User roles in Restaurant365 come in two flavors: Security Roles and Report Roles. Security Roles determine the access a User has in Restaurant365. They are broken down by two types: Primary and Secondary.  


Each User must have a Primary Role to be able to log in to the system. Additional Secondary Roles can then be applied as needed to grant (or restrict) the User's access to additional modules, screens, features, menus etc. For steps on how to assign Security Roles to Users, please refer to the User Setup, Security, and Location Access training.


It is important to note that combining Security Roles with the same permissions may cause a variety of errors to occur, including login issues, 502 gateway errors, and missing or malfunctioning pages, among others. Therefore, ensure that Users have only necessary, complimentary roles.


Primary Roles


Primary Roles grant a User access to certain parts of the system. Some Primary Roles provide more access than others, so selecting one of the following will provide a baseline of access for a User.

  • Accounting Manager - Access to almost all functions in the system.  It includes access associated with most other roles.  The only roles this does not include and need to be assigned separately are:
    • Franchising
    • Recipe Costing
    • Unapprove
    • Business Analytics
    • User Setup
    • Print Check Signature
    • Financial Report Builder
  • Accounting Clerk - Access to all the same screens and functions as the Accounting Manager except not able to approve by default. Since this User cannot approve transactions, they will be created as unapproved. Individual approve roles for specific transaction types can be given to this User if they should be able to approve certain transaction types
  • AP Data Entry - Access to the 'AP Transactions' and 'Docs to Process' lists in the Accounting module only.  Access to create and save AP Invoices and AP Credit Memos only.  This role can be used by external vendors to directly input AP Invoices and AP Credit Memos in to R365.  Click here to view an example image of the left nav and Vendor menu for a User with AP Data Entry.
  • Catering Manager - Access to all functions in the Catering Module
  • Catering Rep - Access to limited functions in the Catering Module.  Users can create and manage events, but will have limited access to settings
  • Catering Read Only - this will allow users to view the Catering Module, without the ability to create, update, or delete any information
  • Commissary Admin - Access to all New Commissary Functions
  • Commissary Manager - Access to all Classic Commissary functions (an Account Manager has this access by default and a Restaurant Manager has some limited access to these features by default). For New Commissary functions, a Commissary Manager can only View the Catalog and Ordering Locations and add, edit, and remove Items on Order Guides.
  • Employee App Access - Enables Employee Users to have access to the R365 Mobile App.  An R365 user is created with this role assigned for each employee that has 'App Access' checked on their Employee Record
  • Franchising - Access to the Franchising Module (can be Primary or Secondary role)
  • Full Access - Access to all functions in the system, regardless of mo. Click here to learn more about the Full Access Security Role
  • Limited Accounting Clerk - Similar to the Accounting Clerk role except that the User cannot Approve any transactions
  • Limited Accounting Manager - Similar to the Accounting Manager role except more restrictive. This role enables Users to enter transactions but not Master Records; view, save, edit, Approve, and delete all transactions; and have full access to Fixed Assets, including Fixed Asset Master Records
  • Manager Log Admin - Full access to the Classic Manager Log and New Manager Log modules. This role is the highest security role for the Manager Log as it allows the User to create categories in the Classic Manager Log, view and update Logbook Settings as well as build Logbooks in the New Manager Log, and, for both modules, create Log Entries, leave entry comments, and gain access to the admin view of Manager Log
  • Read Only Executive - Access to all the same screens and reports as Accounting Manager but unable to edit anything, so the entire system is read only
  • Read Only Operations - Access to all the same screens and reports as Restaurant Manager but unable to edit anything, as the entire system is read only
  • Restaurant Manager - Access to the Operations, Classic Manager LogNew Manager Log, and Scheduling module (includes Classic Commissary feature within Operations and the New Commissary feature within the Smart Ops Release). By default this User cannot approve transactions or edit Master Records but can be given specific abilities by assigning secondary security roles. Review more specifics about Manager access and abilities on the corresponding feature's overview training article
  • Scheduler - Access to the Scheduling Module only. This will generally be assigned to shift leads and others who may manage parts of the schedule but shouldn't have additional system access to transactions. This role does not see pay rates


Secondary Roles


Secondary Roles allow you to tailor the access to meet the needs of each individual User.  Secondary Roles can be assigned to grant additional access, or restrict existing access based on the User's Primary role.  The roles have been broken up as such in the following lists: 1) Additional Access and 2) Restrict Access


Additional Access - Secondary Roles:

  • Access Limited Periods - This role is best used with the Accounting Manager Primary Security Role and provides Users access to enter and edit transactions when periods are set to 'Limited' in the Fiscal Year Maintenance Screen.
  • ACH Payments - This role is to be used in conjunction with the 'Hide Print Checks' Role (see Restrict Access section below for more information).  When a User has 'Hide Print Checks', but needs to produce/process ACH Payments, this role will return access to be able to 'Pay via ACH' on AP Invoices, and produce ACH Payments on the Check Run.  This role does not function when not paired with 'Hide Print Checks'.
  • Advanced Close Maintenance - Accesses the Fiscal Year Maintenance Screen. Users with the Primary Security Role of Full access will be allowed access to this feature as part of their Primary Role.
  • Advanced Close - View Only - Access the Fiscal Year Maintenance Screen but is unable to edit anything, as the system is read only. Users with the Primary Security Role of Full Access will be allowed to access this feature as part of their Primary Role.
  • Approve AP Credit - Allows User with lower security level to approve AP Credit Memos.
  • Approve AP Invoice - Allows a User with lower security level to approve AP Invoices.
  • Approve AR Payment - Allows a User with lower security level to approve AR Payments.
  • Approve DSS - Allows a User with lower security level to approve Daily Sales Summaries.
  • Approve Item Transfer - Allows a User with lower security level to review and update an Item Transfer's status to 'Rejected', 'Completed', or 'Approved'.
  • Approve Journal Entry - Allows a User with lower security level (Accounting Clerk) to approve Journal Entries.
  • Approve Stock Count - Allows a User with lower security level to approve Stock Counts.
  • Approve Waste Log - Allows a User with lower security level to approve Waste Logs.
  • Budget - Allows Managers access to view and edit budgets, even if they don't have access to Accounting.
  • Business Analytics Admin - This role only functions if the Business Analytics module has been purchased and enabled. Assigning this role adds the 'Dashboard' link to the User’s left navigation pane so they can view Dashboards. This role also allows Users to create/modify Dashboards and Ad Hoc reports and to use the Ad Hoc Designer to further analyze data. On the Dashboard form, they will see the additional fields of Create/Edit Dashboard button as well as Dashlets and Ad Hoc report selectors.
    • If a User with this role does not want other Users to see Ad Hoc dashboards, they would need to make sure to Save all reports but the Ad Hoc report to the Accounting Folder in the root folder menu. Any report that is Saved to the Accounting or Manager Folder will be accessible only to someone with that corresponding User role.
  • Business Analytics View Only - Assigning this role adds the 'Dashboard' link to the User’s left navigation pane so they can view Dashboards.  This User can access dashboards or Ad Hoc reports, but cannot Save any changes made to the reports.
  • Commissary Entry - Allows a User to create a Commissary Order on demand.
  • Edit 1099 Information - Enables a User the ability to update the 1099 information entered on both approved and unapproved AP Invoices and Credit Memos from the AP Transactions and Bank Transactions list views. Click here to learn more about 1099 Setup and Management.
  • Edit Punches - Allows a lower level security User the ability to add, edit, and delete Employee Punches and Employee Punch Reasons on 'In Progress' or 'Completed' DSSs for any Location that they have access to. Editing punches is only available in the Smart Ops Release.
  • Financial Report Builder - This is the administrative role for the R365 Financial Report Writer.  Users that are assigned this role will have the ability to create (or build) new Custom Financial Reports and Templates.  They will also have the ability to edit or modify existing Templates and Reports.  This role should only be given to Users that need these capabilities.  Users with the Financial Report Builder role will also be able to run and view Custom Financial Reports and do not need the 'Financial Report Viewer' security role. This role can only be assigned to Users with the Accounting Manager and Accounting Clerk Primary Security Roles.
  • Financial Report Viewer - This is the usage role that should be assigned to each User that will be viewing existing reports from the 'Custom Financial Reports' list that are assigned to them. This role should be assigned to Users with the following Primary Security Roles: Accounting Manager, Accounting Clerk, Restaurant Manager, Read Only Executive, and Read Only Operations.
  • Forecasting Admin - Allows a User to create and modify Sales Forecasts in the 'Reports' section of the Operations module as well as edit the configuration for and Approve a Custom Sales Forecast and a Custom Labor Forecast.
  • Forecasting Approval - Enables a User to Approve the Custom Sales and Custom Labor Forecasts. Users with the Primary Security Role of Full Access or the Secondary Security Role of Forecasting Admin will be able to Approve without the addition of this role.
  • Forecasting Location - Provides Location Managers the ability to create and edit Custom Sales and Custom Labor Forecasts for the Locations noted on their User record. Users with this security role will not be able to Approve these forecasts or edit the configuration for Custom Forecasting, unless given the corresponding forecasting role.
  • Item and Recipe Manager - This role works in conjunction with the Restaurant Manager Security Role for AP Invoices V2, which comes out with the Smart Ops Release. With this added Secondary Security Role, Managers can link existing Purchased Items, create new Purchased Items within an AP Invoice, and create/update UofMs throughout the system.
  • Link Vendor Items - This works in conjunction with the Restaurant Manager Security Role for AP Invoices V2, which comes out with the Smart Ops Release. A Restaurant Manager will be able to create an AP Invoice and can link an AP Invoice to existing Purchased Items but cannot create new Purchased Items.
  • Manager Log Creator - Elevated access to the Classic Manager Log and New Manager Log modules. This role is only meant to be used by a User with Employee App Access who creates and views Log Entries as well as enters comments on Log Entries.
  • Manager Log User - User level access to the Manager Log module. This role should be used for Employees in conjunction with Employee App Access who need to view Log Entries
  • Master Record Delete - Allows a User with a lower security level to also delete Master Records, such as Purchased Items, Payment Terms, etc., but excluding Delete Stock Count and Delete Stock Count Template roles. This prevents accidental deletions of stock Counts and Stock Count Templates. To include these functions, both roles would need to be added to Master Record Delete.
    • Delete Stock Count - Allows the User to delete Stock Counts.
    • Delete Stock Count Template - Allows the User to delete Stock Count Templates.
  • Master Record Save - Allows a User with lower security to modify and save Master Records, such as Purchased Items, Payment Terms, etc.
  • P&L Comparison Screen - Allows a User to see and use the 'P&L Comparison Screen' in the Operations module.
  • Pay AP Invoice - Allows a User with lower security to click 'Pay Bill' on AP Invoice form and to create and open AP Payments (does not give access to Check Run screen).
  • Pay Check Run - Can be given to a User with the 'Accounting Clerk' Primary Role.  Grants Users access to the 'Create Checks' prompt on the Check Run (this prompt is not accessible for Accounting Clerks by default).  This will allow the Accounting Clerk to create Payments via the Check Run.  They will be able to print checks, export ACH etc.  This role gives full access to the Check Run.
  • Payroll Clerk - Provides access to Payroll Single Sign On (SSO) and its included features when Payroll SSO is enabled for an instance. Users can even access the R365 Payroll Export without updating their Report Roles.
  • Print Check Signature - Allows a User to print signatures on to Checks from the Pay Bill feature, Manual Payment and Check Run.
  • Purchasing Manager - Allows a User full access to the Smart Ops Version of the Shopping List feature, which includes creating, editing, and using Shopping Lists.
  • Recipe Costing - Access to all functions associated with Recipe Costing.  Primarily gives access to create new recipes, modify existing recipes, view recipe list and view ingredient list.
  • Renovo - Access to the Renovo financial reporting tool.
  • Schedule Approval - Allows a User to publish schedules and shifts in the Scheduling Module. Users with the Restaurant Manager or Scheduler Primary Security Roles will need this additional role to publish shifts and schedules while Users with Full Access and Accounting Manager Primary Security Roles will be able to publish without this additional role. 
  • Submit Purchase Order - Allows a User with lower security level to submit Purchase Orders that have been created using the Purchasing Assistant.
  • Unapprove All - Access to unapprove allapproved transactions
    • Unapprove AP - Ability to unapprove AP Transactions (AP Invoice, AP Payment, AP Credit Memo). This also enables the User to edit details without the need to Unapprove first.
    • Unapprove AR - Ability to unapprove AR Transactions (AR Invoice, AR Payment, AR Credit Memo). This also enables the User to edit details without the need to Unapprove first.
    • Unapprove Banking - Ability to unapprove Banking Transactions (Bank Withdrawal, Bank Deposit, Bank Transfer, Bank Reconciliation).
    • Unapprove DSS - Ability to unapprove DSS records (this will also unapprove the DSS Journal Entries associated with the DSS).
    • Unapprove Inventory - Ability to unapprove Inventory Transactions and unapprove an approved Item Transfer when the User have access to both the Sending and Receiving Locations.
    • Unapprove JE - Ability to unapprove Journal Entries (Journal Entries, Beginning Balance Journal Entries, Payroll Journal Entries). This also enables the User to edit details without the need to Unapprove first.
  • User Setup - Access to create and manage Users, Security, Location Access and the R365 Theme Builder. For Channel Partners who utilize Multi-Instance Switching, this role will also provide them access to the Multi-Instance Switching page and the ability to edit Instance Nicknames.
  • View Vendor Tax ID - Enables a User to view Social Security Numbers on Vendor records unmasked. Only Users that have Full Access will be able to view SSNs without adding this role.
  • Workflow Admin - Enables a User the ability to configure and make changes to the Workflow Setup page and My Workflows for Users without Full Access or User Setup Primary Security Roles. Users with this role will also be able to view active Workflows and manage all approvals.
  • Workflow Super Admin - Enables a User to approve or deny any workflow transaction, unless they are listed as an Approver on a Workflow.


Restrict Access - Secondary Roles:


  • Hide Document Library - To be used in conjunction with 'Manager Log'. This role will hide the Document Library for someone who has access to the Manager Log
  • Hide DSS Journal Entry Tab -  To be used in conjunction with 'Restaurant Manager'. This role will hide the 'Journal Entry' tab on all DSS screens
  • Hide Print Checks -  To be used in conjunction with 'Accounting Clerk'. This role will hide the 'Print Checks' prompts / options
  • Mask Bank Account - This is a placeholder for future enhancements
  • Mask Bank Account Numbers - Masks bank account and routing numbers for this User so they can not see them in forms or reports even though they might have access to the Bank Account screen or other transaction screens that use the Bank Account
  • Prohibit AP Changes- Prevents Users from saving, approving, and deleting, but not viewing, AP Invoices, AP Credit Memos, AP Payments, Purchase Orders, Vendors, Payment Terms, and Vendor Items. Users will also be restricted from printing checks and accessing Documents to Process. The following are hidden: 
    • 'Save', 'Approve', 'Submit', and 'Action' options on the AP Invoice, AP Payment, AP Credit Memo, and Purchase Order
    • 'Save' and 'Edit' options on the Vendor form
    • 'Vendor' tab in the top ribbon
    • 'Vendors' step in Setup Assistant
    • 'New Payment Term' option from 'Administration' on the top ribbon
    • 'AP Credit Memo - Beg Bal', 'AP Invoice - Beg Bal', 'AP Payment - Beg Bal', 'Payment Terms', 'Vendor', 'Vendor Item', and 'Vendor Locations' in the Import Tool
    • 'Documents to Process' in the 'Accounting' module
    • 'Edit Selected' drop-down on the AP Transactions Grid
    • All Transactions and Memorized Transactions Grid
    • 'Save' option in the Vendor, Payment Terms, and Vendor Items quick add pop-ups
  • Prohibit Approve - Prevents a User from Approving AP, AR, and JE Transactions. Users with the Primary Security Role of Full Access will be allowed access to this feature as part of their Primary Role.
  • Prohibit Banking Changes- Prevents Users from saving, approving, and deleting Bank Withdrawals, Bank Transfers, Bank Deposits, Bank Reconciliations, Bank Accounts, and Banks. If they have access to to the Accounting Module, they will only be able to view these banking options while Accounting Managers specifically will also be able Approve Journal Entries. The following are hidden:
    • 'Save', 'Approve', and 'Action' options on the Bank Withdrawal, Bank Transfer, Bank Deposit, and Bank Reconciliation forms
    • 'Save' options on the Bank form and the GL Account form if the GL Account is a Bank Account
    • 'Manage Bank Connections' button on the Bank Account form
    • 'Banking' tab in the top ribbon
    • 'Bank Accounts' step in Setup Assistant
    • 'Bank Deposit - Beg Bal', 'Bank Withdrawal - Beg Bal', 'Bank Expense', and 'GL Account' in the Import Tool
    • 'Edit Selected' drop-down on the Bank Transaction Grid
    • All Transactions Grid
    • 'Save' option in the Bank Account quick add pop-ups
  • Prohibit Document Delete - Prevents Users from deleting document files. The 'Delete' option will be hidden from the following places: Documents to Process List View, Documents to Process Bulk Edit Modal, AP Credit Memo/Invoice Action drop-down menu, AP Credit Memo/Invoice Attachment, AP Transactions and All Transactions Grid.
  • Prohibit GL Acct Changes- Prevents Users from creating, editing, and deleting GL Accounts and GL Types. While Users will be able to view GL Accounts and GL Types, the following will be hidden: 
    • 'Save' options when creating a new GL Account or GL Type and in the quick add popups
    • 'GL Accounts' step in Setup Assistant
    • 'GL Account', 'GL Type', and 'GL Account Location' options in the import tool
    • 'New GL Account' and 'New GL Type' options in the 'Account' tab
    • 'Edit Selected' option from the Bank Accounts Grid
  • Prohibit JE/GL Changes- Prevents Users from saving, approving, and deleting, but not viewing, Journal Entries, Budgets, GL Accounts, and GL Types. The following are hidden:
    • 'Save', 'Approve', and 'Action' options on the Journal Entry form
    • 'Save' and 'Action' options on the Budgeting form
    • 'Save' options on the GL Account and GL Type forms
    • 'Account' tab in the top ribbon
    • 'GL Accounts' step in Setup Assistant
    • 'GL Account', 'GL Type', and 'GL Account Location' in the Import Tool
    • 'Edit Selected' drop-down on the Journal Entries and the Budgets Grids
    • All Transactions and Memorized Transactions Grids
    • 'Save' option in the GL Account and GL Type quick add pop-ups
  • Prohibit Vendor Changes - Prevents Users from creating, editing, and deleting Vendors. While Users would be able to view Vendor records from forms or the Vendors grid, the following are hidden: the 'Save' options when creating a new Vendor and in the Vendor quick add popups, the 'Vendors' step in Setup Assistant, the 'New Vendor' option from the 'Vendor' tab, and the 'Vendor' option from the Import Tool.
  • Prohibit Viewing Upcoming Approvals - Prevents Users from seeing upcoming approvals in My Workflows by removing the 'Upcoming' tab.