# Admin, settings, security, module access, audit, and approvals > Screenshots use representative demo data captured from a live environment; some lists are empty where the demo tenant is unseeded. Public docs deliberately avoid passwords, tokens, and real endpoint secrets. For support, collect screenshots and steps — never secrets. Administration: the Settings hub, users and roles, module access and seats, organization and branches, finance defaults, display and translations, audit log, approvals, webhooks, and notifications. [← Public docs landing](README.md) · [Open HTML version](admin-security.html) ## The Settings hub - **What.** A tabbed hub: General, Security, Users, Roles, Module Access, Organization, Security Dashboard, Accounting Defaults, AI Configuration, AI Sessions, Currencies, Branches, Display, Translations, Languages, Email SMTP, Billing, Data Import. SuperAdmins also manage companies and the database. - **How.** Open *Settings*; the left tab list indexes everything. Start at General, then work down: people, capabilities, structure, finance defaults, usability. - **Wisely.** Configure Settings before onboarding users — defaults here flow into every document. Treat Settings access as privileged. ![Settings → General](assets/screenshots/web/settings-general.png) ## Users and roles — access control - **What.** *Users* creates accounts and assigns roles, unlocks, and resets. *Roles* defines the company role set and permission matrix; system roles are read-only. - **How.** Create a user and assign roles; the table shows status, roles, and last sign-in. Build custom roles by composing permissions. - **Wisely.** Grant least privilege; spot dormant accounts via last sign-in. Pair roles with approvals for segregation of duties. ![Users](assets/screenshots/web/settings-users.png) ![Roles & permissions](assets/screenshots/web/settings-roles.png) ## Module Access — entitlements and seats - **What.** Activates marketplace modules for the org and assigns seats per user. Each module shows an *Activated* toggle and a *Seats* count with *Manage seats*. - **How.** Toggle a module On for the org, then assign seats. In the demo CRM is On with 1 seat; HR, Group Consolidation, Rental, Exhibition, POS, Manufacturing, and the *Advanced* modules are available but Off. - **Wisely.** Activation and seats are separate — turning a module on does not give everyone access. If a user reports a missing module, check Module Access first; the marketplace redirect is this system working. ![Module Access](assets/screenshots/web/settings-module-access.png) ## Organization and branches - **What.** *Organization* holds company identity/structure; *Branches* defines operating locations/units for scoping and reporting. - **How.** Set organization details, then define each branch. - **Wisely.** Model branches to match how you report — set up before transacting so documents are attributed correctly. ![Organization](assets/screenshots/web/settings-organization.png) ![Branches](assets/screenshots/web/settings-branches.png) ## Finance defaults — accounting, currencies, exchange rates - **What.** *Accounting Defaults* sets default accounts/posting rules; *Currencies* defines transaction currencies; *Exchange Rate Settings* controls rate sourcing/application. - **Wisely.** Get default accounts right before invoicing. Keep exchange rates current so foreign-currency balances are not misstated. ![Accounting Defaults](assets/screenshots/web/settings-accounting-defaults.png) ![Currencies](assets/screenshots/web/settings-currencies.png) ![Exchange Rate Settings](assets/screenshots/web/settings-exchange-rates.png) ## Display, translations, and localisation - **What.** *Display* controls presentation (formats, theme); *Translations*/*Languages* manage interface languages — English, Arabic (RTL), Spanish, French. - **Wisely.** Set formats to local convention up front; use translations for industry terminology; demo the RTL switch. ![Display](assets/screenshots/web/settings-display.png) ![Translations](assets/screenshots/web/settings-translations.png) ## Audit log — traceability Records who did what and when. Reach for it first when investigating changes; treat it as read-only history. ![Audit Log](assets/screenshots/web/audit.png) ## Approvals — control and segregation of duties The worklist of items awaiting sign-off. Route material transactions through approvals, make the approver different from the originator, and clear the queue by deciding. ![Approvals](assets/screenshots/web/approvals.png) ## Webhooks and notifications *Webhooks* deliver ERP events to external systems; *Notifications* (the bell) surface approvals, reminders, and background-job results in-app. ![Webhooks](assets/screenshots/web/webhooks.png) ![Notifications](assets/screenshots/web/dashboard-notifications.png) **Wisely.** Use webhooks for event-driven integration; keep signing secrets and endpoint URLs in secure config. Treat notifications as a worklist to act on. ## Related pages - [Overview, login, and dashboard](overview.md) - [Accounting, reports, banking, tax, and payments](finance.md) - [Sales, purchase, contracts, and rental](commercial.md) - [Inventory, manufacturing, marketplace, and add-ons](operations.md) - [AI, ARIA assistant, document scan & draft, and AI setup](ai-automation.md) - [Troubleshooting, browser requirements, and support handoff](troubleshooting.md)