How to manage user roles permissions on Xero

intermediate 8 min read Updated 2026-03-18

Quick Answer

Managing user roles and permissions in Xero involves accessing the Settings menu, navigating to Users, and configuring specific access levels for each team member. You can assign predefined roles or create custom permissions to control what users can view, edit, or approve in your accounting system.

Try Xero Full Xero Review

Prerequisites

Xero organization administrator access
Active Xero subscription with multi-user capabilities
Knowledge of your team's accounting responsibilities
Understanding of accounting principles and data sensitivity

Step-by-Step Instructions

Access User Management Settings

Log into your Xero account and click on Settings in the main navigation menu. From the dropdown, select Users to access the user management dashboard where you can view all current users and their assigned roles.

Ensure you're logged in as an organization administrator to access all user management features.

Review Current Users and Roles

In the Users section, review the list of current users and their assigned roles. Click on any user's name to view their current permissions. Note the different role types: Standard, Advisor, Read Only, and Invoice Only. Each role has predefined permission sets that determine access levels.

Document existing permissions before making changes to ensure you can restore settings if needed.

Modify User Permissions

To change a user's role, click on their name and select Edit User. In the permissions section, choose from predefined roles or select Custom to create specific permission combinations. Configure access to areas like Contacts, Bank Accounts, Reports, Settings, and Payroll by checking or unchecking the appropriate boxes.

Use the principle of least privilege - only grant the minimum permissions necessary for each user's job function.

Set Financial Approval Limits

For users who can create or approve transactions, set spending limits by clicking Financial Settings in their user profile. Configure Purchase Order Limits, Bill Approval Limits, and Payment Authorization Levels. Enter specific dollar amounts or select No Limit for trusted administrators.

Consider implementing a dual approval system for high-value transactions by setting appropriate limits.

Configure Report Access Levels

In the user's permission settings, navigate to the Reports section. Control access to sensitive financial reports by selecting specific report categories. You can grant access to Basic Reports, Detailed Financial Reports, Management Reports, or All Reports depending on the user's role and responsibilities.

Enable Two-Factor Authentication

For enhanced security, require two-factor authentication for users with elevated permissions. In the user settings, check Require Two-Factor Authentication and select the preferred method: SMS, Authenticator App, or Email. This adds an extra security layer for accessing sensitive financial data.

Mandate 2FA for all users with Standard or Advisor roles to protect against unauthorized access.

Set Up Role-Based Notifications

Configure email notifications based on user roles by accessing Notification Settings in each user's profile. Enable relevant alerts such as Invoice Approvals, Payment Notifications, Bank Feed Updates, and Report Generation. Customize frequency settings to avoid notification overload while maintaining accountability.

Tailor notifications to each user's responsibilities to improve workflow efficiency and response times.

Save and Test User Permissions

After configuring all permissions, click Save Changes and notify affected users of their updated access levels. Test the permissions by having users log in and verify they can access appropriate features while being restricted from unauthorized areas. Document the permission structure for future reference and compliance audits.

Create a permission matrix document that maps user roles to specific Xero features for easy reference and onboarding.

Common Issues & Troubleshooting

User cannot access required features after permission changes

Check if the user's role has the necessary permissions enabled. Go to Settings > Users, edit the user, and verify all required permission checkboxes are selected. Allow 5-10 minutes for changes to take effect, then ask the user to log out and back in.

Unable to modify permissions for certain users

Ensure you have administrator privileges and the user isn't the primary account holder. Only organization administrators can modify user permissions. If the user is an external advisor, they may need to adjust permissions from their own Xero account.

Two-factor authentication setup failing for users

Verify the user's contact information is current in their profile. For SMS 2FA, confirm the phone number is correct and can receive texts. For authenticator apps, provide step-by-step setup instructions and ensure time synchronization is accurate on their device.

Custom permission combinations not saving properly

Clear your browser cache and try again. Ensure you're not mixing conflicting permissions (like giving read-only access while enabling transaction creation). Save permissions one section at a time rather than making multiple changes simultaneously.

Prices mentioned in this guide are pulled from current plan data and may change. Always verify on the official Xero website before purchasing.

Visit Xero View Xero Pricing