Roles control the access for a Nexonia user - what modules can they access, what read and edit permission they may have, which approval process should they be routed through. You could also use the role and filter which expense categories a user group “role” would have access to. Each User record requires a Role.
Roles are found under Settings > Users > Roles.
When you create a Nexonia account, it’s created with the default Administrator and User roles. You can modify these roles and create new roles, such as a Manager role with enhanced permission, a Finance User with limited administrative permission or a Reporting role with full reporting permission.
Note: you do not have to create a specific role for approver. The permission to approve expenses is driven by the approval process.
- To modify a role, click on the Modify (pencil) icon to the left of the Role name.
- To create a role, click the Add icon
We’ll go through the settings for roles, and cover some specific role permissions you may want to create.
Role Configuration
Roles have 4 tabs to them:
- General: general settings for the role
- Access Levels: this defines the access permissions for this role
- Cutoffs: (rarely used) creates lockout periods for this role
- Approvals: defines the approval routing for this role
General Settings
Role Name: name of role
Description: description of role
Interface theme: you can link the role to a specific interface theme. This way, you could create different interface themes to reflect specific branding or labels you want for a specific group
Don’t show “Approve” and “Reject” in the approvals report listing: this changes the Approval module for this role so that they don’t see the default Approve or Reject buttons at the Pending Approvals Queue level – this means they can’t do a quick approval, but must open the report and approve or reject from within the report. This would be used if you want to ensure approvers are opening and reviewing the items within the reports
Reassign Approval Enabled: allows users with this role to reassign submitted expenses that are pending their approval to a different approver
Access Levels (Permissions)
The Access Levels tab controls what the system permissions are for this role.
Features controls which modules this role can access and what permission they have. Above, we see the default for the User role.
Permission can be:
- None – no permission
- Edit – this means they can use the module
- Read – this is Read Only permission. This means you can see information but not alter it This can be useful as Read Only information can be pulled into the Reporting tool
In this example, this role can create Expense Reports for themselves, and has Read Only permission to view their subordinates' (users who report to them) expenses.
Under All Users there is an extra permission available: Administration. This would grant the role Administration rights. THIS SHOULD BE GIVEN SPARINGLY. This permission allows this role to modify items regardless of their status and bypass any policy rules in the system, such as submit blockers.
Note: Approvers only need an Approval: Edit permission to access the Approvals module and approve items assigned to them for approval. The default User role here would work for both expense report submitters and approvers.
Configuration are administrative permissions, or ones shared with enhanced users, such as a Finance Administrator or Reporting user
Customers & Projects: access to the Customers module – Edit would mean that this role can create new customers and projects
Manager (Project): access to Projects within the Customers module, but only for those projects where the user is listed as the Project Manager within the project
Users: access to the Users tab (Users, Roles, Approval) within the Settings
Company: access to the Company tab (Features, Expenses, Notifications, Financial) within the Settings
HR Data: access to see and edit any User custom fields marked as “HR Data”
Reports: access to the Reporting module. The permissions are:
None: no access to the Reporting module
Run: access to the Reporting module, but can only run existing report templates
Design: access to the Reporting module, and can run reports and design their own reporting templates
Share: access to the Reporting module, can run reports and design their own reporting templates, as well as share reporting templates with other users
Note: this setting controls access to the reporting tool. The data that can be pulled in the reports is controlled by the permissions in the above Features section. So, if this role needs to run reports for everyone’s data, they’d need All Users – Read permission as well.
Integration: access to the Integration module where the export integrations are
None: no access to the Integration module
Read: access to the Integration module, but Read Only permission
Run: access to the Integration module and can run any integrations, such as the export generation
Edit: access to the Integration module and can run any integrations, as well as modify any integration settings
Cards: access to the Cards Gateway, where they can manage credit card programs.
None: no access to the Cards Gateway.
Read: access to the Cards Gateway, where they can view the list of Cards and Card Programs.
Edit: access to the Cards gateway, and can re-sync, add, or remove Card Programs.
Can manage ship-tos: not relevant to Expenses, leave at “None”
Sample Role Configurations
Finance Role - this type of role would be able to run reports on any user data for expenses and modify expense policy rules:
Section |
Setting |
Permission |
Expense Reports/Approvals |
All Users |
Read |
Configuration |
Company |
Read or Edit (if they need to be able to modify expense policy rules or link credit cards to users) |
Configuration |
Reports |
Design, or Share (full permission) |
Reporting Role - this type of role would be able to run reports on any user data for expenses:
Section |
Setting |
Permission |
Expense Reports/Approvals |
All Users |
Read |
Configuration |
Reports |
Design, or Share (full permission) |
Human Resources Role - this role would be able to modify User records only:
Section |
Setting |
Permission |
Configuration |
Users |
Edit |
Configuration |
HR Data |
Edit |
Project Managers - this role would be able to view expenses related to any projects they're assigned to as Project Manager:
Section |
Setting |
Permission |
Expense Reports |
Project Team |
Read |
Configuration |
Manager (Projects): |
Edit |
Configuration |
Reports |
Design, or Share (full permission) |
Auditor Role - this role would have read-only permission to run or build reports:
Section |
Setting |
Permission |
Expense Reports/Approvals |
Self |
None |
Expense Reports/Approvals |
All Users |
Read |
Configuration |
Reports |
Design, or Share (full permission) |
Cutoffs (Lockout Periods)
Cutoffs can be configured if you want to prevent the creation of expenses older than a particular period.
Choose the lockout period and when it will be effective. In our example, we've set a rule that expenses can’t be older than 10 business days.
Below is what a user would see if they tried to draft an expense earlier than the cutoff:
Approvals (Routing)
This tab is used to set which approval process items should be submitted through for this role.
If you only have one approval process set, it would be the default. But if you have different approval processes for different modules or groups, you would set the workflow here:
Submission Comment: if you require a comment upon submission of the expense, you can make it optional or required
Approval: which approval process should this role be routed through
Submission Prompt: if you want a message to be displayed to the users before they click “OK” to submit, you can enter that text here. For example: “By submitting this expense report, I acknowledge…”
Comments
0 comments
Article is closed for comments.