Where to find it
Path: Company > Users / Security Groups, or Help > Help Center > Security permissions.
Use this path from the main QBM window. If the command is not visible, confirm that the user has access to the related module and permission for that screen.
Guide Summary
| Audience | Administrators, support staff, implementation team, AI agents, and developers. |
|---|---|
| Applies To | QBM users, security groups, screen access, report access, document permissions, QSalesView, QClock, activation links. |
| Purpose | Identify whether a blocked action is caused by permissions, inactive user, password issue, token issue, or connection issue. |
| Last Updated | 2026-05-18 |
Security Concepts
| Concept | Meaning |
|---|---|
| User Type | Normal users, power users, administrators, cashier users, and web app users may have different access. |
| Security Group | Controls access to screens, reports, and actions. |
| Screen Access | Permission to open a form or module. |
| Report Access | Permission to view or run reports, including manager reports. |
| Document Permissions | Read, edit, delete, browse, or other document-level controls. |
| Browse Password | Extra control used by some workflows before protected browse or access actions. |
| Inactive User | User account cannot complete normal work until reactivated or corrected. |
Expected result: Support can tell whether the issue is login, inactive user, token, screen permission, report permission, document permission, or browse password.
Step-By-Step Checks
- Confirm the exact user and security group.
- Confirm the exact screen, report, document, or action blocked.
- Check whether another user in the same group can perform the action.
- Check whether the user is inactive or recently changed.
- Check whether the action requires browse password, manager permission, cost/profit permission, or delete permission.
- For QSalesView, confirm application permission and manager report permission.
- For activation or password setup, confirm token freshness and account match.
Common Messages
| Message | Meaning | First Check |
|---|---|---|
| Access denied | User lacks permission for the screen, report, or action. | Check security group and exact action. |
| Invalid Token | Activation or password setup token cannot be used. | Request a fresh link and confirm account. |
| Sorry, you do not have permission | QBM or QSalesView permission validation blocked the request. | Check application and report permissions. |
| Password is case sensitive | Password entry does not match exactly. | Check Caps Lock and keyboard language. |
Important: If a user gets "Invalid Token" during activation or password setup, it does not automatically mean the user is deactivated. It usually means the token is expired, already used, broken in the URL, or does not match the account. The account may remain inactive because password setup was not completed.
Troubleshooting Decision Tree
- Can the user log in? If no, check password, inactive status, account, and connection first.
- Can the user open the screen? If no, check screen permission.
- Can the user run the report? If no, check report permission and manager/cost/profit permissions.
- Can the user view but not edit or delete? Check document-level permissions.
- Does a token fail? Generate a fresh token and confirm account match.
- If permissions look correct but access still fails, collect logs and escalate.
What To Send To Support
- User name and security group.
- Screen, report, document type, and action.
- Exact message and screenshot.
- Whether another user in the same group can perform the action.
- Whether user, group, password, or activation changed recently.
Security Notes
- Do not ask for passwords.
- Do not give broad administrator access as a shortcut unless management approves it.
- Do not share activation tokens publicly.
- Use the least permission required for the user's role.