<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=7314612&amp;fmt=gif"> What Are the User Security Profiles in Nimbello?
Skip to content
English
Create Ticket Customer portal Sign in
nimbello.com
  • There are no suggestions because the search field is empty.

User Security Profile Definitions

Learn what each Nimbello user role does, what permissions it includes, and how to assign security profiles based on responsibilities in your AP workflow.

 

User Security Profile Definitions

User Security Profiles determine what actions a user can perform and what information they can access within Nimbello. Each profile is designed to support specific responsibilities within the Accounts Payable workflow.

Security profiles are stackable, meaning a user can be assigned multiple roles if their responsibilities require it.

For example:

  • A user who manages system settings and approves invoices could be assigned both Super User and Approver.
  • A user who oversees AP operations and also participates in approvals may be assigned AP Admin and Approver.

Assign roles based on the responsibilities the user needs to perform in the system.

Workflow User Security Profiles:

AP Admin

Users assigned the AP Admin role are responsible for managing the overall invoice workflow and resolving certain processing issues.

Permitted Actions

  • View all invoices within Nimbello
  • Review and resolve AP Review holds (e.g. Invalid Vendor, Potential Duplicate Invoice)
  • Assign Approval Groups to invoices when automatic assignment is not configured
  • Monitor invoice processing across the system

Restricted Actions

AP Admins do not have permission to:

  • Modify system configurations (unless also assigned Super User)
  • Manage users, Approval Groups, or Allocation Groups

Super User

Users assigned the Super User role are responsible for maintaining system configurations and managing the overall Nimbello environment.

Permitted Actions

  • Full administrative access to Nimbello
  • Create and manage users
  • Configure and maintain Approval Groups, Automations, and Allocation Groups
  • Update and manage site settings and system configurations

Restricted Actions

  • Super Users typically do not participate in day-to-day invoice processing (unless assigned additional roles)

Approver
Users assigned the Approver role are responsible for reviewing and approving Non-PO invoices for payment.

Permitted Actions

  • View Non-PO invoices assigned to them
  • Participate in Approval Groups
  • Approve invoices within their assigned groups

Restricted Actions
Approvers do not have permission to:

  • Edit invoice data
  • Access invoices outside of their assigned Approval Groups (unless combined with another role)
  • Access any PO invoices

Buyer
Users assigned the Buyer role are responsible for reviewing and resolving PO-related invoice discrepancies.

Permitted Actions

  • View PO invoices
  • Review and resolve invoice holds related to purchase order discrepancies
  • Edit invoice data when needed to resolve discrepancies between the invoice and the purchase order

Restricted Actions
Buyers do not have permission to:

  • View or approve Non-PO invoices
  • Modify system configurations
  • Access invoices outside of their assigned scope

Auditor
Users assigned the Auditor role have read-only access for oversight, auditing, and reporting purposes.

Permitted Actions

  • View all invoices within the system
  • Access reporting and audit-related data
  • Monitor workflow activity without participation

Restricted Actions
Auditors do not have permission to:

  • Approve invoices
  • Edit or modify invoice data
  • Modify System Configurations

View Only – Specified Groups
Users assigned this role have limited, view-only access to invoices within specific Approval Groups.

Permitted Actions

  • View invoices within designated Approval Groups
  • Monitor invoice activity for specific departments or teams

Restricted Actions
These users do not have permission to:

  • Approve invoices
  • Edit or modify invoice data
  • Access invoices outside of their assigned Approval Groups
  • Modify System Configurations

OCR User Security Profiles:

OCR Level 1 Access

Users assigned OCR Level 1 access are authorized to perform standard invoice processing and verification tasks within the OCR system.

Permitted Actions

  • Log in to the OCR system
  • Perform Data Verification
  • Select and work within a batch
  • Process invoices
  • Perform OCR Map Training
  • Submit invoices
  • Route invoices to the Exceptions queue

Restricted Actions
OCR Level 1 users do not have permission to:

  • Delete invoices
  • Reprocess batches
  • Access Training Data

OCR Level 2 Access

Users assigned OCR Level 2 access have all permissions granted to OCR Level 1 users, along with additional capabilities for handling exceptions.

Additional Permitted Actions

  • Access the Exceptions Tab
  • Delete invoices

Note: OCR Level 2 users inherit all permissions from OCR Level 1 unless otherwise restricted.