text.skipToContent text.skipToNavigation

User Roles and Permissions Help

The Roles and Permissions section allows you to easily manage access and authority to perform certain functions on the site.

Firstly, there is some terminology to explain. System roles are sets of user profiles that have a defined set of permissions. Any user with a system role assigned will be bound by those permissions and some, like cash customers, are given a default role which cannot be edited.

You can create bespoke user roles for your organisation from the default system roles. These are only available to assign to the account users belonging to your organisation and contain the same set of permissions as defined in the system role but you are able to turn permissions on and off as necessary. User roles can be created and maintained by customer and Arco administrators. Each web user can be assigned only one user and system role.

Job roles are used to designate a logical grouping of employees. They are assigned to both employees and web users while system and user roles are assigned to web users only. Job roles are used to filter employees when assigning specific functions (eg wearer lists, spend control rules etc). Job roles can be created and maintained by customer and Arco administrators.

Types of User Role

The Cash User role is automatically given to someone who registers as an individual, against a single-use account. The permissions profile includes:

  • See prices
  • Show own orders
  • Place an order
  • Manage delivery addresses

An Account User role is given to someone who registers online with an existing account or who is being invited to register by their account administrator. The My Account screen is the same as a Cash User however, the permissions profile can be edited by an administrator. For example, approval permissions could be given to allow the account user to approve or reject requisitions.

The Key User role is enables the user to manage other users within their organisation; they have the ability to create, validate and delete users as well as amend user information.

The Account Admin User role gives the user Key User permissions but also allows them to manage user permissions and request changes to account settings and features.

As well as the permissions of the Account Admin User role, the ARM Admin User role gives the user the ability to manage Product Access Control (PAC) and spend control online. See PAC and spend control help pages for more info.

The Admin User role is used to give access to the storefront functionality that allows them to manage user roles, linked organisations, payment cards, product access control (PAC), spend control limits, purchase lists, logos, cost centres, orders and requisitions. More information on these can be found in the help links at the bottom of this page.

For more information on system roles, contact Arco Administrators via the contact us page.


There are two types of permission: global and approval. Users with approval permissions can approve product and spend control requisitions.

Customers with an account user role (and the correct permissions themselves) can change the permission profile of a user role and/or create new user roles with names that suit their organisation and the permissions they need.

Permissions can be:

  • Enabled: switched on and green
  • Disabled: switched off and red
  • Not Set: not visible for editing

Special conditions exist around Product Access Control (PAC) lists to avoid certain permissions conflicting with each other. Having permission to manage them means the Hide Excluded Products permission can't be enabled. Therefore, whenever either the Manage PAC List or Administer PAC List permissions are enabled, the Hide Excluded Products becomes disabled (if it was already enabled) and un-editable. If the PAC List permissions are subsequently disabled, then Hide Excluded Products remains disabled but becomes editable.

All Help