ERP Users & Roles
The ERP has its own users and roles, separate from the rest of WordPress. You decide who on your team can open the ERP and what each person is allowed to see and do — an accountant works with invoices and the ledger, a warehouse worker with stock and purchasing, an HR manager with staff records, and so on.
Roles control what someone can do inside the ERP. Their actual login — username, password and any extra security you use — is always handled by WordPress.
User management is part of the Business plan and lives in the ERP under Settings → Users. Only an ERP Administrator can open it.
The ERP is a Business-plan feature. If your license is on the Starter plan the ERP will appear locked. See Plans & Features to compare plans.
The eight roles
When you add a team member you give them one role. Each role opens only the parts of the ERP that job needs — everything else stays hidden.
| Role | What they can work with |
|---|---|
| ERP Administrator | Everything, including Settings and Users. Full control. |
| Manager | Invoicing, Customers, Inventory, Purchasing and CRM. (No Accounting, no HR.) |
| Accountant | Invoicing, Customers and Accounting. |
| Warehouse Staff | Inventory and Purchasing. |
| Sales | Invoicing, Customers and CRM. |
| HR Manager | HR only. |
| Employee (Self-Service) | Their own My HR area only — not the rest of the ERP. |
| Viewer (Read-only) | Can view every module except HR, but cannot make any changes. |
A few things that apply across all roles:
- Everyone sees the Dashboard — the ERP's landing summary.
- The Customers list is available to roles that handle invoicing or sales (Administrator, Manager, Accountant, Sales), since it's shared by invoicing and CRM.
- The operational roles (Manager, Accountant, Warehouse Staff, Sales, HR Manager) can fully work inside their own modules — create, edit and delete — but only see the modules listed for them.
- The Viewer role is different: it can look at almost everything but change nothing. It's ideal for an owner, bookkeeper or advisor who needs visibility without edit rights.
Because HR holds sensitive personal data (contact details, tax and social-security numbers, bank details), it is kept out of the read-only Viewer's reach and hidden from every role except HR Manager and ERP Administrator. Each staff member still sees their own details through My HR. See the HR module for more.
Anyone who is a WordPress administrator is automatically treated as an ERP Administrator — even without an ERP user record — so the owner of the site is never locked out of their own ERP.
Adding a team member
- In the ERP, go to Settings → Users.
- Click + Add User.
- Enter the person's Email, a Display Name, and choose a Role.
- Click Create User.
What happens next depends on whether that email already has a WordPress login on your site:
- New person (no existing login): a WordPress account is created for them and they receive the standard WordPress "set your password" email. They follow the secure link and choose their own password — you never set or see it.
- Existing person (already has a login — for example a staff member or an existing customer): no new account is created. ERP access is simply added to their existing WordPress login, and they sign in with the password they already use. No password email is sent.
Your site must be able to send email for the set-password message to arrive. If a new user says they never received it, check your site's email delivery first.
Changing someone's role
You can change a person's role at any time, without recreating them:
- Go to Settings → Users.
- Find the person in the list.
- Pick a new role from the Role dropdown on their row. The change takes effect immediately.
Giving an employee a self-service login
The Employee (Self-Service) role is what powers the personal My HR area, where a staff member can check their own details and request leave. You don't usually create these accounts here — you create them in one step straight from the HR module's employee form, which sends the same set-password email and assigns the Employee role automatically.
See Giving an employee a self-service login on the HR page for the full steps.
Removing or pausing access
Each person in the Settings → Users list shows their status (Active or Inactive), when they last signed in, and the actions available to them.
Deactivate (pause access)
To temporarily remove someone's ERP access — for example while they're on extended leave — click Deactivate on their row and confirm. Their ERP access is switched off immediately, but their record is kept so you can restore it later. Their WordPress login is untouched.
Reactivate
To restore a paused user, click Reactivate on their (now Inactive) row. Their ERP access is switched back on with the same role.
Remove
To permanently remove someone from the ERP, first Deactivate them, then click Remove and confirm. This deletes their ERP profile and access, and unlinks them from any HR employee record. Their WordPress account is kept — they may still be a customer, hold orders, or have written content on your site — so if you also want to remove that login, do it separately in WP Admin → Users. Removal cannot be undone.
The ERP won't let you deactivate or remove the last remaining ERP Administrator, so there is always at least one person who can manage the system.
A branded sign-in page for your staff (optional)
By default, when a staff member opens the ERP without being signed in, they're sent to the standard WordPress login form. You can instead give them a clean, branded sign-in page at your site's /erp/login address — a nicer entry point for a team that lives in the ERP and never touches the WordPress dashboard.
To turn it on:
- In the ERP, go to Settings → General.
- Scroll to the Login Portal card.
- Tick Enable standalone branded login portal.
- Optionally set a Login Logo URL (it falls back to your site icon) and a Primary Color to match your brand.
- Click Save Login Portal.
From then on, visiting https://your-site/erp/ while signed out shows your branded sign-in page instead of the WordPress form. Staff sign in with their usual email or username and password, with Keep me signed in and a Forgot password? link available.
The branded page is only a nicer surface — WordPress still performs the actual sign-in. Any login protection you already have (two-factor, brute-force limits, the lost-password flow) keeps working exactly as before. A wrong username or password simply shows an error on the branded page and lets the person try again.
Related
- ERP overview — how the ERP modules fit together and how to open them.
- HR module — employee records, leave, and the My HR self-service area.
- Plans & Features — what's included in the Business plan.