The beauty of Lightyear is the control over user permissions to maintain privacy and security across the business.
Security Measures
Adding & Editing Users
Only users with Parent Admin or Company Admin permissions are able to access the Users page (located within Settings). This means only an Admin of an account can add or remove users, and edit each individual users permissions, limiting what each person can see.
2 Factor Authentication
2FA can be turned on at an account level, adding an extra level of security for users, or on an individual level per user. For more information on how to set this up, click here.
2FA means users logging in will require a passcode to be entered, which is received through text. This provides a second level of security for users when logging in, beyond what a single Password can provide.
Departmental View
If you need to have multiple users viewing the Approvals/Purchase Orders Workflow, but need to restrict the specific suppliers/documents they see, you can set up your Lightyear to use Departments.
If a user is in a Department, within Approvals or Purchase Orders, they will only be able to view specific suppliers that they have been assigned to. Users who are not in the Department won't see the suppliers documents at all, like they don't exist.
This feature is only editable by Parent Admins and Company Admins.
Please Note: When viewing in the Archive, only users with Bill Permissions will see the applicable Departments.
Settings
There are some areas of the Lightyear app that are only viewable by certain users.
A Company Admin has access to the Users page, as mentioned above. On top of this, they have access to the Company Settings page which is where the main account settings are established. These include the General Settings (Approval Workflow set up, Email customisation, Inventory, Keywords, etc.) and Purchase Order Settings (Logos, Ts&Cs, Matching Rules, Email Settings, etc.).
A Parent Admin will have access to the Parent Dashboard, giving an overview of all child companies within their structure. They are the only users who can view the Billing on these accounts and access the Users/Companies page - which gives information on all child accounts and client users, allowing the Parent Admin to move users in and out of accounts. The Parent Admin will also have access to what's available to the Company Admin.
Permissions Matrix
Here, we've laid out the permissions and what they would have access to based on the combination of rights you want to assign a user.
Have a look below (or click on the pdf attached to this article) and you can proceed to invite your team
Click on the image below for a full screen version.
Permissions by Roles
AP Roles
Company Admin: This role gives you full admin rights and access to all features within Lightyear such as:
Company Settings
Accounting Software
Inventory
User Management
Billing
Dashboards
Processing
Expenses
Purchase Orders
Bills
Approvals
Manage Disputes
Export Data
Archive
Statements
Suppliers
Products
Departments
Tasks
Notifications
Profile Settings
Please Note: If Departments are activated, this permission will see all documents.
Approval Task & Archive: This role gives you Read Only access to the documents via the Archive, Statements, Notifications, Profile Settings and allows users to action Approval Tasks assigned to them.
Therefore, no changes can be made to the document data from within the approvals workflow. This user can only view documents, run reports via the Archive and leave notes on documents.
Please Note: If Departments are activated, this permission will see all documents in the Lightyear company, not just the ones assigned to them.
The user will be able to edit document data via tasks if Edit Approval Tasks has been ticked.
Approval Task Only: This roles limits the view to Approval Tasks assigned to the user. They will also be able to access Notifications and Profile Settings. By default, the user cannot edit document data but can indirectly impact documents in the workflows by Approving, Rejecting, Un-assigning, Re-assigning, Disputing and leaving Notes.
Please Note: If the user has been assigned Edit Approval Tasks permissions on this role, they can edit the document data directly.
Standard User: This role is the most customisable allowing you to combine permissions below:
Approver - Can edit and approve documents in the Approval tab but cannot Sign Off/Export. If Departments are activated, users who are solely provided Approver permissions will only be able to see the Departments they are assigned to.
Review & Export - Cannot Approve documents but can edit and Sign Off/Export data within the Review and Signed Off tabs. Users with this permission will automatically be allocated to every department and cannot be removed.
Processing - Allows the user to request and apply maps in Processing and send through to Approvals, Purchase Orders, depending on the document. Users with this permission will automatically be allocated to every department and cannot be removed.
PO Matching - This permission will only appear for those activating POs. This allows you to view all bills/POs to complete 3 way matching.
PO Roles
If you have POs enabled, you will see additional PO specific Permissions. These can be combined using the below permissions:
Create:
View: All Open, Drafts, PO Approval, Approved, Ordered, Completed Tabs, Tasks, Notifications, Profile Settings
Actions: Create/Edit POs, Create/Edit Draft POs, Send items awaiting Approval back to Drafts, Copy POs, Delete POs (prior to Ordered)
Approve:
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Tasks, Notifications, Profile Settings
Actions: Approve, Send items back to Approvals, Delete POs (prior to Ordered)
Order:
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Tasks, Notifications, Profile Settings
Actions: Order Now, Default permission gives View Only (unless Edit/Void after Order permissions have been ticked to combine)
Receive:
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Tasks, Notifications, Profile Settings
Actions: Receive Goods, Default permission gives View Only (unless Edit/Void after Order permissions have been ticked to combine)
Complete:
View: All Open, PO Approval, Approved, Ordered, Completed Tabs, Tasks, Notifications, Profile Settings
Actions: Mark as Completed, Send items back to Ordered, Default permission gives View Only (unless Edit/Void after Order permissions have been ticked to combine)
Void after Order: After an order has been approved and ordered, this permission allows the user to Void the PO
Edit after Order: After an order has been approved and ordered, this permission allows the user to Edit the PO
Restrict Visibility: This defaults as off but combined with this permission, you are restricting the user to see only the POs they have personally raised no matter what department they are assigned.
Expense Roles
If you have Expenses enabled, you will see additional Expense specific Permissions. These can be combined using the below permissions:
Admin:
View: All Expenses and Expense Reports, Draft, Submitted, Pending Approval, Approved, Scheduled, Reimbursed, Tasks, Notifications, Profile Settings
Actions: Create/Edit Expenses, Create/Edit Expense Reports, Send for Approval, Delete Expenses, Delete Expense Reports, Export Expense Reports, Schedule Expense Reports, Reimburse Expense Reports, Close Expense Reports
Submit:
View: All Expenses and Expense Reports, Draft, Submitted, Pending Approval, Approved, Scheduled, Reimbursed, Tasks, Notifications, Profile Settings
Actions: Create/Edit Expenses, Create/Edit Expense Reports, Send for Approval, Delete Expenses, Delete Expense Reports, Export Expense Reports, Schedule Expense Reports, Reimburse Expense Reports, Close Expense Reports
Export, Schedule & Reimburse:
View: Submitted, Pending Approval, Approved, Scheduled, Reimbursed, Tasks, Notifications, Profile Settings
Actions: Delete Expenses, Delete Expense Reports, Export Expense Reports, Schedule Expense Reports, Reimburse Expense Reports, Close Expense Reports
View All: This defaults as off for Submit users but combined with this permission, you are restricting the user to see only the Expenses they have personally raised no matter what department they are assigned.
Archive Roles
Archive Roles can be granted to any user with the Standard User permission. By default these will be off, and you can enable them across Lightyear to allow users to see specific documents. These can be chosen between:
Bill Archive
Purchase Order Archive
Expense Archive
If a user has only Bill Archive, they will only see Bills/Credit Notes/Receipts, and will not see any POs/Expenses/Expense Reports without either of the other two permissions enabled.
Please Note: If you have Approval Task and Archive, or Admin, these will be selected by default, giving you access to all documents within your account.
Statements Role
The Statements Roles can be granted to any user with the Standard User permission. By default this will be off, and you can enable it to allow users to see Statements. These can be chosen between.
If a user has only a PO Role, they will not have access to view Statements unless this is explicitly selected.
Other Permissions
Edit Approval Tasks: In conjunction to all the permissions above, you have the option to grant Edit Approval Tasks permissions. This permission allows the user to update Panel 2 details from their Tasks view. If this option is not ticked, then the user will be able to see the document data but details will be locked down. Users will need to advise changes via other means if required e.g. notes.
Edit Supplier Bank Details: If your account has Bank Details Checker activated under Company Settings, this permission will present allowing the user to edit bank details as required. Without this permission ticked, the user can only view the bank details.