👥 User Roles
Location in the application:
Nástroje → Uživatelské role
🧩 What are user roles
The User Roles form contains a list of all roles — that is, the access rights that can be assigned to individual users in the system.
Roles can be:
standard – preconfigured by the system
custom – created according to your own needs
The main purpose of roles is to restrict system access based on the user's job position, for example for:
warehouse staff
sales representatives
accountants
payroll accountants
administrators
Each user is assigned a specific user role. This determines what the user is allowed to do after logging into the system.
The list of roles can be found in the module:
Tools → User Roles
💡 Tip
It is advisable to configure user roles right when setting up the system. Correctly configured permissions significantly reduce the risk of unintended changes to data.
Standard roles are defined programmatically and cannot be modified. However, you can use them as a basis to create new custom roles, which you can then adjust to suit your needs.
🔒 Standard roles
Standard roles are marked with a checkmark in the Standard Role column of the table view.
This means these are roles that are:
firmly defined by the system
immutable
cannot be deleted
If you have not created a custom role, the Edit button will not be available in the toolbar.
Using the Open button, you can view what a specific role allows or restricts.
🌳 How roles are displayed
The left-hand side of the form displays the entire ABRA Flexi system — all modules and their options — as a tree structure.
The right-hand side shows what type of access a user with the given role has.
In the basic view, there are four options:
Full access
The user may perform all actions within the given option.
Read only
The user may only view records.
No access
The user cannot see the marked records at all.
Refined access
If a user has full access, this access can be further restricted.
Depending on the specific module and option, you can allow or deny, for example:
editing
deletion
cancellation
working with discounts
price changes
🔤 How to identify the access type by font style
You can identify the type of access just by looking at the left-hand side of the form.
Even at a glance, the font style in the left-hand part of the form indicates the access type:
bold font → full access
regular font → read-only or refined access
italic → access denied
⚠️ Warning
No user role automatically grants permission for:
company management
the right to lock documents
the right to lock periods
These permissions are configured individually for each user in their login credentials.
🛡 Overview of standard roles
👑 Administrator
The Administrator has all permissions within the application.
This permission is automatically granted to the user who launched the application for the first time during installation and entered their username and password in the First Launch dialog.
Only for this first user is the following option automatically checked:
Allow company management
The Administrator can therefore:
create new companies
rename companies
disconnect companies
delete companies
restore companies from the list of disconnected ones
restore companies from backups
The Administrator has all permissions within the application.
🧠 Super User
The Super User has almost all permissions, but with a few exceptions.
In particular, they do not have access to the following areas:
This means they cannot:
add new users
change the access rights of other users
On the other hand, they can:
add accounting periods
change company settings
work with code lists
perform standard user operations
back up data
👤 Standard User
The Standard User has fewer permissions than the Super User.
They can work with the application in the usual way, but are denied access to:
Company Setup Wizard
the standalone Company Settings
Additionally:
they cannot back up data
they do not have access to the Employees module
they cannot update the license
In the Tools menu, their options are limited. They can:
work with code lists
change their password
work with personal certificates
use the online store
📚 Accountant
The Accountant has fewer permissions than the Standard User.
Their rights correspond to the role of an accounting employee. They can perform standard accounting operations, but have restrictions in other areas.
Restrictions:
limited access to the Goods module
cannot change product groups
cannot change price levels
does not have access to the sales module:
inquiries
orders
quotes
cannot issue payment orders
does not have access to the Employees module
cannot update the license
In the Tools menu, they can:
work with code lists
change their password
use personal certificates
💼 Payroll Accountant
The Payroll Accountant has the same permissions as the Accountant, but additionally has access to the:
Employees module
🤝 Sales Representative
The Sales Representative has permissions corresponding to sales activities.
They have access only to selected parts of the system, and even there access may be partially restricted.
Company Module
They are denied access to:
Company Setup Wizard
the standalone Company Settings
They cannot:
back up data
Modules and Options
They do not have access to accounting sections, for example:
Posting Rules
Item Summaries
Money Module
They have access only to the:
Cash Register section
They do not have access to the:
Bank section
They do not have access to the following modules:
Assets
Employees
Accounting
Reports
In the Tools menu, they can:
work with code lists
(with the exception of accounting-related sections)perform imports
change their password
use personal certificates
use the online store
They cannot update the license.
📦 Warehouse Operator
The Warehouse Operator has one of the lowest permission levels. This role is designed for warehouse management.
They have access only to the following modules:
Even here, however, with restrictions.
For example, they do not have access to:
In the Tools → Code Lists menu, they have access only to those code lists related to warehouse management.
💵 Warehouse Operator with Cash Register
This role has the same permissions as the Warehouse Operator, but additionally has access to the:
Money → Cash Register module
The Bank section remains restricted.
👀 Read Only
A user with this permission has access to all modules, but cannot:
create new records
modify existing records
They can only:
browse data
create selections
print reports
⛔ Inactive Account
This permission is used for a user who previously had access to the application but should now be prevented from logging in.
It is used in cases where the user cannot be deleted because documents they created are linked to their account.
By changing the role to Inactive Account:
the user's record remains in the system
but they will not be able to log in
If they attempt to log in, the system will notify them of this fact.
📌 Example
If an employee leaves the company but documents created under their account exist in the system, it is not possible to delete the account. The correct approach is to change their permission to Inactive Account.
✨ New roles
If none of the available standard roles suits your needs, you can create your own custom user role.
It is based on an existing standard role, which you then adjust as needed.
After clicking the New button, a list of already created custom roles is displayed.
Standard roles are marked in the Standard Role column.
Select the role you want to use as a basis, and confirm with the appropriate button to open the dialog for a new record or for editing.
A new role is created by copying one of the standard roles. You then simply remove the permissions that the custom role should not include.
⚠️ Warning
When creating a copy of a user role, you must always select a role with higher permissions than the one you intend to create.
In other words: permissions should be removed, not added.
If you start from a role with lower permissions and attempt to add certain rights, the system may not accept the change.
📝 New role fields
Code: The code from the original role is copied to the new role. This must be changed, as codes must be unique.
If you do not change it, the system will notify you when attempting to save that the same code is already used by another record.
Name: The name of the original role is also copied. It is advisable to update it so that the new role is clearly distinguishable.
Name in foreign languages: If you have foreign languages configured in the system, you can click the relevant button to fill in the Name field in additional languages as well.
These language variants of the name are printed on documents when using foreign-language printing.
An additional button can be used to collapse the fields for foreign-language names.
Standard role: This field is read-only. A new role is not a standard role.
💡 Tip
When creating custom roles, it is worth naming them according to a specific function, for example:
Skladník bez cenObchodník bez mazáníÚčetní jen čtení mezd
📑 "Basic Sheet" tab
The left-hand side of the tab displays a tree of all ABRA Flexi modules and options. The font style indicates the basic level of access.
The right-hand side allows you to refine the access further.
By selecting a module or a specific option on the left and checking the appropriate permission on the right, you can adjust the permissions for the given role.
Access types
Full access – bold font: The user may do everything within the given option.
Read only – regular font: The user may only view records.
No access – italic font: The user cannot see the marked records at all.
Refined access – regular font: If the user has full access, this access can be further restricted. Depending on the specific module and option, it is possible to allow or deny actions such as editing, deletion, and so on.
Detailed access restrictions
Depending on the specific module or option, the following can be individually allowed or denied, for example:
Add new – adding a new item or document
Edit existing – modifying an existing item or document
Delete – deleting an existing item or document
Cancel – cancelling an existing item or document
Allow discount and price change – restricting the ability to work with discounts and prices
Totals – enabling the totals button
View purchase price – visibility of the purchase price during sales
Change posting – the ability to modify the configured posting
⚠️ Warning
When configuring permissions, always clarify what a specific permission applies to:
the entire document
or its line items
The same permission may behave differently depending on where it is set.
⚠️ Important notice
If a user role property is being configured both at the document level and at the document line item level, the application will only accept the change if the setting is identical in both places.
📌 Example
If you want to prevent a user from changing the price on line items of an issued invoice, it is not enough to check only the permissions for the invoice itself. You also need to verify the permissions set for the document line items.
📝 "Texts" tab
The Texts tab is available in all code lists and lists.
It contains two optional fields where you can enter your own internal notes.
Description: You can provide a more detailed description.
Note: The note is used to alert operators to anything unusual about the record, or to inform other users of anything they should be aware of when working with it.
💡 Tip
The note field is a good place to record, for example:
why the role was created
who it is intended for
what restrictions it has compared to the standard role
❓ Frequently asked questions
Can a standard role be modified?
No. Standard roles are system-defined and cannot be modified or deleted.
2. How do I create a custom role?
You create a copy of an existing role and then adjust it as needed.
3. Does any role automatically have company management enabled?
No. Company management is configured separately for each user. The only exception is the first administrator during the initial launch of the application.