Accounting Permissions and Role Setup
AccuArk uses a granular permission system to control who can view, create, edit, and delete financial data. This guide covers every accounting permission code and how they map to the built-in roles.
Permission Codes
The following permission codes control access to accounting features:
| Permission Code | Description |
|---|---|
| FIN_VIEW_COA | View the Chart of Accounts |
| FIN_MANAGE_COA | Create and edit accounts in the Chart of Accounts |
| FIN_VIEW_TRANSACTIONS | View account transaction history |
| FIN_CREATE_TRANSACTION | Create new transactions and journal entries |
| FIN_EDIT_TRANSACTION | Modify existing transactions |
| FIN_DELETE_TRANSACTION | Delete transactions |
| FIN_VIEW_ACCOUNT_TYPES | View and manage account types |
| FIN_CLOSE_PERIOD | Close and lock accounting periods |
| FIN_REPAIR_BALANCES | Run the account balance repair utility |
| FIN_VIEW_REPORTS | Access all financial reports (Dashboard, Trial Balance, P&L, Balance Sheet, AP/AR Aging) |
| FIN_VIEW_BILLS | View vendor bills |
| FIN_CREATE_BILL | Create new vendor bills |
| FIN_CANCEL_BILL | Cancel vendor bills |
| FIN_PAY_BILLS | Process bill payments |
| FIN_MANAGE_BILL_SCHEDULE | Create and manage recurring bill schedules |
| FIN_MANAGE_RECURRING | Create and manage recurring journal entry templates |
Default Role Assignments
AccuArk ships with five built-in roles. Here is how accounting permissions are assigned by default:
| Permission | Super Admin | Location Admin | Manager | Employee | Accountant |
|---|---|---|---|---|---|
| FIN_VIEW_COA | Yes | Yes | No | No | Yes |
| FIN_MANAGE_COA | Yes | No | No | No | Yes |
| FIN_VIEW_TRANSACTIONS | Yes | Yes | No | No | Yes |
| FIN_CREATE_TRANSACTION | Yes | No | No | No | Yes |
| FIN_EDIT_TRANSACTION | Yes | No | No | No | Yes |
| FIN_DELETE_TRANSACTION | Yes | No | No | No | Yes |
| FIN_VIEW_ACCOUNT_TYPES | Yes | No | No | No | Yes |
| FIN_CLOSE_PERIOD | Yes | No | No | No | Yes |
| FIN_REPAIR_BALANCES | Yes | No | No | No | Yes |
| FIN_VIEW_REPORTS | Yes | Yes | No | No | Yes |
| FIN_VIEW_BILLS | Yes | Yes | No | No | Yes |
| FIN_CREATE_BILL | Yes | No | No | No | Yes |
| FIN_CANCEL_BILL | Yes | No | No | No | Yes |
| FIN_PAY_BILLS | Yes | No | No | No | Yes |
| FIN_MANAGE_BILL_SCHEDULE | Yes | No | No | No | Yes |
| FIN_MANAGE_RECURRING | Yes | No | No | No | Yes |
Understanding the Access Levels
Super Admin
Has unrestricted access to all accounting features. The Super Admin role bypasses all permission checks.
Accountant
Has full access to all accounting features. This is the intended role for bookkeepers and financial staff who need to manage the general ledger, create journal entries, run reports, and close periods.
Location Admin
Can view the Chart of Accounts, view transaction history, and view financial reports. Cannot create, edit, or delete transactions. This is appropriate for store managers who need to see financial data for their location but should not modify the books.
Manager and Employee
No accounting access by default. These roles are intended for operational staff. If a manager needs limited financial visibility, a Super Admin can add specific FIN permissions to their role.
Customizing Permissions
To customize which permissions a role has:
- Navigate to Employees > Roles & Permissions
- Select the role you want to modify
- Find the Financial (FIN) permissions section
- Check or uncheck individual permissions
- Save the changes
Changes take effect the next time the affected user logs in.
Best Practices
- Principle of least privilege — Only grant the permissions each user actually needs. A data entry clerk who creates bills should have FIN_VIEW_BILLS and FIN_CREATE_BILL but not FIN_DELETE_TRANSACTION.
- Separate duties — The person who creates transactions should not be the same person who closes periods. Use the Accountant role for day-to-day work and reserve FIN_CLOSE_PERIOD for a supervisor.
- Location-based access — Remember that location access is controlled separately through user_location_access records. A user with FIN_VIEW_REPORTS can only see data for locations they have been granted access to with view_transactions enabled.
- Audit trail — Every financial action is logged regardless of permission level. You can review who did what using the Transaction Audit History feature.