D Listing of application roles D.1 OLD Manual Format For references E Deprecated Content

D.2 New Auto Generated roles

account_all: This role combines all GL account and GIFI code rights.
account_create: This role allows creation of new GL accounts.
account_delete: This role allows deletion of GL accounts. Please note that there are only very few circumstances where a GL account can be deleted. Instead of deleting the account, the user is advised to mark the account as ’obsolete’.
account_edit: This role allows modification of GL accounts.
account_link_description_create: This role allows creating new use-cases for GL accounts (so called ”account link descriptions”).
ap_all: This role combines all (batches of) purchase transaction and invoices permissions.
ap_invoice_create: This role allows creation of new purchase invoices (not purchase transactions).
ap_invoice_create_voucher: This role allows creation of batches of new purchase invoices (not purchase transactions).
ap_transaction_all: This role allows creating and viewing purchase transactions and accounts as well as creating attachments.
ap_transaction_create: This role allows creation of purchase transactions (not invoices).
ap_transaction_create_voucher: This role allows creation of batches of new purchase transactions (not invoices).
ap_transaction_list: This role allows viewing of purchase transactions and invoices.
ap_voucher_all: This role allows creation of batches of both purchase transactions and invoices.
ar_all: This role combines all (batches of) sales transaction and invoices permissions.
ar_invoice_create: This role allows creation of new sales invoices (not sales transactions).
ar_invoice_create_voucher: This role allows creation of batches of new sales invoices (not sales transactions).
ar_transaction_all: This role allows creating and viewing sales transactions and accounts as well as creating attachments.
ar_transaction_create: This role allows creation of new sales transactions (not nvoices).
ar_transaction_create_voucher: This role allows creation of batches of new sales transactions (not invoices).
ar_transaction_list: This role allows viewing of sales transactions and invoices.
ar_voucher_all: This role allows creation of batches of both sales transactions and invoices.
assembly_stock: This role allows triggering a stocking action on assemblies.

Stocking assemblies means converting labor and parts to stocked assemblies.
assets_administer: This role combines all assets rights.
assets_approve: This role allows approving the output of the depreciation procedure.
assets_depreciate: This role allows running the asset depreciation procedure.
assets_enter: This role allows creation of new assets.
audit_trail_maintenance: This role grants delete access to the audit trail table.
auditor: This role grants read access to the audit trail table.
base_user: Users need to be given this role in order to be granted access to the database schema which holds all LedgerSMB objects.

This role only allows access to menu items Preferences, Logout, and New Window. The user basically cannot do anything without added additional roles.
batch_create: This role allows creation of new batches and vouchers.
batch_list: This role allows listing existing batches.
batch_post: This role allows posting batches of e.g. transactions, payments and invoices.
budget_approve: This role allows searching, viewing and approving of budgets.
budget_enter: This role allows creation and updating of budgets.
budget_obsolete: This role allows searching and viewing budgets as well as marking them obsolete (=no longer applicable).
budget_view: This role allows searching and viewing of budgets.
business_type_all: This role combines the create and edit righs for ’type of business’ classes.
business_type_create: This role allows creation of new ’type of business’ classes.
business_type_edit: This role allows modification of ’type of business’ classes.
business_units_manage: This role allows searching, viewing, creation and editing of business (reporting) classes and their members.
cash_all: This role combines the all reconciliation rights with the rights to enter payments and receipts.
contact_all_rights: This role combines all ’contact_class_ $\ast$ ’ and ’contact_ $\ast$ ’ roles and grants all access rights to all contact classes.
contact_class_cold_lead: This role allows access to cold sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_contact: This role allows access to contact data (e-mail, phone, etc) of all kinds of contacts (customer/vendor/…). Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_customer: This role allows access to customer contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_employee: This role allows access to employee contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_hot_lead: This role allows access to hot sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_lead: This role allows access to sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_referral: This role allows access to referral contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_robot: This role allows access to robot (automated process, acting on behalf of…) contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_sub_contractor: This role allows access to subcontractor contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_vendor: This role allows access to vendor contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_create: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows creation of new entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_create-role does not provide any rights.
contact_delete: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows removal of existing entities, persons and companies (contacts).

Note that in order to be able to search for contacts to be deleted, the user needs to be assigned the ’contact_read’ role.

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_delete-role does not provide any rights.
contact_edit: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows editing of existing entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_edit-role does not provide any rights.
contact_read: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows searching and viewing entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.
country_all: This role combines all rights for countries.
country_create: This role allows creation of new countries.
country_edit: This role allows modification of countries.
draft_modify: This role allows modification of existing draft (= saved) transactions.
draft_post: This role allows posting of saved transactions to the ledger.
employees_manage: This role allows creation, updating and searching of employees.
exchangerate_edit: This role allows searching, viewing and editing of currencies, exchange rates and exchange rate types.
file_attach_eca: This role allows attaching files to entity credit accounts (customers/vendors).
file_attach_entity: This role allows attaching files to entities (contacts).
file_attach_order: This role allows attaching files to orders and quotes.
file_attach_part: This role allows attaching files to goods and services.
file_attach_tx: This role allows attaching files to transactions and invoices.
file_read: This role allows reading of files attachments and files uploaded through the system menu.
file_upload: This role allows uploading of files through the system menu.
financial_reports: This role allows running of financial reports: Income Statement, Balance Sheet, Trial Balance and Inventory & COGS.
gifi_create: This role allows creation of new GIFI codes.
gifi_edit: This role allows modification of GIFI codes.
gl_all: This role combines GL transaction and batch creation with GL reporting and year-end processing.
gl_reports: This role allows searching transactions in the general ledger.
gl_transaction_create: This role allows creation of new and updating of saved GL transactions.
gl_voucher_create: This role allows creation of batches of GL transactions.
inventory_adjust: This role allows adjusting inventory by creating inventory adjustment reports.
inventory_all: This role grants all rights to manage warehouse configuration, stock receipt, shipping and transfer.
inventory_approve: This role allows confirmation of inventory adjustments by approval of inventory adjustment reports.
inventory_receive: This role allows receiving of parts into stock.
inventory_reports: This role allows searching for and reading existing inventory adjustment reports.
inventory_ship: This role allows shipping of stocked parts.
inventory_transfer: This role allows moving stock between warehouses.
language_create: This role allows creation of new languages.
language_edit: This role allows modification of languages.
orders_generate: This role combines the rights to generate orders from time cards, purchase orders from sales orders and consolidate (purchase and sales) orders.
orders_manage: This role combines all order generation and consolidation rights.
orders_purchase_consolidate: This role allows generating consolidated purchase orders from multiple outstanding purchase orders.
orders_sales_consolidate: This role allows generating consolidated sales orders from multiple outstanding sales orders.
orders_sales_to_purchase: This role allows generating purchase orders from sales orders.
part_create: This role allows creation of new parts.

So as to let the user of this role see/manage pricing per customer, this role includes the ability to read contacts.
part_delete: This role allows deletion of existing parts.
part_edit: This role allows changing existing parts.
payment_process: This role allows entry of payments to vendors.
pricegroup_create: This role allows creation of new price groups.
pricegroup_edit: This role allows changing existing price groups.
purchase_order_create: This role allows creating purchase orders.
purchase_order_delete: This role allows (searching for and) deleting existing purchase orders.
purchase_order_edit: This role allows (searching for and) modifying existing purchase orders.
purchase_order_list: This role allows searching and viewing sales orders.
receipt_process: This role allows entry of receipts from customers.
reconciliation_all: This role combines creation, updating and approval rights for reconciliation reports.
reconciliation_approve: This role allows approval of reconciliation reports.
reconciliation_enter: This role allows creation and updating of reconciliation reports.
recurring: This role allows access to the Recurring Transactions menu; it does not grant rights to list or create transactions.
rfq_create: This role allows creating (purchase) requests for quotation.
rfq_delete: This role allows (searching for and) deleting existing requests for quotation.
rfq_list: This role allows searching and viewing (purchase) requests for quotation.
sales_order_create: This role allows creating sales orders.
sales_order_delete: This role allows (searching for and) deleting existing sales orders.
sales_order_edit: This role allows (searching for and) modifying existing sales orders.
sales_order_list: This role allows searching and viewing sales orders.
sales_quotation_create: This role allows creating sales quotations.
sales_quotation_delete: This role allows (searching for and) deleting existing sales quotations.
sales_quotation_list: This role allows searching and viewing sales quotations.
sic_all: This role combines all rights for Standardized Industry Codes (SIC).
sic_create: This role allows creation of new Standardized Industry Codes (SIC).
sic_edit: This role allows modification of Standardized Industry Codes (SIC).
system_admin: This role combines the rights to manage settings, GL accounts, types of business, SIC, users and tax forms.
system_settings_change: This role allow changing items in the System > Defaults menu.
system_settings_list: This role allows viewing items in the System > Defaults menu.
tax_form_save: This role allows modification of tax forms.
taxes_set: This role allows changing tax rates on tax accounts.
template_edit: This role allows modification of document (e.g. invoice) templates.
timecard_add: This role allows adding time cards for which it needs read access to customers.
timecard_list: This role allows viewing the list of time cards; for which it needs read access to customers.
timecard_order_generate: This role allows generating orders from time cards.
transaction_template_delete: This role allows deletion of template (i.e. unposted) transactions.
translation_create: This role allows creation of translations for parts, parts groups and reporting units.
users_manage: This role allows addition and removal of users to the current company.
voucher_delete: This role allows deletion of vouchers (i.e. groups of e.g. payments).
warehouse_create: This role allows creation of (configuration of) new warehouses.
warehouse_edit: This role allows updating of (configuration of) existing warehouses.
yearend_reopen: This role allows undoing a prior year-end run by reversing the year-end transaction.
yearend_run: This role allows running the year-end process, i.e. clearing the P&L.