👤 Users in the Company
Location in the application:
Nástroje → Uživatelé ve firmě
(available from version 2025.4.0)
🧩 Purpose of this record
This record contains a list of users who can work with a specific installation of ABRA Flexi.
The list can be filled in:
immediately when creating a new company,
or later after logging in to the company.
When creating a new company, you can access this table through the Company Setup Wizard.
After logging in to the company, open the list from the menu:
Tools → Users in the Company
💡 Tip
It is recommended to set up the user records at the very beginning of working with the company. This prevents a situation where multiple people work under a single account and it becomes impossible to trace who made specific changes.
👑 First user and the administrator role
The person who launched the application for the first time during installation entered their username and password in the First Launch dialog.
This set the credentials for the first accounting user, who also holds the highest level of permissions:
Administrator
The Administrator:
has full rights,
has access to all program options,
can import a license,
can perform license updates,
creates individual users,
sets their passwords,
assigns access rights.
Each user is then required to change their password upon first launching the application.
⚠️ Warning
The first administrator plays a key role across the entire installation. It is recommended that this be a trusted person with sufficient permissions to manage users, licenses, and companies.
🔐 User login
When launching the program, users log in using:
username
password
Individual users may have different access rights to modules and system functions. These restrictions are activated based on their login credentials.
🔄 Adding a user from another company
If you manage accounting for multiple companies, a button is also available in the toolbar: Add user from another company
This option allows you to transfer the following to the selected company:
the user's login name,
the user's password from another company.
In the dialog that appears, select the relevant user and after confirming with the Select button, the information will be displayed.
In the dialog that appears, select the relevant user. After confirming with the "Select" button, the following information will be displayed:
🧾 Main toolbar
To create a new user, you do not necessarily need to be an administrator. It is sufficient for adding new users to be enabled in the user roles.
You can open a new record by:
clicking the New button
or using the keyboard shortcut Alt+N
📝 Basic user information
First, fill in the basic details about the new user. Completing these fields is not mandatory, but it is recommended to have this information entered.
This information appears on every document created by the user. It is used, for example, in the VAT Return in the field Return prepared by.
You can fill in, for example:
Last name
First name
Title
As needed, you can complete several tabs:
Basic information
Login details
Personal certificates
Texts
Administration
📇 "Basic information" tab
This tab allows you to enter the user's basic contact details. Completing this information is not mandatory.
The following fields are available, among others:
Position
Street
City
ZIP code
Country
Phone
Mobile
Fax
E-mail
WWW
We recommend filling in the Phone field. This information is printed in the VAT Return in the Phone field as the contact detail of the person who prepared the return.
If the Phone field is not filled in, the value from the Mobile field is used instead.
💡 Tip
For users who prepare tax returns or communicate with authorities, it is recommended to fill in at least the first name, last name, phone number, and email address.
🔑 "Login details" tab
This tab is the most important one. It is used to enter:
login name,
password,
user type,
user role,
server rights,
data visibility.
👤 Login name
The login name is the name used by the user to log in to the application.
Rules for this field:
the field can contain up to 20 characters
it may only contain:
numbers
alphabet characters without diacritics
it does not need to match the user's last name
The fields on this tab must be completed.
🔒 Password
Each user logs in with their username and password. The password secures access to the data so that unauthorized individuals cannot access it.
Based on the login name and password, it is possible to determine:
who entered data in the system,
who edited records,
who performed specific operations.
Therefore, each user must:
set their own password,
memorize it,
not share it with other people.
The system distinguishes between:
lowercase letters,
uppercase letters.
Recommendations:
a combination of lowercase and uppercase letters,
optionally including digits,
a minimum length of 6 characters,
no diacritics,
no spaces.
A practical way to create a secure password is to think of a sentence and use the first letters or first syllables of each word.
For example, from the sentence:
My parents Petr and Helena live in Prague 5.
a password could be created:
MrPaHbvP5
The password set here can later be changed from the menu:
Tools → Change password
⚠️ Warning
Do not use simple passwords such as 123456, heslo, admin or the user's name. Such passwords pose a security risk.
🔁 Confirm password
This is a verification field. Enter the same password here as in the Password field.
If the values in these two fields differ, you will be notified when saving the user record and the record cannot be saved.
🧭 User type
The user type defines the basic characteristics of access to the application and its data.
The following types are available:
Normal
Intended for users who need to read, modify, and enter data, even if their access may subsequently be restricted.
Read-only
Intended for users who can only read recorded data, without the ability to create, enter, or modify it.
REST API
Intended for virtual users who access only the programming interface, while user interfaces are unavailable to them.
📌 Example
The REST API type is suitable for example for an e-shop, middleware, or an external application that communicates with ABRA Flexi via API but does not log in through the standard user interface.
🛡 User role
From the available list of user roles, select the required access right based on what the user should be able to do after logging in to the system.
If multiple companies are covered under one license and the relevant user works in more than one of them, it is possible to distribute the role to all such companies, provided that the role exists in them.
Only an administrator with the following server rights can configure or revoke this setting:
Access all companies
Assign permissions
🖥 "Server rights" button
Using the Server rights button, you open a form where you can set, via checkboxes, the rights related to companies, users, and licenses for a specific user.
The following rights can be configured, among others:
Create companies
Delete companies
Create users
Change user passwords
Access all companies
Assign permissions
Manage licenses
⚠️ Warning
Server rights have a broader impact than a standard company role. Grant them only to users who genuinely manage companies, users, or licenses.
👁 "Data visibility rights" button
Using this button, you can restrict a selected person's access to certain options or only to specific items.
For example, you can configure the following:
a payroll accountant sees only the payroll section,
different accountants have access only to a specific document type,
different users can only issue documents with a specific posting template,
a warehouse worker has access to only one warehouse.
In the dialog:
select the relevant area on the left,
select specific items on the right,
and then change their property.
The following options are typically available:
View and edit
View only
Inaccessible
🧾 Example: Restricting issued invoice types
In the left panel, select for example the list of issued invoice types.
In the right panel, mark the items whose property you want to change.
Then change their setting from:
View and edit
to:
View only
or Inaccessible
Depending on the setting, the selected user will be able to view only that invoice type, or it will not be accessible to them at all.
Example: Restricting warehouse access for a warehouse worker:
If your company has multiple warehouses, each with its own warehouse worker, and each worker has the Warehouse worker role, you can grant each worker access to only their assigned warehouse.
Steps:
In the left tree structure, click:
Inventory → Receipts/issuesSelect:
List of accessible warehousesThe right panel Item list will display all company warehouses.
Warehouses shown in bold indicate that the warehouse worker can view and edit them.
Select the warehouse to which access should be denied.
In the Item properties section, set:
Inaccessible
That warehouse will no longer appear in bold and the warehouse worker will not have access to it. They will therefore be unable to perform:
receipts,
issues.
After saving the Access rights dialog and reopening it, the changed item will appear in bold in the left panel.
💡 Tip
Data visibility rights are useful when a general role is not sufficient and you need to restrict a user to specific warehouses, document types, or sections of the agenda.
🔐 Right to lock documents and periods
Using the Right to lock documents and periods checkbox, an administrator can delegate the rights for:
locking periods,
to other users.
This is automatically assigned to users with the following access rights:
Administrator
Accountant
⚠️ Warning
This is a sensitive permission. Grant it only to users who are intended to be responsible for closing periods or locking documents.
📜 "Personal certificates" tab
This tab contains a list of certificates for electronic signatures that the user can use to sign documents sent by email.
This tab has its own toolbar with a number of buttons, whose functions are described in the separate chapter "Program controls". You will notice that the New button is missing.
The reason is that personal certificates are not added here, but in a separate menu option:
Tools → Personal certificates
There, the user can add their own personal certificate, which will then appear on the user record in this tab.
📌 Example
If a user wants to sign invoices or other documents with an electronic signature, they must first add a certificate in the Personal certificates agenda. Only then will it appear on the user record.
__________________________________________________________________
"Texts" tab
The Texts tab is present in all code lists and all record lists. It contains two fields where you can enter information according to your own needs. Completing them is not mandatory.
Description
You can enter a more detailed description of the user, such as their role within the company.
Note
You can enter an additional note about the given user.
💡 Tip
It is worth using the note field to record, for example, the user's internal department, the reason for special permissions, or whether the account belongs to a regular employee, an external contractor, or an API account.
🗓 "Administration" tab
The Administration tab contains information about:
the time-based validity of the record,
the visibility of the record in the code list or record list.
The validity of a record is defined by a range of calendar years. The record is valid within the specified range of years. Outside of that range, it is not valid and will not appear in the code list at all.
By limiting the validity period, you ensure that users are not slowed down by scrolling through outdated records during routine use of the list.
⚠️ Warning
The validity period is based on calendar years, not fiscal accounting periods.
Valid from
The calendar year from which the record is valid.
Valid to
The calendar year until which the record is valid.
If you require unlimited validity for the record, leave the default values unchanged:
0 in the Valid from field
9999 in the Valid to field
The record will then be usable in all calendar years and will appear in the list in every calendar year.
For example, if you enter:
Valid from = 2026
Valid to = 2026
the record can only be used in the year 2026, meaning it will only be visible in the list during that year.
📌 Example
If an external contractor is only expected to work for a limited period of time, you can restrict their usability using the Valid from and Valid to fields, without needing to delete the record.
❓ Frequently asked questions
1. Can a login name contain diacritics?
No. A login name can only contain numbers and letters without diacritics.
2. How do I set unlimited validity for a user?
Leave the values as:
Valid from = 0
Valid to = 9999
3. Where are personal certificates added?
In the Tools → Personal certificates agenda, not directly on the user record.