Before you begin
Admin access to GATHER.nexus
Understanding of your team's responsibilities and reporting structure
List of standard job functions in your finance team
π‘Tip: Before creating roles, map out your finance team's workflow. Who prepares reports? Who approves them? Who just needs visibility? This 10-minute planning saves hours of permission adjustments later.
Access the roles management centre
From your GATHER.nexus dashboard, locate the Users & Roles section. Click on the Roles tile to enter role management.
(The Roles tile is highlighted in red - this is where you'll define user permissions and access levels.)
Review Default roles
You'll see GATHER.nexus's pre-configured or default roles designed for typical finance teams:
Default roles explained:
Finance Reviewer
Reviews and approves financial submissions, Can't modify source data, Perfect for: Controllers, Finance Directors who approve but don't prepare
Finance Preparer
Creates and modifies consolidation entries, Manages intercompany reconciliations, Ideal for: Senior accountants, consolidation specialists
Report Viewer
Read-only access to generated reports, Can't see underlying transactions, Suitable for: Board members, investors, non-finance executives
Admin
Full platform control including user management, System configuration access, Reserved for: CFO, Head of Finance, system administrators
Finance Lead
Comprehensive financial data access, Can generate and modify all reports, Designed for: Finance managers, reporting leads
βΉοΈNote: Default Roles permissions cannot be updated
Add a new custom role
To address specific organisational needs, click the Add Role button located in the top right corner of the roles management screen.
This opens the role creation interface where you'll define:
Role Name: Enter a descriptive name that clearly indicates the role's purpose and scope
Use clear, job-function based names like
β "UK Finance Manager", "Consolidation Analyst", "Board Observer"
β (Avoid) "John's Role", "Temp Access", "Special Permissions"
Avoid personal names or temporary designations
Consider future team growth when naming roles
Description: Provide a comprehensive description explaining:
The role's intended purpose within your organisation
Key responsibilities and access requirements
Any special considerations or limitations
Mention if it's for temporary or permanent use
(The Add New Role form allows you to create custom access levels for your team members.)
Click Add to create the role. Your new role will appear in the roles list and now you set the permission for the role.
βImportant: New roles start with no permissions this follows security best practices. so you can set permissions based on the need.
Set Module - Wise Permissions
Click Permission details next to your new role (or any existing role you want to modify).
(Your newly created role appears in the list with enabled status and customisable permissions.)
For each GATHER.nexus module, you can assign specific permission levels Just simply click on the checkboxes you want to grant access for if you don't want to grant access for any specific module or restrict then simply leave it blank:
Permission Types Available:
All - Complete access including view, add, edit, and delete functions
View - Read-only access to data and reports
Add - Ability to create new entries and documents
Edit - Modify existing data and configurations
Delete - Remove data, documents, and configurations
Apply your permission changes
After setting up the permissions for all modules, click Update at the bottom of the permissions screen.
(The permissions matrix shows all platform modules with specific access levels you can grant or restrict.)
Common Questions:
Q: Can users have multiple roles assigned?
A: No, each user is assigned one role at a time. If someone needs mixed permissions, create a custom role that combines the required access levels.
Q: What happens to users when I modify a role's permissions?
A: Changes take effect immediately for all users assigned to that role. Consider communicating significant changes to affected team members.
Q: What's the difference between disabling a role and deleting it?
A: Disabling preserves the role configuration for future use, while deleting removes it permanently. Disabled roles cannot be assigned to new users.
Q: What's the difference between "All" access and individual permissions?
A: "All" grants create, read, update, and delete. Individual permissions offer granular control. For example, give accountants "Add" and "Edit" for journal entries but not "Delete" to prevent accidental removal.
Q: Can I create Group-specific or Group Class - Specific roles?
A: Roles define feature access, while Group or Group Class access is controlled at the user level. Create a role like "Regional Manager," then assign users to specific Group or Group Class when adding them to the platform.
Q: Can I duplicate an existing role to create a similar one?
A: While there's no direct duplicate function, you can create a new role and configure it with similar permissions to an existing role.
What's next?
With your custom roles configured, you can:
Assign roles to new and existing users based on their responsibilities
Monitor access patterns to ensure roles are working effectively
Adjust permissions as your business processes evolve
Maintain compliance with documented access control procedures
Your role-based access control system now provides secure, efficient collaboration whilst protecting sensitive financial data across your GATHER.nexus platform.
Have questions or need assistanceβ
Contact our support team at support@gather.nexus