Table of Contents

  1. Introduction

  2. The Importance of Proper Permission Management

  3. Overview of Dolibarr’s Access Control System

  4. User Roles vs. Individual Permissions

  5. Setting Up User Groups

  6. Creating and Managing Users

  7. Assigning Permissions to Users and Groups

  8. Module-Specific Permission Granularity

  9. Advanced Permissions Module

  10. Setting Up Permissions for Custom Modules

  11. Best Practices for Sales, Accounting, and HR Permissions

  12. Restricting Access to Confidential Information

  13. Testing and Validating Permissions

  14. Troubleshooting Common Access Issues

  15. Understanding Permission Conflicts

  16. Managing Multicompany Permissions

  17. Permissions for External and Temporary Users

  18. Using Permissions in Workflows and Approval Chains

  19. Security Considerations in Access Rights

  20. Conclusion

1. Introduction

Dolibarr ERP/CRM is designed to be modular and scalable, serving businesses of all sizes and structures. A key part of making the system secure and efficient is setting up proper user permissions. This guide covers the essential and advanced steps to configure permissions correctly in Dolibarr.

2. The Importance of Proper Permission Management

Improper access rights can lead to:

  • Unauthorized data exposure

  • Accidental deletion or modification of sensitive records

  • Operational confusion and inefficiencies

By establishing structured permission protocols, businesses can protect data, control responsibilities, and ensure accountability.

3. Overview of Dolibarr’s Access Control System

Dolibarr uses a role-based access control (RBAC) model:

  • Each user is assigned a set of permissions

  • Permissions are linked to specific modules and actions

  • Permissions can be granted individually or through user groups

Permissions are binary: a user either has or does not have access to a specific action.

4. User Roles vs. Individual Permissions

User management can be handled in two ways:

  • By role/group: Centralized and efficient for large teams

  • By individual setup: Useful for unique or high-level users

Whenever possible, use roles to simplify administration and ensure consistency.

5. Setting Up User Groups

Steps:

  1. Navigate to Users & Groups > Groups

  2. Click New Group

  3. Name the group (e.g., Sales Team, Accountants)

  4. Assign default permissions

  5. Add users to the group

Groups act as permission templates and are easy to manage at scale.

6. Creating and Managing Users

To add a new user:

  1. Go to Users & Groups > Users > New User

  2. Enter personal and login details

  3. Assign the user to a group

  4. Define entity (in multicompany setups)

Each user can also be linked to a third party (if external).

7. Assigning Permissions to Users and Groups

Access rights are managed via checkboxes:

  • Navigate to Users > Permissions or Groups > Permissions

  • Each module shows specific actions (Read, Create, Modify, Delete, Export)

  • Enable or disable based on job function

Save changes and test access using a different browser or session.

8. Module-Specific Permission Granularity

Each module in Dolibarr defines its own permission tree:

  • Sales Module: Access to proposals, orders, invoices

  • Projects Module: Tasks, time tracking, project validation

  • Accounting: Journal entries, bank reconciliation, fiscal closure

Review permissions per module in detail before assigning.

9. Advanced Permissions Module

Dolibarr supports an optional Advanced Permissions module:

  • Allows field-level and tab-level access control

  • Supports dynamic conditions (e.g., show only if user is assigned)

  • Ideal for sensitive departments like HR or Legal

Activate it from Modules/Applications > Advanced Permissions.

10. Setting Up Permissions for Custom Modules

Custom modules must define their permissions in the descriptor file (modMyModule.class.php):

$this->rights[] = array(
  'id' => 1001,
  'label' => 'Read my module',
  'default' => 1,
  'level' => 'read'
);

Permissions will then appear under group/user permission pages.

11. Best Practices for Sales, Accounting, and HR Permissions

  • Sales: Limit creation of orders/invoices to managers

  • Accounting: Restrict journal edits and fiscal closure

  • HR: Block access to salary or personal files unless HR role

Use at least two permission levels: operational and supervisory.

12. Restricting Access to Confidential Information

To protect data:

  • Use Advanced Permissions for field-level restrictions

  • Separate users into departments with limited module access

  • Avoid granting full admin rights except when necessary

Audit user access logs periodically.

13. Testing and Validating Permissions

Before going live:

  • Create test users per role

  • Validate what each user can/cannot see

  • Use impersonation if available or parallel browser sessions

Always test new modules or customizations under least privilege conditions.

14. Troubleshooting Common Access Issues

Typical problems include:

  • Users unable to see menu options (missing read permission)

  • Access errors on form submission (missing create/update rights)

  • Module disabled or not installed for the user’s entity

Recheck group assignments and module activation.

15. Understanding Permission Conflicts

Users with multiple group memberships inherit union of rights:

  • If Group A denies a right but Group B allows it → the user will have access

  • No way to explicitly deny if another group allows it

Document group assignments clearly to avoid confusion.

16. Managing Multicompany Permissions

If the Multicompany module is active:

  • Each user must be assigned to entities

  • Permissions are set per entity

  • Cross-entity access is restricted unless explicitly configured

Configure from Admin > Multicompany > Users/Entities.

17. Permissions for External and Temporary Users

External users can:

  • Be linked to third parties

  • Access only their own data (quotes, invoices)

  • Submit orders or tickets via the portal interface

Set minimal permissions and disable access after project end.

18. Using Permissions in Workflows and Approval Chains

Use permissions to enforce workflows:

  • Only managers can validate orders or invoices

  • Only accountants can finalize payments

  • Read-only roles for audit or compliance observers

This helps prevent errors and maintains internal controls.

19. Security Considerations in Access Rights

  • Use strong passwords and two-factor authentication

  • Disable unused accounts immediately

  • Regularly review active user permissions

  • Log and monitor login attempts and access logs

Security audits should include permission reviews.

20. Conclusion

Proper configuration of user permissions in Dolibarr ensures your ERP system is secure, efficient, and aligned with your organization’s operational hierarchy. Whether you're setting up your first user group or managing complex access scenarios across multiple entities, following these best practices will help safeguard your data and streamline system use.