Collaboration
Role-based access control in AccBooks AI
ByAccBooks Team · · 3min read
Overview
AccBooks uses role-based access control (RBAC) to ensure every user sees and can do exactly what their role requires — nothing more. This protects sensitive data, prevents accidental changes and provides a clear audit trail.
Built-in roles
| Role | Who it’s for | Key permissions |
|---|---|---|
| Owner | Business owner, managing director | Everything, including billing and deleting the company |
| Accountant | External accountant or senior finance team member | Full accounting access, no billing/deletion |
| Bookkeeper | Finance assistant, data entry | Classify transactions, upload documents, no journal posting |
| Read-only | Investor, manager | View dashboards and reports, no changes |
| Client | Client of an accounting firm | View their own company’s data, upload documents |
Detailed permissions matrix
| Feature | Owner | Accountant | Bookkeeper | Read-only | Client |
|---|---|---|---|---|---|
| Dashboard | ✓ | ✓ | ✓ | ✓ | ✓ |
| Bank feeds — view | ✓ | ✓ | ✓ | ✓ | — |
| Bank feeds — manage | ✓ | ✓ | — | — | — |
| Reconcile transactions | ✓ | ✓ | ✓ | — | — |
| Post journals | ✓ | ✓ | — | — | — |
| Invoices — view | ✓ | ✓ | ✓ | ✓ | ✓ |
| Invoices — create/send | ✓ | ✓ | ✓ | — | — |
| VAT returns | ✓ | ✓ | — | — | — |
| Payroll | ✓ | ✓ | — | — | — |
| Reports | ✓ | ✓ | ✓ | ✓ | ✓ |
| Settings — company | ✓ | ✓ | — | — | — |
| Settings — team | ✓ | — | — | — | — |
| Billing | ✓ | — | — | — | — |
Custom roles
If the built-in roles don’t fit your needs, create a custom role:
- Go to Settings → Team → Roles → Create role.
- Name the role (e.g., “Finance Manager — no payroll”).
- Select individual permissions from the list.
- Click Save role.
- Assign the role to any team member.
Custom roles are available on Pro and Enterprise plans.
Restricting access to specific companies
If you run multiple companies in AccBooks, a team member’s role applies per-company. The same person can be an Accountant in one company and Read-only in another. Manage this under each company’s Settings → Team.
The Firm portal (for accounting firms)
Accounting firms can manage multiple client companies from a single Firm portal dashboard:
- Register your firm under Settings → Firm (available to Accountant-role users).
- Add client companies to your firm.
- Switch between client companies without logging out.
- Assign firm staff to specific clients with individual role permissions.
The Firm portal shows a triage view of all clients — unreconciled transactions, outstanding tasks and upcoming filing deadlines across your entire book of clients.
Multi-factor authentication
For sensitive roles (Owner, Accountant), enforce 2FA under Settings → Security → Enforce 2FA for role. Users in these roles must set up an authenticator app (Google Authenticator, Authy, etc.) before they can access the account.
IP allowlisting
Enterprise plans can restrict access to specific IP addresses or IP ranges. Go to Settings → Security → IP allowlist. Only connections from allowed IPs can authenticate.
Audit trail
Every action by every user is logged with:
- Timestamp (UTC)
- User name and email
- IP address
- Action type and detail
- Before and after values (for changes)
Go to Audit log to search and filter the audit trail. Logs are retained for 7 years and are included in data exports.
Was this article helpful?
Thanks for your feedback!