In ProcureDesk, roles and privileges work together to determine what users can access and do within the system. Privileges define specific actions that can be performed, while roles are collections of privileges assigned to users. This article will first explain privileges, and then cover how roles are used to manage access for different users.
What Are Privileges?
Privileges in ProcureDesk are granular permissions that define the specific actions a user can perform in the system. These are the foundational building blocks for roles and allow for highly customized access control.
An admin can edit pre-existing privileges or create new ones, depending on the access they want to grant to a user/s. By carefully managing privileges, you ensure that users only have the access they need for their responsibilities.
Common Privileges
Full: Complete access to all activities related to a module (e.g., orders).
Create: Ability to create new documents.
Update/Change: Ability to modify existing documents.
Destroy: Ability to delete documents.
View: Ability to view documents created by self.
View all: Ability to view all documents, regardless of who created them.
Steps to Manage Privileges
Admins can create new privileges or adjust existing ones by following these steps:
Navigate to Configurations > Manage Privileges.
To edit an existing privilege, click on the edit icon.
To create a new privilege, click on the Add Privilege button.
Define what actions the privilege allows, such as viewing, updating, or destroying.
You can name the privilege based on the role if the accesses given in the privilege are specific to a particular role.
What Are Roles?
Roles are collections of one or more privileges that define what actions a user can perform within ProcureDesk. After configuring privileges, the next step is to assign them to roles.
Admins can create new roles or modify existing ones to match the needs of their organization. Each role can be assigned multiple privileges, and users can be assigned one or more roles.
Steps to Manage Roles
Navigate to Configurations > Manage Roles.
Either edit an existing role or create a new role.
Assign one or more privileges to the role. For example, an "Approver" role might have both "View" and "Approve" privileges.
Save the role and assign it to the relevant users.
Standard Roles in ProcureDesk
Admin: Full control over the system, managing users, roles, and system configurations.
Buyer (Purchasing team): Can create purchase orders, manage quotes, and approve purchase requests.
Requestor: Limited to submitting purchase requests or purchase order requests and viewing their status.
Approver: Can review and approve purchase requests, typically with spending limits.
Finance/Accounts Payable: Manages vendor invoices and payments.
Example: Creating a role for the Requestors
Let’s say your organization needs to set up the Requestor role with specific access to create purchase order requests and send them for approval.
Step 1: Create the Privileges
If these privileges don’t already exist, you’ll need to create them:
Navigate to Configurations > Manage Privileges.
Click on the Add Privilege button.
Name the Privilege, for this example, we are naming it "Requestor"
Since the users will be creating "Purchase Order Requests", we will give them the following access under the Orders module:
Users with the requestor role, shall be able to carry out the following functions:Orders - Create, Cancel, Copy, Update, Destroy, View, Blanket Order (ability to create a blanket PO), and Create ASN (Advanced Shipping Notice).
Invoices - Only View access.
Receipts - Create, Update, Destroy, and View.
Reports & Dashboards - Spend View access (Optional)
Suppliers - Update and View all.
Catalogs - Update and View all.
Click on Create Privilege to save.
Step 2: Create the Requestor Role
Go to Configurations > Manage Roles.
Click on Add Role and name the role Requestor.
Assign the privilege created in Step 1.
Save the role.
Step 3: Assign the Role to a User
Once the role is created:
Go to the Users section from the left menu.
Edit the user or users who will hold this role.
Assign the Requestor role to them.
Note: A role can comprise of more than one privilege. It can be "Requestor + Approver" in cases where the user will raise POs but is also an approver for other user/s.Save your changes.