Skip to content

Users & Permissions

Configure user accounts and role-based access control in TaprNext.

TaprNext includes four primary roles:

RoleDescription
System ManagerFull access to all settings and data
AP ManagerApprove invoices, manage workflows
AP ClerkProcess invoices, submit for approval
ViewerRead-only access to invoices
PermissionManagerAP MgrClerkViewer
View invoices
Create invoices-
Edit invoices-
Delete invoices--
Submit for approval-
Approve invoices--
Post to ERP--
Configure settings---
Manage users---
View reports
Export data--
  1. Go to Settings > Users
  2. Click + Add User

Provide email, full name, and role assignment. Select whether to send welcome credentials via email.

Users can be restricted to specific legal entities:

  • All Entities: Access to invoices across all entities
  • Specific Entities: Limited to assigned entities only

Full administrative access including configuration of all settings, user management, access to all legal entities, and audit log viewing. Typically assigned to IT administrators and finance directors.

Manages approval workflows and oversight. Can approve/reject invoices, view reports, and supervise AP Clerk activities. Cannot modify system settings. Typical users include AP supervisors and finance managers.

Handles daily invoice processing including uploads, AI extraction review, data editing, PO matching, and submission for approval. Typical users include AP specialists and bookkeepers.

Provides read-only access to invoices and reports with no editing capabilities. Often assigned to auditors and executives.

  1. Go to Settings > Users
  2. Select the user
  3. Modify details and save
  1. Go to Settings > Users
  2. Select the user
  3. Toggle Active off
  4. Save changes

Deactivated users lose login access while maintaining historical records.

  1. Click Reset Password on user profile
  2. User receives email with reset link valid for 24 hours
  • Least Privilege: Assign minimum necessary permissions
  • Named Accounts: Ensure individual user accounts (avoid sharing)
  • Regular Review: Conduct quarterly access audits
  • Offboarding: Deactivate users immediately upon departure
  • Strong Passwords: Enforce minimum 12-character requirements