How to work with roles, permissions, and system users

Before you create the system users (such as loan officers) who will deal directly with clients, you must decide what their roles are and what permissions they will have. You must have appropriate permissions to create roles.

Before beginning, note the following terms:

  • Activity: any system action that a user might perform, such as creating a new system user
  • Permission: authorization to execute an activity
  • Role: a named set of permissions for a particular user
  • Data scope: a set of permissions for a role, determined by the user’s place in the personnel hierarchy and in the office hierarchy  

Personnel hierarchies and office hierarchies

The personnel hierarchy has two levels:

  • The Loan Officer has a data scope that is limited to his/her clients, which only she or he is able to modify as appropriate.  The Loan Officer is able to view clients assigned to other Loan Officers but cannot modify the information for them.  A Loan Officer can be attached to only one branch.  If necessary, you can create the same Loan Officer in a different branch as the same user, but in the different branch this officer must have a different system ID.
  • The Other level hierarchy has no restrictions and has unrestricted access subject to the office hierarchy explained below.

The following table illustrates how these two hierarchies are related.

 User's office hierarchy

 Personnel hierarchy  Permission  Applies to branch B1  Applies to Branch B2
 Branch B1  Loan officer  Edit MFI and personal information**  Yes*  No
 Branch B2  Other  Edit MFI and personal information**  Yes  No
 Headquarters  Other  Edit MFI and personal information**
 Yes  Yes
 Branch B2
 Loan officer
 Edit MFI and personal information**
 No  Yes*


*- Permissions apply only to centers, groups, and clients assigned to the loan officer 

**- This is an example of a permission. See the full listing of possible permissions in Default roles and their activities

How to work with roles and permissions

Many system users can have the same role.

How to create a role

  1. Click Admin > Manage Roles and Permissions.
    If some roles are already defined, you might see a screen like this:

  2. To define a new role, click the New Role link.
    A screen with many types of possible permissions appears. A partial list looks like this:

  3. In the Role Name box, type a name for this role (such as Loan Officer or Branch Administrator). Note that loan officers can see information only on their clients.
  4. If you want to give a role all personnel permissions, for example, check the Personnel box. If you want to give the role only certain of these permissions, check them individually.
  5. When you are satisfied with the permissions you have assigned to this role, click Submit.

How to change a role

  1. Click Admin > Manage Roles and Permissions.
    The list of defined roles appears.
  2. Click a role to see the screen with all its permissions.
  3. Check and uncheck boxes to make any changes.
  4. When you are satisfied with the changes you have made, click Submit.

How to work with system users

When you create system users (the people who deal directly with clients), they are always associated with an existing office. Make sure that you have created the office before you create the system user. You must have appropriate permissions to create and change users.

How to create a system user

  1. Click Admin > Define New System User.
    A list of existing offices appears, organized by type of office. It might look like the following:

  2. Click the office that the new system user will belong to.
  3. Enter user details as explained in the following table. All fields marked with a red asterisk (*) are mandatory.

Field name







The office the user is attached to.


User details



First Name, Middle Name, Second Last Name, Last Name

User's full names

Kamalamma, Leela

National ID

Any form of authorized ID in your country that can be used to identify the person uniquely from the rest of the population, such as a national ID, passport number, etc.  The user is uniquely identified using the combination of the government ID, Name and Date of Birth.





Date of Birth


12 Jan, 1970

Marital Status






Language Preferred

Language preferred by the user


MFI Joining Date


12 Dec, 2005





Address 1, Address 2, Address 3, City/District, State, Country, Postal Code, Telephone

#154, Wheeler Road, Cooke Town, Bangalore, Karnataka






User Title

The user's title


User Hierarchy

Defines the user's data scope in the system



Select the authorized role(s) to assign to the user.   The user can be assigned more than one role.

Manager; Admin

Login Information



User name

The name must be unique in the entire system.


Password, Confirm password

The password must be at least 6 characters.


Additional Information



Custom fields 1-6

Type additional custom information in fields 1–6. See “How to define and change additional fields” for information on how to create custom fields. LINK HERE



  1. When you have filled out all appropriate fields, click Preview to review your work.
  2. If you want to make changes, or if any error messages identify fields that you have not specified, click Edit User Information, make those changes, and click Preview again.
  3. When you are satisfied with all details, click Submit. (If you decide not to create a system user at this time, click Cancel.)
    You then see a message confirming the new user, including that user's system ID number. It might look like this:                          mifosuserconfirm.png

How to view existing system users

  1. To see the details on any existing system user, click Admin > View System Users, type the name of the user, and click the Search button.
  2. All users with that name appear, identified by their office.

  3. When you see the one you were searching for, click that name to see details on that user.

How to change a system user

  1. Search for details on a system user in any of the following ways:
  • In the Admin screen, type the system ID for the user in the box in the left navigation panel, and click Search.
  • From Admin > View System Users, type the name of the user and click Search.
  • In the user details screen that results, click Edit User Information. (If you want to see changes that have been made to this user before now, click View Change Log.)
  • If you want to make any notes about the user, click the Add Note button; type a note in the Note box; click Preview to review the note; if you want to change the note, click Edit, make the changes, and click Preview again; when you are satisfied with all the changes, click Submit.
  • Make any changes necessary in the screen that appears, and click Submit.