How to Configure User Permissions in Xero

Introduction: The Importance of User Roles and Permissions

Managing user access in Xero is one of the first things you should set up when onboarding your team. Xero’s user roles and permissions system lets you control exactly who can view, edit, and approve financial data across your organisation. Getting this right protects sensitive information, reduces errors, and ensures your team can work efficiently without stepping on each other’s toes.

What Are User Roles and Permissions in Xero?

User roles in Xero define what each person can see and do within your organisation. Every user is assigned a role when they’re invited, and each role comes with a default set of permissions. You can further customise access by toggling specific permissions on or off — for example, allowing a standard user to approve expenses but not view payroll.

Admin User: Full Access to Xero

The admin user has unrestricted access to all Xero settings and features. Admins can invite and remove users, connect bank accounts, approve transactions, manage the subscription, and configure every setting in the organisation. Most businesses should limit admin access to one or two trusted people — typically the business owner and their accountant.

Standard User: The Most Common User Role

Standard users handle day-to-day financial tasks like creating invoices, recording bills, reconciling bank transactions, and submitting expense claims. You can fine-tune their access by enabling or disabling specific permissions such as ‘approve invoices’, ‘view reports’, or ‘manage payroll’. This is the role you’ll assign most often.

Advisor: For Your Accountant or Financial Advisor

The advisor role gives your external accountant or bookkeeper access to your financial data without letting them manage users or billing. Advisors can view and edit transactions, run reports, and prepare tax returns. At JacRox, we typically use the advisor role to manage our clients’ Xero organisations.

Subscriber: Limited to Subscription and Billing

The subscriber role is limited to managing your Xero subscription and payment details. Subscribers cannot access any financial data, reports, or settings. This role is useful when someone other than the business owner handles software billing.

How to Invite a New User to Your Xero Organisation

Adding a new user takes less than two minutes. Here’s how to do it step by step.

Step 1: Go to Settings

Log in to your Xero account. Click the organisation name in the top left, then select Settings > Users from the menu.

Step 2: Click ‘Invite a User’

On the Users page, click the Invite a User button. You’ll see a form asking for the new user’s details.

Step 3: Enter Their Details

Enter the person’s first name, last name, and email address. The email must be unique — each Xero user needs their own login.

Step 4: Assign a Role and Set Permissions

Choose the appropriate user role: Admin, Standard, Advisor, or Invoice Only. For standard users, you can then toggle individual permissions like ‘approve bills’, ‘edit bank transactions’, or ‘access payroll’. Only enable what the person actually needs.

Step 5: Send the Invitation

Click Send Invite. The new user will receive an email with a link to accept the invitation. They’ll need to create a Xero login (or use an existing one) to access your organisation.

How Do I See Who Has Access to My Xero Account?

To view all users with access to your Xero organisation, go to Settings > Users. This page lists every active user, their role, and their email address. You can also see pending invitations that haven’t been accepted yet. It’s good practice to review this list quarterly and remove anyone who no longer needs access — especially former employees or contractors.

Can Two People Have Access to Xero?

Yes. Xero supports multiple users within a single organisation, and there’s no limit to the number of users you can invite. Each person gets their own login credentials, so you can track who made which changes. You can have multiple admins, multiple standard users, and multiple advisors all working in the same organisation simultaneously.

Managing Existing Users: Change Roles or Remove Access

To change an existing user’s role or permissions, go to Settings > Users and click on their name. You can upgrade a standard user to admin, downgrade an admin to standard, or adjust individual permissions. To remove a user entirely, click Remove User — they’ll immediately lose access to your organisation’s data.

Best Practices for Xero User Permissions

• Principle of least privilege — only grant the minimum access each person needs to do their job. Don’t make everyone an admin.
• Separate admin and subscriber roles — the person managing billing shouldn’t necessarily have access to financial data.
• Use the advisor role for your accountant — this gives them the access they need without exposing subscription or user management settings.
• Review access regularly — check your Users list at least quarterly. Remove anyone who’s left the business.
• Enable two-factor authentication — Xero supports 2FA for all users. Turn it on for every account, especially admins.

Still Have Questions? JacRox Can Help

Setting up user roles and permissions correctly is essential for protecting your business data and keeping your Xero organisation running smoothly. Whether you’re adding your first team member or restructuring access across multiple Xero organisations, our team can help.

Ready to get expert help with Xero? Fill out the contact form below and a JacRox team member will be in touch to discuss your needs.

For related reading, explore our articles on how secure Xero accounting software is and managing multiple businesses in Xero. You might also find our guides on Xero audit trail and assurance features and setting up Xero payroll helpful.