Adding Team Members and Setting Permissions
Growing your team in Udyot ERP is straightforward: invite a colleague by email, assign them a role, and they are ready to work in seconds. Role-based access control means your accountant never stumbles into payroll settings, your sales staff cannot accidentally alter vouchers, and your external CA gets read access without touching company configuration. This guide walks you through inviting team members and fine-tuning their permissions in Udyot ERP — Nepal’s cloud-based business ERP designed for Nepali businesses of all sizes.
Understanding the Four Built-In Roles
Every user in Udyot ERP is assigned one of four roles. Roles control the default level of access across the entire application.
| Role | What they can do | Typical assignment |
|---|---|---|
| Owner | Full access to all modules, company settings, billing, and user management. Cannot be removed by another user. | Business owner or managing director |
| Admin | Full access to all modules and user management. Can invite or remove users and change company settings, but cannot manage billing or ownership. | Office manager, operations head, senior accountant managing the whole setup |
| Auditor | Read-only access across accounting, inventory, HR, and all reports. Cannot create, edit, or delete any records. | External CA, internal auditor, IRD-appointed tax inspector, bank officer reviewing books |
| Employee | Access limited to the employee self-service portal — view payslips, apply for leave, and update personal details. | Staff members who do not work in the back office |
Nepal tip: If you give your CA or external auditor an Auditor account, they can pull VAT reports, check the VAT return and IRD annexes, and review ledgers without any risk of modifying your books before filing.
Inviting a Team Member
- Go to Settings → Users.
- Click Invite User.
- Enter the person’s email address.
- Select their role: Owner, Admin, Auditor, or Employee.
- Click Send Invitation.
The invitee receives an email with a secure link to set their own password. The link expires after 48 hours. If they miss it, you can resend the invitation from the same Users screen by clicking the three-dot menu next to their name and choosing Resend Invite.
Once they log in for the first time, their account is active and they can start working immediately under the permissions their role allows.
Fine-Tuning Access with Per-User Capabilities
Roles give you a sensible baseline, but every business is different. Udyot ERP lets you adjust individual permissions on top of any role using per-user capabilities. You can grant access to a module the role would normally block, or restrict access to a module the role would normally allow.
Common examples:
- An Employee who is also your receptionist and needs to raise sales quotations — grant them access to the Sales module without making them a full Admin.
- An Admin who should not see payroll figures — restrict their access to the Payroll module while leaving everything else intact.
- A part-time bookkeeper who only handles accounts receivable — give them access to Sales Invoices and Payment Receipts only.
To adjust per-user capabilities:
- Go to Settings → Users.
- Click the user’s name to open their profile.
- Under Capabilities, enable or disable individual module permissions.
- Click Save.
Changes take effect immediately — the user sees the updated menu the next time they refresh their browser or log in.
Employee Self-Service Portal
Users with the Employee role access a dedicated self-service area where they can:
- View and download their monthly payslips (salaries calculated in NPR, with PF, SSF, and TDS deductions shown separately)
- Apply for leave and track approval status
- View their leave balance and attendance record
- Update their contact details and bank account for payroll deposits
Employees do not see accounting vouchers, inventory records, or any other business data. Their portal is completely separate from the main ERP workspace. See the full guide at Employee Self-Service Portal.
Managing Existing Users
You can change a user’s role or capabilities at any time from Settings → Users. Select the user, update the role or capability toggles, and save. If a team member leaves your organisation, click Deactivate on their profile. Deactivated users cannot log in, but their past activity — vouchers they posted, records they edited — is preserved in the audit trail.
Note on the Owner role: each company has exactly one Owner. To transfer ownership to another Admin, the current Owner must go to Settings → Users, open the target user’s profile, and choose Transfer Ownership. The previous Owner automatically becomes an Admin.
Multi-Company Access
If you operate more than one business entity — for example, a trading firm and a separate manufacturing unit — you can manage them from a single Udyot ERP login. Users can be assigned to one or more companies, with different roles in each. An accountant might be an Admin in Company A and an Auditor in Company B. See Company Settings for how to create and switch between companies.
This is also useful for accounting practices in Nepal that manage books for multiple clients: create one company per client, add the client as an Owner, and retain your own Admin access across all of them.