05 - Administration

Users, Roles & Permissions

Invite team members, assign role templates, and understand the permission model.

Users, Roles & Permissions

Stokly supports multi-user collaboration with a granular permission system and a set of pre-built role templates.

Role templates

The following role templates are provided out of the box:

Role Typical user Scope
Administrator You / the owner Everything, including user management
Owner Company owner Everything except platform admin
Manager Operations manager Sales, purchases, reports, limited settings
Sales Rep Sales team Quotes, invoices, customers, products (view)
Accountant External accountant Full bookkeeping, VAT, reports — no HR/Payroll
Bookkeeper Bookkeeper Day-to-day transactions, limited reporting
Inventory Manager Stock controller Products, stock adjustments, purchases
Payroll Manager HR / payroll Full HR & Payroll; no accounting
Employee Any staff member Employee portal only (own payslips + leave)
View Only Auditor, investor Read-only across all enabled modules

Inviting a user

  1. Go to Users → Invite User (Administrator only).
  2. Enter email, first name, and last name.
  3. Select a role template (or create a custom set of permissions).
  4. Send the invite — the user receives an email with a link to set a password.

Custom permissions

If the role templates don't fit, assign individual permissions from the full list (over 80 fine-grained permissions grouped by module). You can save a custom set as a new template.

Approval workflows

For sensitive actions, you can require approval before posting:

  • Expenses over a threshold
  • Journal entries (manual only)
  • Credit notes

Configure under Settings → Approval Workflows. Approvals appear in the approver's inbox and on the dashboard.

Audit trail

Every sensitive action (create, edit, delete, approve, post) is logged. View it on the dashboard activity feed or under Settings → Audit Trail for filtered searches.

Employee-only users

Users with only the EmployeePortalAccess permission are automatically redirected to their personal portal on login. They never see the business dashboard or menus.