Permissions and access control for software
How access to the Software module is controlled — what each permission allows, and how record sets limit which applications a user can see. For account owners and admins.
Before You Begin
- Only account owners and admins can change roles and permissions.
- This article assumes you're familiar with roles in Expiration Reminder. See User Roles & Access Privileges and Custom User Roles & Record Sets.
The Software module uses the same role system as the rest of Expiration Reminder. Software permissions are granted through a user's role, and they govern what a user can do across the module's features.
What the permissions control
- View — see the Software List and open an application's detail page.
- Create — add a new application (controls whether the New Application button appears).
- Edit — change application fields, manage users, add spend, manage invoice intake, edit versions and security posture, and approve invoices.
- Delete — delete (archive) applications.
- Export — export grids to Excel/CSV.
Several features have their own dedicated permissions:
- Licenses — separate permissions for viewing the Licenses tab, managing licenses, and assigning/reclaiming seats. A user can be allowed to view licenses without being able to change them.
- Access requests — a separate decide permission controls who can approve, deny, request more info, provision, and revoke. Submitting a request is open to any signed-in requester.
Step-by-Step InstructionsNote: When a user lacks a permission, the related button is hidden or disabled rather than failing — for example, a viewer won't see New Application, Add Spend Entry, or the access-request decision buttons.
Step 1: Review or change a user's role
- Open Settings → Users.
- Find the user and review their assigned role. See Changing and Assigning User Roles.
Step 2: Adjust software permissions on a custom role
- Open the role you want to change (see Managing Permissions).
- Set the Software permissions (view, create, edit, delete, export) and the dedicated license and access-request permissions to match what that role should do.
- Save.
Step 3: Limit which applications a user sees with record sets
Record sets restrict a user to a subset of records. Applying a record set that scopes software means a user only sees the applications in that set — useful when different teams own different parts of your software inventory.
- Configure record sets as described in Custom User Roles & Record Sets.
- Assign the record set to the relevant role or user.
Tips & Best PracticesTip: Combine a view-only software role with a record set so a department lead can see only their team's applications and nothing else.
- Give software owners edit but reserve delete for admins.
- Use the dedicated license permissions to let an IT specialist manage seats without granting full edit on every application field.
- Keep decide on access requests to a small group of approvers.
- Issue: A user can open an application but can't edit anything. Solution: Their role has view but not edit permission.
- Issue: A user can't see the Licenses tab. Solution: The Licenses tab requires the license view permission specifically.
- Issue: A user sees fewer applications than expected. Solution: A record set is limiting their view. Review the record set assigned to their role.