Permission Keys & Roles
How permissions work in Access Setting, with sample role recipes for Counter Staff, Cashier, Stock Keeper, Accountant, Manager and Admin.
Permission keys
Every action in ZN ERP is gated by a permission key. Keys are organised by module and granted (or denied) per user — or, more efficiently, per role.
Permissions are managed under Administration › Access Setting — see How to Manage User Access for the step-by-step.
Permission groups
Within each module, permissions are split into the same standard verbs:
| Verb | What it unlocks |
|---|---|
| View | Open the screen, view records and run reports. No data change possible. |
| Add | Create new records / documents (requires View). |
| Edit | Modify existing records (requires View). |
| Delete | Permanently remove records — usually limited to admins. |
| Approve | Approve draft documents (PO, Stock Adjustment, Production Order). |
| Post | Convert a draft into a posted document (affects ledger / stock). |
| Cancel | Void a posted document. |
| Send a document to the printer or export it to PDF. | |
| Export | Export grid / report data to Excel. |
| Override | Bypass certain validations (negative stock, over-credit-limit, back-dated entry, etc.). |
Sample role recipes
Counter Staff
Front-of-house, raising retail invoices and accepting payments only.
- Sales Invoice — View, Add, Print.
- Receipt — View, Add, Print.
- Items — View (no Edit).
- Customers — View, Add (no Edit beyond the basics).
- Reports — Sales Day Book (View, Print).
- Deny: anything in Accounts, HR, Setup, Utility.
Cashier
Counter staff plus end-of-day cash handling.
- Everything in Counter Staff.
- Payment Voucher — View, Add (petty cash only).
- Cash Book — View, Print.
- Day Closure — Add (close cash counter at end of day).
Stock Keeper
Handles receiving, transfers and physical counts.
- Goods Receipt — View, Add, Print.
- Stock Transfer — View, Add, Print.
- Stock Adjustment — View, Add (Approve only for an authorised supervisor).
- Stock Reports — View, Print, Export.
- Items — View (no Edit).
Accountant
Books, banking and statutory.
- All Accounts & Finance — View, Add, Edit, Post, Print, Export.
- Bank Reconciliation — full access.
- GST Reports — View, Print, Export.
- Sales / Purchase — View, Edit (corrections), Cancel.
- Day Closure — Add.
Manager
Approvals, reports, and oversight — no daily data entry.
- All modules — View, Print, Export.
- PO / Production Order / Stock Adjustment — Approve.
- Reports & Analysis — full access including Special Reports.
- Deny: Add / Edit / Delete in transactional modules.
Admin
The keys to the kingdom — ideally one or two people only.
- All permissions on all modules including Delete and Override.
- Administration & Setup — full access.
- Utility — Backup, Restore, User Management.
- Access Setting — the only role that can grant / revoke permissions.
Best practices
- Use roles, not user-level overrides — grant permissions to a role, then assign users to that role. A user who changes job changes role; you do not have to re-grant 80 permissions.
- Separate Approve from Add — the person raising a PO should not be the same person approving it. Use the Approve permission to enforce this.
- Audit Delete — grant Delete to almost nobody. Most "deletes" should be Cancellations, which leave an audit trail.
- Restrict Override — only senior staff should be able to override negative-stock or credit-limit checks. Otherwise the controls are theatre.
- Lock backdated entry — grant Backdated Entry only to the accountant, and only for the period being closed.
Related
- How to Manage User Access — step-by-step for adding a user and assigning a role.
- How to Reset a Forgotten Password.
- System Menu Numbers — permissions are keyed against these numbers.