
Dolibarr is an open-source ERP and CRM widely used by businesses to manage their commercial, accounting, and logistics activities. One of the key aspects of ensuring efficient and secure management is controlling user rights and permissions.
Poorly managed access rights can expose a company to security risks, such as accidental data deletion, unauthorized modifications, or inappropriate access to sensitive information. In this article, we detail best practices for configuring and managing user permissions in Dolibarr.
1. Understanding Dolibarr’s Permission System
Dolibarr uses a user and group management system, allowing you to assign specific roles to each user. It is possible to restrict access to modules, define authorization levels, and control the actions users can perform.
Key concepts of Dolibarr permissions
- Users: Each individual with an account in Dolibarr.
- Groups: A set of users sharing the same rights.
- Modules: Dolibarr is organized into modules (invoicing, accounting, CRM, etc.), each of which can have specific access restrictions.
- Access rights: Permissions that allow or limit certain actions for a user or group.
Example: An accountant may have access only to the Invoicing and Accounting modules, while a salesperson may only access the CRM and Quotations modules.
2. Adding and Configuring a User in Dolibarr
Adding a new user is done from the Administration → Users & Groups menu.
Steps to add a user
- Go to Home → Users & Groups.
- Click on New User.
- Enter the user’s details: name, surname, email, login, and password.
- Assign one or more groups to the user.
- Define the user’s permissions.
- Click Save to confirm.
It is recommended to use strong passwords and enable two-factor authentication if available.
3. Managing User Groups
Using groups simplifies permission management. Instead of modifying rights user by user, permissions can be set at the group level, and users can be added accordingly.
Advantages of user groups
- Faster and more consistent permission management.
- Easier to add or remove users from a group.
- Better organization for teams (e.g., groups like "Sales," "Accounting," "Management").
How to create a user group?
- Go to Administration → Users & Groups.
- Click on New Group.
- Assign a name to the group (e.g., "Sales," "Customer Support").
- Add the relevant users.
- Assign specific permissions.
A user can be assigned to multiple groups to combine different access levels.
4. Defining User and Group Permissions
Dolibarr allows you to assign precise permissions to each user or group.
Examples of permissions
- Read-only: The user can view but not modify or delete data.
- Modify: The user can edit data but not delete it.
- Delete: The user can remove records in a given module.
- Create: The user can add new entries to Dolibarr.
How to configure permissions?
- Go to Users & Groups.
- Select a user or group.
- Click on the Permissions tab.
- Enable or disable the desired rights for each module.
- Click Save.
Example: A sales manager can create and modify quotations but cannot validate them without approval. A customer support agent can view support tickets but cannot edit billing details.
5. Restricting Access to Sensitive Modules
Some modules contain confidential information, such as financial or payroll data. It is crucial to limit access to these modules to authorized personnel only.
Modules that should have restricted access
- Accounting (access to invoices, payments, financial reports).
- Human Resources (access to payroll records, contracts).
- Administration (system settings and critical configurations).
Only administrators should have full access to the administration interface.
6. Monitoring User Activity
To prevent errors or fraud attempts, Dolibarr includes an activity log that tracks user actions.
How to access activity logs?
- Go to Administration → Security → Event Logs.
- Filter by date, user, or module.
- Review actions performed, such as modifications, deletions, and logins.
It is advisable to enable notifications to be alerted of suspicious activities, such as multiple failed login attempts.
7. Best Practices for Securing User Accounts
- Enable HTTPS to secure connections.
- Require strong passwords (minimum length, special characters).
- Limit failed login attempts to prevent brute force attacks.
- Deactivate inactive accounts to minimize unauthorized access risks.
- Use two-factor authentication (2FA) if available.
Conclusion
Managing user rights and permissions in Dolibarr is a key factor in security and organization within a company. By properly defining access levels and monitoring user activity, you ensure a secure and efficient use of the ERP system.
Summary of key steps
- Create users with appropriate permissions.
- Use groups to simplify rights management.
- Assign specific permissions per module.
- Restrict access to sensitive modules.
- Monitor user activity to detect anomalies.
- Apply security best practices to protect accounts.