Privileges

These are all of the privileges available in Tungsten AP Essentials.

To access these settings: Navigate to the Users view, click a user name and select the Privileges tab.

You must have the Manage accounts or Manage user accounts privilege to edit user privileges in Admin Center. However, you can grant any privilege you have yourself via the API.

These are all of the privileges available in Tungsten AP Essentials. The settings that appear can vary depending on which services and document processes you use.

Admin privileges

These privileges are available for user accounts with the Admin role.

APPS
Access Analytics Grants access to Analytics reports in Admin Center.
Access E-Invoice Connect

Lets admin users on the customer level open E-Invoice Connect from a link that appears on the landing page in Admin Center. The link utilizes single sign-on, so login credentials are not required to access E-Invoice Connect via the link.

This setting is only visible if the E-Invoice Connect service is enabled.

ACCOUNT MANAGEMENT
Manage accounts

This privilege gives the user permission to manage accounts, users and settings in Admin Center. The Manage accounts privilege, also lets you grant the Manage services privilege, even if you do not have the Manage services privilege yourself.

This privilege is required to:

Subsidiary administrators with this privilege can:

  • Add/delete services for partners and customers.
  • Choose the active target system for partners and customers.
  • Edit the target system settings of partners and customers.
  • Add, delete, trust, untrust and download resources from the Resources view.

Partner and Partner group administrators with this privilege can:

  • Choose the active target system for customers.
  • Edit the target system settings of partners and customers.
  • Add, delete, trust, untrust and download resources from the Resources view.

Customer administrators with this privilege can only view target system settings. Customer administrators need the Manage target system settings privilege to edit target system settings.:

Partner administrators can modify all service settings with this privilege. However, customer administrators with this privilege can edit all service settings except for Extraction services and Target system services.

Manage suborganizations

Grants administrators the ability to create, update, delete, activate/deactivate, group/ungroup, pause/resume and move organizations. Administrators with this privilege can also grant this privilege to other administrators, but cannot remove the privilege from themselves.

During customer creation, if a user has the Manage suborganizations privilege, but does not have the Manage services privilege, only these services are available:

  • Extraction
  • Process control
  • Target system
SERVICE PLAN
Manage service plans Grants permission to edit service plans.
SERVICE MANAGEMENT
Manage services

Grants permission to add, remove and edit services.

Administrators with this privilege can edit the settings of all services. Therefore, they do not need more specific service-management privileges below, such as Manage extraction settings, Manage target system settings etc.

Manage classification settings

Grants permission to edit Classification service settings.

Manage email input settings

Grants permission to edit Email input service settings.

Manage E-Invoice Connect settings

Grants permission to edit E-Invoice Connect service settings.

This setting is only visible if the E-Invoice Connect service is enabled.

Manage extraction settings

Grants permission to edit Extraction service settings.

Manage master data settings

Grants permission to edit Master data service settings.

Manage notifications settings

Grants permission to edit Notifications service settings.

Manage process control settings

Grants permission to edit Process control service settings.

Manage purchase order settings

Grants permission to edit Purchase order service settings.

Manage storage settings

Grants permission to edit Storage service settings.

This privilege is only available to partner administrators.

Manage target system settings

Grants permission to edit Target-system settings.

Manage validation settings

Grants permission to edit Validation service settings.

This privilege is only available to partner administrators. Customer administrators can edit rules in the document types via the Extraction service if they have the Manage extraction settings privilege.

Manage verification settings

Grants permission to edit Verification service settings.

Manage workflow settings Grants permission to edit Workflow service settings.
USER MANAGEMENT
Manage user accounts

Grants permission to add, delete, enable/disable and edit users. This privilege also grants the ability to reset passwords and import/export users.

You must have the Manage accounts or Manage user accounts privilege to grant this privilege to another user. You cannot remove this privilege from your own account unless you have the Manage accounts privilege.

Manage user groups

Grants permission to add, delete and edit user groups. When copying customers, this privilege also lets user groups be copied too.

If you copy a customer with workflows that reference user groups, and you do not have this privilege, or the Manage accounts privilege, the workflows that reference user groups are not copied.

You must have the Manage accounts or Manage user groups privilege to grant this privilege to another user. You cannot remove this privilege from your own account unless you have the Manage accounts privilege.

Manage identity providers

Grants administrators the right to add, edit and delete identity providers in the Identity providers view.

This privilege also grants the ability to edit the SINGLE SIGN-ON settings in the User management view. In other words, you can enable/disable single sign-on the account level. Likewise, you can change the Identity provider setting and the Tenant ID setting (if available).

This privilege is available to subsidiary and partner administrators.

DOCUMENT MANAGEMENT
Process documents Grants administrators the right to view, edit and process documents. Among other things, this privilege lets you open documents via the Documents view in Admin Center and process them in AP Essentials Office.

Admin users must have this privilege to:
  • upload documents using Tungsten AP Essentials Connect.

  • download output data using Tungsten AP Essentials Connect.

View documents Grants administrators the right to view documents and document data via Admin Center. You must have this privilege to access, for example, the Documents view. This privilege also lets you open documents in read-only mode in AP Essentials Office.
RESOURCE MANAGEMENT
Manage resources

Grants administrators the right to add, delete, download, trust and untrust resources in the Resources view.

This privilege is available to subsidiary and partner administrators.

MASTER DATA
View supplier bank account numbers Grants administrators the right to view and edit supplier bank account numbers. Without this privilege, account numbers are masked to Admin users.

This privilege is included in the default administrator privileges when an admin user is created via the API. However, it is not included by default when an admin user is created via Admin center.

User privileges

These privileges are available for user accounts with the User role.

Access APPROVE

Gives the user permission to approve invoices in a workflow. Also gives exception handlers permission to send rejected invoices to manual separation.

Access EXPLORE Grants access to the Processed view on the document list view.
Access MANAGE

Gives the user permission to:

  • Start workflows (correction and approval).
  • Approve documents in correction and approval workflows.
  • Reject documents.
  • Request info for documents.
  • Send documents back to verification.
Access RECEIVED This privilege is required, in combination with Manual document separation (Split), to perform document separation.
Access STORAGE - My documents Grants access to the STORAGE view, but only displays documents the user has processed.
Access STORAGE Grants access to the STORAGE view on the document list view.

Original emails containing invoices can be viewed on the Attachments tab by Office users with this privilege.

Access UPLOAD Grants access to the Upload view.
Access VERIFY Grants access to the Verify view.
Access VERIFY - Reply

Grants access to the Verify view, but restricts access to documents with the status, Request for information. If you want to restrict access in using this status, you must also disable the Access VERIFY privilege, which supersedes Access VERIFY - Reply.

Start workflow from Verification

Lets you select which workflow you want to send an invoice to from the document view by adding a menu to the OK button in the document view. This is helpful if you want to override the default rules for a particular invoice.

Change bypass verification setting

Lets users change the bypass verification setting for suppliers.

Change field visibility per supplier/Change field visibility per customer

Lets users toggle field visibility during verification.

Change lock online learning setting

Lets users change the Lock online learning setting for suppliers or customers.

For accounts payable processes, the setting is in the Add/Edit supplier dialog.

For accounts receivable processes, the setting is in the Add/Edit customer dialog.

Delete documents

Gives users permission to delete documents. This applies to all views and instances where it is possible to delete documents, such as the document view.

This privilege is also required to delete files from the Documents and Files views.

Users with this privilege can also delete documents that are on hold.

Edit approval documents

Gives users permission to approve documents and change invoice field values in a workflow. Normally, you can only change invoice field values during verification, or when an invoice has the status, Pending correction, because it was rejected by the target system. This privilege, however, gives the user the ability to change field values at any time during the approval process.

Users with this privilege can also code documents in a workflow, even if the Coding setting is not selected in the workflow step.

Manual document separation (Split)

Grants access to the Document separation view and displays the Split button in the document view.

The Access RECEIVED privilege is also required to perform document separation

Reroute approval documents

Gives users permission to reroute approval documents.

Unhold documents

Gives users permission to unhold documents. You do not need this permission to unhold documents that you have put on hold yourself.

Update online learning

Determines whether user interactions during verification affect online learning. Disable this privilege to prevent new or inexperienced users from having a detrimental effect on documents that have high identification and extraction rates.

This privilege does not override the Lock online learning setting.