How to Manage Users on Xero

Learn how to add, edit and remove users in Xero, assign roles securely and track user activity to manage your accounting access effectively

At Towerstone Accountants we provide specialist limited company accountancy services for directors and owner managed businesses across the UK. We created this webpage for business owners who want practical guidance on choosing and using accounting software, including day to day bookkeeping tasks, invoicing, bank feeds, and reporting. Our aim is to help you keep accurate records, reduce admin time, and stay compliant with HMRC and Companies House requirements.

Managing users on Xero is one of those tasks that feels simple on the surface but has real consequences if it is not handled properly. I regularly see businesses where too many people have too much access, former staff are still listed as users, or key users do not have the permissions they actually need to do their job. All of these issues create risk, confusion, and inefficiency.

Xero is designed to be collaborative. That is one of its strengths. But collaboration only works well when access is controlled, roles are clear, and permissions match responsibility. In this guide I will explain how user management works in Xero, what each role allows, how to add and remove users safely, and how to set things up in a way that protects the business while still allowing the team to work effectively.

This is written from a UK business perspective and based on how Xero is used in real companies day to day, not just how it looks in the software menu.

What user management means in Xero

User management in Xero is about controlling who can see what and who can do what inside your Xero organisation.

Each user:

  • Has their own login

  • Is assigned a role

  • Has specific permissions based on that role

There is no limit on the number of users you can add, but there is a limit on who should have access.

Xero user access should always be intentional, not casual.

Who should be responsible for managing users

In every business, there should be one clear person responsible for managing Xero users.

In most cases this is:

  • The business owner

  • A director

  • The finance lead

  • Or the external accountant

Spreading responsibility often leads to poor control. From experience, the best setups are those where one person owns user access decisions and reviews them regularly.

Understanding Xero user roles

Xero works on a role based permission system. You do not customise every permission individually. Instead, you assign a role that comes with a predefined level of access.

The main user roles you will see in Xero include:

  • Adviser

  • Standard

  • Invoice only

  • Read only

  • Payroll admin

  • Payroll employee

Each role serves a different purpose and choosing the right one matters.

The Adviser role explained

The Adviser role is the highest level of access in Xero.

This role is typically given to:

  • Accountants

  • Bookkeepers

  • Trusted senior finance staff

An Adviser can:

  • See and edit all areas of Xero

  • Manage users and permissions

  • Change accounting settings

  • Submit VAT returns

  • Lock and unlock periods

Because this role has full control, it should be used sparingly.

In most businesses, only the accountant and one internal person should have Adviser access.

Standard user role

The Standard role is designed for day to day business use.

A Standard user can usually:

  • Create and edit invoices

  • Enter bills and expenses

  • Reconcile bank transactions

  • View reports

However, they cannot usually:

  • Change key accounting settings

  • Manage users

  • Lock periods

This role is suitable for:

  • Office managers

  • Finance administrators

  • Business owners who do not want full control

For many businesses, this is the most commonly used role.

Invoice only user role

The Invoice only role is much more limited.

An Invoice only user can:

  • Create and send sales invoices

  • View customer details

They cannot:

  • See bank accounts

  • View bills

  • Access reports

  • See sensitive financial data

This role works well for:

  • Sales staff

  • Admin staff responsible only for billing

  • Businesses that want tight financial controls

It is a good example of least privilege access.

Read only user role

The Read only role allows visibility without the ability to make changes.

A Read only user can:

  • View invoices

  • View bills

  • View reports

They cannot:

  • Edit or create transactions

  • Reconcile bank accounts

  • Change any settings

This role is useful for:

  • Directors who want oversight

  • Investors

  • Non finance managers

It provides transparency without risk.

Payroll specific roles

Payroll access in Xero is handled separately from general accounting access.

There are two main payroll related roles:

  • Payroll admin

  • Payroll employee

Payroll admin users can:

  • Run payroll

  • Submit RTI reports to HMRC

  • Manage employee records

Payroll employee users can:

  • View their own payslips

  • Access personal payroll information

Payroll access should be tightly controlled due to the sensitivity of data.

Payroll reporting interacts directly with HMRC, so accuracy and control are critical.

How to add a new user to Xero

Adding a new user in Xero is straightforward, but it should never be rushed.

The process is:

  • Log into Xero

  • Go to Organisation settings

  • Select Users

  • Click Invite a user

  • Enter their email address

  • Choose the appropriate role

  • Send the invitation

The user will receive an email and must accept the invitation to activate access.

Always double check the role before sending the invite.

Choosing the right role for a new user

This is where most mistakes happen.

Before adding a user, ask:

  • What tasks do they actually need to do

  • Do they need to see bank balances

  • Do they need to run reports

  • Do they need access to payroll

If the answer is no, choose a more restricted role.

It is far easier to increase access later than to undo damage caused by too much access.

How to remove a user from Xero

Removing users is just as important as adding them.

When someone leaves the business, changes role, or no longer needs access, they should be removed promptly.

The process is:

  • Go to Organisation settings

  • Select Users

  • Find the user

  • Remove or deactivate access

This action takes effect immediately.

Leaving former staff as active users is one of the biggest security risks I see in small businesses.

What happens when you remove a user

Removing a user does not delete historical data.

All transactions they created remain in Xero with an audit trail.

Removing access simply prevents future logins.

This means there is no downside to removing users who no longer need access.

Reviewing user access regularly

User access should not be set and forgotten.

I recommend reviewing Xero users:

  • At least once a year

  • Whenever staff roles change

  • When external contractors leave

  • Before year end or audit

A quick review often reveals users who no longer need access or have more access than necessary.

Managing accountant and bookkeeper access

Most businesses give their accountant Adviser access.

This allows the accountant to:

  • Review bookkeeping

  • Make adjustments

  • Prepare VAT returns

  • Support year end accounts

This access is usually provided through the accountant’s practice login rather than an individual email.

This is standard practice and does not mean the accountant can see anything outside your organisation.

Should business owners give themselves Adviser access

This depends on confidence and involvement.

Some business owners want full control and visibility. Others prefer to leave technical settings to professionals.

From experience:

  • One internal Adviser is usually sensible

  • More than two often creates confusion

If you are unsure, a Standard role with good reporting access is often sufficient.

User access and audit trail

Xero maintains a full audit trail.

This means:

  • You can see who created or edited transactions

  • Changes are timestamped

  • User activity is recorded

This makes user accountability important. Shared logins should never be used.

Every person should have their own login.

Why shared logins are a bad idea

Shared logins undermine accountability and security.

Problems include:

  • No clear audit trail

  • Password sharing risks

  • Difficulty removing access cleanly

  • Breaches of Xero terms

Xero is designed for individual users. Shared logins should always be avoided.

Managing access for external contractors

Sometimes businesses use external contractors for admin or finance tasks.

In these cases:

  • Use the most restricted role possible

  • Set a clear end date

  • Review access when work is complete

Invoice only or Read only roles are often sufficient.

Granting Adviser access to temporary contractors is rarely appropriate.

Using Xero roles to protect against mistakes

One of the biggest benefits of good user management is error prevention.

Limiting access can:

  • Prevent accidental deletions

  • Protect reconciled periods

  • Reduce VAT errors

  • Avoid incorrect settings changes

Many costly bookkeeping errors come from well meaning users with too much access.

Locking periods and user permissions

Xero allows periods to be locked once they are finalised.

This prevents users from editing historical data.

Period locking is usually handled by:

  • The accountant

  • Or an Adviser level user

Locking periods works alongside user roles to maintain data integrity.

What users can see and data sensitivity

Remember that access is not just about actions, it is also about visibility.

Some users should not see:

  • Full profit figures

  • Bank balances

  • Director loan accounts

  • Payroll costs

Using restricted roles protects sensitive information and avoids awkward conversations.

Managing users in growing businesses

As businesses grow, user management becomes more important, not less.

Growth often brings:

  • More staff

  • More segregation of duties

  • More compliance requirements

Regularly reviewing who does what in Xero helps keep systems aligned with reality.

Common user management mistakes I see

From experience, the most common issues include:

  • Too many Adviser users

  • Former staff left active

  • Everyone given Standard access by default

  • No regular access reviews

  • Shared logins

All of these increase risk without adding value.

How accountants help with Xero user management

Accountants often help by:

  • Recommending appropriate roles

  • Setting up access initially

  • Reviewing access during year end work

  • Advising on segregation of duties

This is especially helpful for directors who are not confident with software settings.

User management and compliance

Proper user management supports compliance by:

  • Protecting financial records

  • Ensuring accurate VAT submissions

  • Supporting audit trails

  • Reducing risk of unauthorised changes

This matters not just for internal control, but also for external review.

User management and Making Tax Digital

Because Xero connects directly to HMRC for VAT and payroll submissions, controlling who can submit data is critical.

Only trusted users should be able to:

  • Submit VAT returns

  • Run payroll

  • Make corrections to filed data

These actions carry real legal responsibility.

How often user roles should change

User roles should change when:

  • Someone’s job changes

  • Responsibility increases or decreases

  • A probation period ends

  • A contractor finishes work

Access should always reflect current responsibility, not historical trust.

Using Xero reports to monitor user activity

Xero includes reports that show:

  • Transaction history

  • User activity

  • Changes made

Reviewing these occasionally helps spot training needs or access issues early.

Is there a cost for adding users

Xero does not charge per user.

You can add as many users as you need without increasing the subscription cost.

This makes it even more important to manage access carefully, because there is no financial barrier to over sharing.

Best practice approach to Xero user management

From my experience, best practice looks like this:

  • One or two Adviser users only

  • Most staff on restricted roles

  • No shared logins

  • Annual access review

  • Immediate removal of leavers

This balances efficiency with control.

Final thoughts

Managing users on Xero is not just an admin task. It is a core part of financial control, data protection, and compliance.

When user access is set up properly, Xero becomes a powerful and safe collaborative tool. When it is neglected, it becomes a source of risk and confusion.

In my experience, the businesses that get the most value from Xero are not those with the most users, but those with the right users, the right access levels, and a clear understanding of who is responsible for what. Taking the time to manage users properly pays back many times over in reduced errors, better security, and greater confidence in the numbers.

You may also find our guidance on how to reconcile in xero and how to create a credit note in xero helpful when exploring related accounting software tasks. For a broader overview of software options and setup guidance, you can visit our accounting software hub.