Security Roles in Restaurant365 determine the access a User has in Restaurant365.  Security Roles are broken down by two types: Primary and Secondary.  Each User must have a Primary Role to be able to log in to the system.  Additional Secondary Roles can then be applied as needed to grant (or restrict) the User's access to additional modules, screens, features, menus etc.  For steps on how to assign Security Roles to Users, please refer to the User Setup, Security, and Location Access training.


Primary Roles

  • Accounting Manager - Access to almost all functions in the system.  It includes access associated with most other roles.  The only roles this does not include and need to be assigned separately are:  
    • Franchising
    • Recipe Costing
    • Unapprove
    • Business Analytics
    • User Setup
    • Print Check Signature
  • Accounting Clerk - Access to all the same screens and functions as the Accounting Manager except not able to approve by default.  Since this User cannot approve transactions, they will be created as unapproved.  Individual approve roles for specific transaction types can be given to this User if they should be able to approve certain transaction types
  • AP Data Entry - Access to the 'AP Transactions' and 'Docs to Process' lists in the Accounting module only.  Access to create and save AP Invoices and AP Credit Memos only.  This role can be used by external vendors to directly input AP Invoices and AP Credit Memos in to R365.  Click here to view an example image of the left nav and Vendor menu for a User with AP Data Entry.
  • Catering Manager - Access to all functions in the Catering Module
  • Catering Rep - Access to limited functions in the Catering Module.  Users can create and manage events, but will have limited access to settings
  • Catering Read Only - this will allow users to view the Catering Module, without the ability to create, update, or delete any information
  • Commissary Manager - Access to all Commissary functions (account manager has this access by default and restaurant manager has some limited access to these features by default)
  • Employee App Access - Enables Employee Users to have access to the R365 Mobile App.  An R365 user is created with this role assigned for each employee that has 'App Access' checked on their Employee Record
  • Franchising - Access to the Franchising Module (can be Primary or Secondary role)
  • Manager Log Admin - Full access to the Manager Log module. This role is the highest security role for the Manager Log as it allows the user to create logs and categories and allows access to the admin view of Manager Log
  • Read Only Executive - Access to all the same screens and reports as Accounting Manager but unable to edit anything, so the entire system is read only
  • Read Only Operations - Access to all the same screens and reports as Restaurant Manager but unable to edit anything, so the entire system is read only
  • Restaurant Manager - Access to the Operations, Manager Log, and Scheduling Module (includes Commissary feature within Operations).  By default this User can't approve transactions or edit master records but can be given specific abilities by assigning secondary security roles.
  • Scheduler - Access to the Scheduling Module only.  This will generally be assigned to shift leads and others who may manage parts of the schedule but shouldn't have additional system access to transactions.  This role doesn't see pay rates.


Secondary Roles

Secondary Roles allow you to tailor the access to meet the needs of each individual User.  Secondary Roles can be assigned to grant additional access, or restrict existing access based on the User's Primary role.  The roles have been broken up as such in the following lists: 1) Additional Access and 2) Restrict Access


Additional Access - Secondary Roles:

  • ACH Payments - This role is to be used in conjunction with the 'Hide Print Checks' Role (see Restrict Access section below for more information).  When a User has 'Hide Print Checks', but needs to produce/process ACH Payments, this role will returns access to be able to 'Pay via ACH' on AP Invoices, and produce ACH Payments on the Check Run.  This role does not function when not paired with 'Hide Print Checks'.
  • Approve AP Credit - Allows User with lower security level to approve AP Credit Memos
  • Approve AP Invoice - Allows a User with lower security level to approve AP Invoices
  • Approve AR Payment - Allows a User with lower security level to approve AR Payments
  • Approve DSS - Allows a User with lower security level to approve Daily Sales Summaries
  • Approve Item Transfer - Allows a User with lower security level to approve Item Transfers
  • Approve Journal Entry - Allows a User with lower security level (Accounting Clerk) to approve Journal Entries
  • Approve Stock Count - Allows a User with lower security level to approve Stock Counts
  • Approve Waste Log - Allows a User with lower security level to approve Waste Logs
  • Business Analytics Admin - This role only functions if the Business Analytics module has been purchased and enabled.  Assigning this role adds the 'Dashboard' link to the User’s left navigation pane so they can view Dashboards.  This role also allows Users to create/modify Dashboards and Ad Hoc reports and to use the Ad Hoc Designer to further analyze data.  On the Dashboard form, they will see the additional fields of Create/Edit Dashboard button as well as Dashlets and Ad Hoc report selectors
    • If a User with this role does not want other Users to see Ad Hoc dashboards, he/she would need to make sure to Save all reports but the Ad Hoc report to the Accounting Folder in the Jaspersoft root folder menu. User roles in the system have the same security roles as in Jaspersoft, so any report that is Saved to the Manager Folder will be accessible only to someone with that User role
  • Business Analytics View Only - Assigning this role adds the 'Dashboard' link to the User’s left navigation pane so they can view Dashboards.  This User can access dashboards or Ad Hoc reports, but cannot Save any changes made to the reports
  • Commissary Entry - Allows a User to create a Commissary Order on demand
  • Forecasting - Allows a User to create and modify Sales Forecasts in the 'Reports' section of the Operations module
  • Manager Log Creator - elevated access to the Manager Log module. This role is only meant to be used by a user with employee app access and gives little ability within the Manager Logs
  • Manager Log User - User level access to the Manager Log module.  Should be used for Employees in conjunction with 'Employee App Access'
  • Master Record Delete - Allows a User with a lower security level to also delete master records, such as Purchased Items, Payment Terms, etc., but excluding Delete Stock Count and Delete Stock Count Template roles. This prevents accidental deletions of stock Counts and Stock Count Templates. To include these functions, both roles would need to be added to Master Record Delete
    • Delete Stock Count - Allows the User to delete Stock Counts
    • Delete Stock Count Template - Allows the User to delete Stock Count Templates
  • Master Record Save - Allows a User with lower security to modify and save master records such as Purchased Items, Payment Terms, etc
  • P&L Comparison Screen - Allows a User to see and use the 'P&L Comparison Screen' in the Operations module
  • Pay AP Invoice - Allows a User with lower security to click 'Pay Bill' on AP Invoice form and to create and open AP Payments (does not give access to Check Run screen)
  • Pay Check Run - Can be given to a User with the 'Accounting Clerk' Primary Role.  Grants Users access to the 'Create Checks' prompt on the Check Run (this prompt is not accessible for Accounting Clerks by default).  This will allow the Accounting Clerk to create Payments via the Check Run.  They will be able to print checks, export ACH etc.  This role gives full access to the Check Run.
  • Print Check Signature - allows a User to print signatures on to Checks from the Pay Bill feature, Manual Payment and Check Run
  • Recipe Costing - access to all functions associated with Recipe Costing.  Primarily gives access to create new recipes, modify existing recipes, view recipe list and view ingredient list
  • Renovo - access to the Renovo financial reporting tool
  • Submit Purchase Order - Allows a User with lower security level to submit Purchase Orders that have been created using the Purchasing Assistant
  • Unapprove All - access to unapprove all Approved transactions
    • Unapprove AP - access to unapprove AP Transactions (AP Invoice, AP Payment, AP Credit Memo)
    • Unapprove AR - access to unapprove AR Transactions (AR Invoice, AR Payment, AR Credit Memo)
    • Unapprove Banking - access to unapprove Banking Transactions (Bank Withdrawal, Bank Deposit, Bank Transfer, Bank Reconciliation)
    • Unapprove DSS - access to unapprove DSS records (this will also unapprove the DSS Journal Entries associated with the DSS)
    • Unapprove Inventory - access to unapprove Inventory Transactions (Stock Counts)
    • Unapprove JE - access to unapprove Journal Entries (Journal Entries, Beginning Balance Journal Entries, Payroll Journal Entries)
  • User Setup - access to create and manage Users, Security, Location Access and the R365 Theme Builder 


Restrict Access - Secondary Roles:


  • Hide DSS Journal Entry Tab -  to be used in conjunction with 'Restaurant Manager'.  Will hide the 'Journal Entry' tab on all DSS screens
  • Hide Print Checks -  to be used in conjunction with 'Accounting Clerk'.  Will hide the 'Print Checks' prompts / options
  • Mask Bank Account - Masks bank account and routing numbers for this User so they can't see them in forms or reports even though they might have access to the Bank Account screen or other transaction screens that use the Bank Account
  • Mask Bank Account Numbers - Masks bank account and routing numbers for this User so they can't see them in forms or reports even though they might have access to the Bank Account screen or other transaction screens that use the Bank Account


R365 Mobile AppR365 Mobile App