User types and permissions

A specific user might not be able to do all the things defined for their user type. The things a user can do also depend on the permissions that are assigned to the user. Further, a user cannot do things that are not allowed for their user type, even if the user is assigned permissions to do those things.

Example:

• You have a user with the Employee user type, which does not allow users to edit customers in Accounts Receivable. The user is assigned a role with permissions to edit customers. Even though the user has permission to edit customers, they cannot edit customers because their user type does not allow it.

User-based permissions and user types

If you have not enabled roles in your company, your company employs user-based permissions. With this permissions model, each user or user group has its own set of permissions.

Here's how it works:

1. When you create a user, the user type that you select sets the maximum number of features that this user can access.
2. When you assign permissions to a particular user, your selections further specify what that user can see and do. For example, although a business user can have unlimited access within your company, you might restrict a particular user by reducing their permissions based on their business function.

Role-based permissions and user types

If you've enabled roles in your company, you use role-based permissions. With this permissions model, you can define a set of roles that are shared by multiple users or user groups. For example, you can define an AP Clerk role that includes permissions to enter and pay AP purchase invoices.

Because a role can be assigned to multiple users, the list of permissions in a role can include more than what's available for certain user types. However, users are still restricted to only features that are defined by their user type.