Strategic Insights

1. Introduction

Dolibarr ERP & CRM provides businesses with a comprehensive platform to manage operations such as accounting, sales, projects, inventory, and HR. A critical part of ensuring the system is secure, efficient, and aligned with business processes is the correct configuration of user permissions. This article serves as an in-depth guide to managing permissions specifically for internal users within Dolibarr.

2. Understanding User Roles in Dolibarr

Dolibarr classifies users into two main roles:

• Internal users: Employees or staff members who have broad access to the internal operations of the business.

• External users: Typically clients, partners, or contractors with restricted access.

This article focuses exclusively on internal users and how to manage their permissions effectively.

3. The Importance of Permission Management

Proper permission configuration ensures:

• Users can perform their tasks without unnecessary access

• Sensitive data is protected from unauthorized views

• Compliance with audit and security policies

• Scalability of operations with new team members

Without structured permissions, there's a higher risk of data leaks and operational inefficiencies.

4. Internal vs External Users

Internal users are defined as those without an associated third party (company) in the system. These users are typically part of one or more operational departments (sales, accounting, etc.) and need access to various modules based on their responsibilities.

5. Creating Internal User Accounts

To create an internal user:

• Navigate to "Home > Users & Groups > New User"

• Fill in user information such as login, name, email

• Do not associate them with a third party

• Choose "Internal User" in the account type

• Assign them to one or more groups

6. Accessing and Navigating the Permissions Interface

Dolibarr provides an intuitive interface for managing permissions:

• Go to "Home > Users & Groups > Permissions"

• Select a group or individual user

• Modules are listed vertically, and rights (Read, Write, Delete, etc.) are listed horizontally

• Use checkboxes to activate or deactivate specific rights

7. Default Permission Sets and Profiles

Out-of-the-box, Dolibarr does not enforce predefined roles. However, you can create role-based permission profiles by:

• Setting up user groups (e.g., Sales Team, Finance Department)

• Assigning typical permissions based on job descriptions

• Using groups as templates for onboarding

8. Module-Based Permission Assignment

Each module (Invoices, Orders, Projects, etc.) has its own permission set:

• Read: view data without making changes

• Create: add new entries

• Modify: update existing records

• Delete: remove entries permanently

• Export: download data in CSV, PDF, etc.

Assign permissions based on job function. For example:

• Sales staff: Full access to Proposals and Orders

• Accountants: Full access to Invoices and Bank modules

• Project managers: Full access to Projects and Tasks

9. Managing User Groups for Internal Staff

Groups allow batch management of permissions:

• Create groups based on departments or locations

• Assign users to multiple groups if necessary

• Permissions are cumulative across all groups a user belongs to

To create a group:

• Go to "Users & Groups > Groups > New Group"

• Define the group name and purpose

• Assign permissions via the Permissions tab

10. Combining Group Permissions with Individual Adjustments

Although group-based management is recommended, Dolibarr allows user-specific permissions. Use this feature sparingly to:

• Override group restrictions for a specific individual

• Grant temporary elevated access for special projects

Navigate to "User > Permissions" to edit personal rights.

11. Practical Examples of Permission Scenarios

Example 1: Sales Team Member

• Modules: Proposals, Orders, Customers

• Rights: Read, Create, Modify

Example 2: Accountant

• Modules: Invoices, Payments, Bank Reconciliation

• Rights: Full access including Export

Example 3: HR Manager

• Modules: HRM, Leave Requests, User Directory

• Rights: Read/Write on employee records, read-only on salaries

12. Advanced Permission Options and Restrictions

Dolibarr’s Advanced Permissions module (optional) enables finer control:

• Limit data access to entries created by the user

• Restrict actions based on record status

• Enable or disable field-level access

Install this module via Dolistore or manual upload.

13. Managing Access to Financial and HR Modules

Special care should be taken with modules that contain sensitive data:

• Limit access to the Accounting module to certified personnel

• HR and payroll data should be restricted to authorized HR staff

• Log access attempts to these modules for compliance

Use the Audit or Log module for better visibility.

14. Configuring Project and Task Visibility

By default, internal users with access to the Projects module can:

• View all projects (unless restricted)

• See tasks and time entries

To restrict visibility:

• Assign users as project contacts

• Limit project access to assigned members using Advanced Permissions

• Configure task-level ownership

15. Integrating Permissions with Multicompany Setups

In Multicompany configurations:

• Users must be linked to specific companies

• Permissions are managed per entity

• SuperAdmins must assign company-specific rights

Use filters to switch contexts when viewing permissions.

16. Monitoring Permission Changes and User Activity

Dolibarr logs user activity in the Audit module. For tracking permission changes:

• Enable logs for permission alterations

• Document changes during employee onboarding/offboarding

• Schedule periodic audits of high-privilege accounts

17. Avoiding Common Permission Configuration Errors

Pitfalls to avoid:

• Granting admin rights to regular users

• Failing to restrict export/download rights

• Overlapping conflicting group permissions

Always test access with a sandbox user account before rollout.

18. Securing Sensitive Data through Fine-Grained Rights

Sensitive information (e.g., salary, supplier pricing) requires:

• Use of Advanced Permissions to restrict based on record ownership or user level

• Disabling export/download where not required

• Separate permission roles for viewing vs. editing

19. Best Practices for Ongoing Permission Audits

• Review user permissions quarterly

• Use documentation templates for group profiles

• Automate removal of rights upon employee departure

• Keep permissions lean—assign only what is necessary

20. Conclusion and Strategic Insights

Configuring permissions for internal users in Dolibarr is a foundational task that impacts data security, workflow efficiency, and compliance. By leveraging group-based management, modular permissions, and advanced restriction tools, businesses can ensure their ERP system aligns with operational needs.

Regular audits, clear documentation, and role-specific access ensure that users have the tools they need without exposing the system to unnecessary risks. As Dolibarr evolves, permission management will remain a cornerstone of sustainable ERP governance.