User Roles in the CFO Solution Platform

Last updated on 2026-05-11

Overview

There are two types of user roles in the Lucanet CFO Solution Platform:

  • User roles for Administration: Control access to the workspaces under Administration.
  • User roles for individual solution: Determine permissions within an individual solution. They are assigned individually per solution.

This article contains the following sections:

User Roles for Administration

User roles for Administration are assigned when you grant a user access to the Administration area. The following user roles are available for Administration:

Administrator

Users with the Administrator role manage the Lucanet CFO Solution Platform and have access to all workspaces under Administration:

  • User management: Creating, editing, and deleting users and user groups
  • Platform management: Viewing Lucanet licenses, configuring external authentication, managing certificates, and configuring customizations

 

For the Consolidation & Financial Planning solution, an Administrator also needs the CFP role Master or Administrator to manage user roles.

License Manager

Users with the License Manager role act as authorized representatives with contractual authority. They are authorized to initiate binding license upgrades, extensions, and changes via the Lucanet CFO Solution Platform. All actions performed by License Manager users are legally binding. Grant this role only to users authorized to enter into contractual commitments.

Permissions:

The permissions of a License Manager depend on whether they also have the Administrator role:

  • License Manager only (without Administrator): Sees only the Lucanet licenses workspace in the Administration area and can request license upgrades there (see Managing Lucanet Licenses).
  • License Manager and Administrator: Can additionally assign the License Manager role to other users and perform all other Administrator tasks.

 

The initial assignment of the License Manager role is made by Lucanet during onboarding.

There must always be at least one user with the License Manager role in your environment.

User Roles for Individual Solutions

Each solution has its own user roles, which define which tasks a user can perform within that solution.

Consolidation & Financial Planning
There are two sets of user roles available for the Consolidation & Financial Planning solution:
  • Data model roles
    • Editor: Editors have read and write permissions for all workspaces or certain workspaces within the Lucanet data model.
    • Group Report data collector: Group report data collectors have read permission for the Lucanet data model. They can also execute all tasks required to collect data in relation to Lucanet.Group Report.
    • Observer: Observers have read permission for all workspaces or certain workspaces within the Lucanet data model.

You can assign detailed permissions for accessing the data model in the CFO Solution Platform for users created in Consolidation & Financial Planning (see Defining User Permissions for Data Model Roles).

  • User management roles
    • Master: Masters have unrestricted write and read permissions for user management. There must be at least one Master per database.
    • Administrator: Administrators have write and read permissions for user management. Administrators can, similarly to the master role, manage all users and user groups, but have more limited permissions than masters. An administrator is only able to assign the permissions defined by the master.
    • Observer: Observers have read permission for all workspaces or certain workspaces within the Lucanet data model.

These user management roles apply to user management in Lucanet.Financial Client. In the Lucanet CFO Solution Platform, access to Administration is required to manage users. To manage Consolidation & Financial Planning roles and permissions, platform administrators also need either the Master or Administrator user management role described above.

Data Collection

Administrator: The Administrator role is designed for users responsible for setting up and managing the Data Collection environment. Administrators configure all elements required before data collection can begin, including form templates, validation rules, and reporting packages.

Data Collector: The Data Collector role is designed for users who participate in the data collection process. Data Collectors do not have access to the Administration section (form templates, validation rules, reporting entities, and reporting packages). Depending on their reporting entity-level assignment, Data Collectors can enter data, submit forms for approval, or review and approve submitted data.

 

For more information on user roles in the Data Collection solution, see User Roles in Data Collection.

 

Lease Accounting
  • Data collector: The Data collector role is designed for users responsible for gathering and entering lease contract information into the system.
  • Executive reviewer: The Executive reviewer role is intended for users who oversee lease accounting processes, approve critical operations, and perform final steps including posting.
  • Lease operations administrator: The Lease operations administrator role is designed for users who manage day-to-day lease accounting operations with extensive functional access, comprising the permissions of both Data collector and Executive reviewer roles.
  • Auditor: The Auditor role provides comprehensive read access across the system for audit and compliance purposes.
  • Settings administrator: The Settings administrator role is specialized for users responsible for system configuration and maintenance.
  • Full access administrator: The Full access administrator role provides the highest level of system access for comprehensive administration. Full access administrators can create, assign, update, and manage users for the Lease Accounting solution from the Administration workspace in the platform.
xP&A
  • Administrators: Administrators can:
    • Create, edit, and share models. 
    • Add and remove people to and from the organization
    • Create teams, e.g. Finance Team or Marketing Team.
  • Editors: Editors can:
    • Create, edit, and share models
    • Create proposals and accept proposals on the model
  • Data collectors: Data collectors can propose edits to models with some other actions allowed. They can:
    • Write comments
    • Annotate charts
    • Propose changes to variables and dimension items
    • Propose to add, rename, delete or link dimension items

      But they cannot:
    • Add, delete, or update visuals, variables, groups, and sections
    • Add, delete, or update models, folders, or data sources
  • Viewers:
    • Can view dashboards shared with the organization but cannot access underlying models to make changes.
    • Can create their own models, but cannot share models with the organization.

Notes:

  • You can add viewers to your organization for free.
  • If a user is a viewer, they will only ever be able to view the model dashboards of the models that are shared within the organization.
  • If a user is an editor, they will have view and edit access to models or views shared within the organization.
ESG Reporting

Administrator: Users with the ESG Administrator user role can perform the following tasks:

  • Accessing the ESG reports overview and the state of data collection
  • Creating new ESG reports 
  • Administrating master data
  • Configuring the ESRS questionnaire 
  • Checking, approving and rejecting submitted ESG reports
  • Starting data aggregation

 

Data collector: Users with the ESG Data collector user role can perform the following tasks:

  • Entering data in the ESG report to which the Data Collector has been assigned
  • Submitting data for checking
  • Viewing the state of data collection for the ESG report to which the Data Collector has been assigned

 

For more information on user roles in the ESG Reporting solution, see User Roles and User Interface in ESG Reporting.

Disclosure Management
  • Administrator: Automatically receives the role of Global Administrator within the Disclosure Management solution, along with all solution-wide and cross-document administrative permissions.

    This means he can, for example, display, edit, and delete all documents, edit the global settings, and assign user roles to himself and all other users within Disclosure Management.

    At least one user with the Administrator role must be created for Disclosure Management.
  • Editor: Automatically receives the role of Global Editor within the Disclosure Management solution.
  • Reviewer: Automatically receives the role of Global Reviewer within the Disclosure Management solution.
  • Reader: Automatically receives the role of Global Reader within the Disclosure Management solution.
  • No specific role: These users initially receive no specific role within the Disclosure Management solution. Only when a user role is assigned by a Global Administrator can different permissions be assigned.

 

For more information on the specific permissions of each role, see Creating and Editing User Roles for Disclosure Management.

XBRL Tagger

Administrator: Users with the Administrator role have full access to all documents in the XBRL Tagger. They can view and perform all actions on all documents in the company, and assign roles and documents to other users.

Editor: The Editor is the standard user role. Users with this role can perform all available actions within the documents they have created or to which they have been invited.

Banking & Cash Management
  • Administrator: Users with the Administrator role are granted comprehensive access to Banking & Cash Management. Administrators can view all data, including financial figures and identities, and access all configuration settings—such as users, channels, bank profiles, and accounts. This is the most powerful role in the solution and becomes fully operational after completing the initial user creation process.
  • No specific role: Users assigned with No specific role receive the Essential role within the Banking & Cash Management solution and have only the most basic permissions. This allows access to the user interface and their own profile, without permission to view data or use any functions.
    For a user with No specific role to be able to access data or perform any actions in the solution, the Administrator must grant the necessary permissions. Depending on requirements, the Administrator can enable access to selected identities, functionalities (such as processing payments or reviewing account statements), or authorization processes.
Contact Us