The beauty of Lightyear is the control over user permissions to maintain privacy and security across the business.
Security Measures
Adding & Editing Users
Only users with Parent Admin or Company Admin permissions are able to access the Users page (located within Settings). This means only an Admin of an account can add or remove users, and edit each individual users permissions, limiting what each person can see.
2 Factor Authentication
2FA can be turned on at an account level, adding an extra level of security for users, or on an individual level per user. For more information on how to set this up, click here.
2FA means users logging in will require a passcode to be entered, which is received through text. This provides a second level of security for users when logging in, beyond what a single Password can provide.
Departmental View
If you need to have multiple users viewing the Approvals/Purchase Orders Workflow, but need to restrict the specific suppliers/documents they see, you can set up your Lightyear to use Departments.
If a user is in a Department, within Approvals or Purchase Orders, they will only be able to view specific suppliers that they have been assigned to. Users who are not in the Department won't see the suppliers documents at all, like they don't exist.
This feature is only editable by Parent Admins and Company Admins.
Note: When viewing in the Archive, only users with Bill Permissions will see the applicable Departments.
Settings
There are some areas of the Lightyear app that are only viewable by certain users.
A Company Admin has access to the Users page, as mentioned above. On top of this, they have access to the Company Settings page which is where the main account settings are established. These include the General Settings (Approval Workflow set up, Email customisation, Inventory, Keywords, etc.) and Purchase Order Settings (Logos, Ts&Cs, Matching Rules, Email Settings, etc.).
A Parent Admin will have access to the Parent Dashboard, giving an overview of all child companies within their structure. They are the only users who can view the Billing on these accounts and access the Users/Companies page - which gives information on all child accounts and client users, allowing the Parent Admin to move users in and out of accounts. The Parent Admin will also have access to what's available to the Company Admin.
Permissions Matrix
Here, we've laid out the permissions and what they would have access to based on the combination of rights you want to assign a user.
Have a look below (or click on the pdf attached to this article) and you can proceed to invite your team
Click to enlarge or download the attachment.
Permissions by Roles
AP Roles
Company Admin --- This role gives you full admin rights and access to all features within Lightyear such as -- Company Settings, Accounting Software, Inventory, User Management, Billing, Dashboards, Processing, Purchase Orders, Bills, Approvals, Manage Disputes, Export data, Archive, Statements, Suppliers, Products, Departments, Tasks, Notifications, Profile settings
Note: If Departments are activated, this permission will see all documents.
Approval Task & Archive --- This role gives you Read Only access to the documents via the Archive, Statements, Notifications, Profile Settings and allows users to action Approval Tasks assigned to them.
Therefore, no changes can be made to the document data from within the approvals workflow. This user can only view documents, run reports via the Archive and leave notes on documents.
Note: If Departments are activated, this permission will see all documents in the Lightyear company, not just the ones assigned to them.
The user will be able to edit document data via tasks if Edit Approval Tasks has been ticked.
Approval Task Only --- This roles limits the view to Approval Tasks assigned to the user. They will also be able to access Notifications and Profile Settings. By default, the user cannot edit document data but can indirectly impact documents in the workflows by Approving, Rejecting, Un-assigning, Re-assigning, Disputing and leaving Notes.
Note: If the user has been assigned Edit Approval Tasks permissions on this role, they can edit the document data directly.
Standard User --- This role is the most customisable allowing you to combine permissions below:
Approver - Can edit and approve documents in the Approval tab but cannot Sign Off/Export. If Departments are activated, users who are solely provided Approver permissions will only be able to see the Departments they are assigned to.
Review & Export - Cannot Approve documents but can edit and Sign Off/Export data within the Review and Signed Off tabs. Users with this permission will automatically be allocated to every department and cannot be removed.
Processing - Allows the user to request and apply maps in Processing and send through to Approvals, Statements or Purchase Orders, depending on the document. Users with this permission will automatically be allocated to every department and cannot be removed.
PO Matching - This permission will only appear for those activating POs. This allows you to view all bills/POs to complete 3 way matching.
PO Roles
With PO Permissions, you will be able to combine the below permissions.
Create ---
View: All Open, Drafts, PO Approval, Approved, Ordered, Completed Tabs, Archive, Statements, Tasks, Notifications, Profile Settings
Actions: Create/Edit POs, Create/Edit Draft POs, Send items awaiting Approval back to Drafts, Copy POs, Delete POs (prior to Ordered)
Approve ---
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Archive, Statements, Tasks, Notifications, Profile Settings
Actions: Approve, Send items back to Approvals, Delete POs (prior to Ordered)
Order ---
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Archive, Statements, Tasks, Notifications, Profile Settings
Actions: Order Now, Default permission gives View Only (unless Edit/Void after Order permissions have been ticked to combine)
Receive ---
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Archive, Statements, Tasks, Notifications, Profile Settings
Actions: Receive Goods, Default permission gives View Only (unless Edit/Void after Order permissions have been ticked to combine)
Complete ---
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Archive, Statements, Tasks, Notifications, Profile Settings
Actions: Mark as Completed, Send items back to Ordered, Default permission gives View Only (unless Edit/Void after Order permissions have been ticked to combine)
Void after Order --- After an order has been approved and ordered, this permission allows the user to Void the PO
Edit after Order --- After an order has been approved and ordered, this permission allows the user to Edit the PO
Restrict Visibility --- This defaults as off but combined with this permission, you are restricting the user to see only the POs they have personally raised no matter what department they are assigned.
Warning: If a User only has PO Permissions and is allocated to a Department, within Archive, they will see every Bill regardless of the Department. To lock this down further, the User will need to be given a Bill Permission.
Other Permissions
Edit Approval Tasks --- In conjunction to all the permissions above, you have the option to grant Edit Approval Tasks permissions. This permission allows the user to update Panel 2 details from their Tasks view. If this option is not ticked, then the user will be able to see the document data but details will be locked down. Users will need to advise changes via other means if required e.g. notes.
Edit Supplier Bank Details --- If your account has Bank Details Checker activated under Company Settings, this permission will present allowing the user to edit bank details as required. Without this permission ticked, the user can only view the bank details.