Skip to main content

Invoice Access Rights

Each Invoice has it's own ACL.ACL (information about who can access the record). That means, each individual Invoice may have different access rights. This behavior is used when sending Invoice for approval. Each approving user is automatically assigned appropriate edit rights to approve the invoice.

Edit Individual Invoice Rights

 atollon-invoice-rights.png

Default Invoice Rights

Invoice's rights are inherited from 3 different parent ACLs.

atollon-invoice-rights.pngatollon-invoice-rights-detail.png

1) Invoice Administration Node

Each Invoice application (Invoice Issued, Invoice Received, Purchase Order, Received Order, Estimate) has it's own administration node that takes care about default access rights to all Invoices stored to this particular node. As mentioned in the "Change Rights" filter (see screenshot), all rights of the Invoice node are inherited by the individual invoices.

In case you want to allow users read / write invoices, add their Access Group the the Invoice administration node. You can do this by clicking on "lock" button next to the first row (where Label = default).

2.) Journal

Each Invoice (or other document from invoice module) has Journal (such as "Domestic Invoices" or "Foreign Invoices" or "Secret Invoices"). In order to allow users see any invoice that is in "Secret Invoices", the user must have the VIEW rights to the Journal. In case the user does not have VIEW rights on "Secret Invoices" journal, she won't see these invoices. This works even if the users sees all other invoices...

In order to edit Journal access rights, you may directly get to the configuration using "Lock" button next to 2nd row (where Label = journal) or you may go to Options & Tools > Journal Settings > Edit each journal and set the desired access rights.

3.) Context

Each Invoice (based on it's header) may be stored to any context (Folder, Project or Activity). The user must have LIST rights on the context (Project, where the invoice is stored) in order to get the READ (L, V) rights to the invoice. For example, if the user has rights to "Secret Invoices" based on the invoice journal, but does not have L rights to "Super secret project", the user won't see such invoice.

Invoice Approval Rights

Invoice approval rights are administered using Journal settings. The user must have L, V, E rights in order to approve the invoice. The user must NOT have Authorize right in order to use the rights defined by Journal settings. Users having Authorize right (based on invoice ACL) are super users, who may approve or change invoice status to any status ignoring the Journal settings.