Report Permissions & Role Setup
AccuArk controls access to reports through 18 role-based permissions. Each permission governs a group of related reports. This article explains every permission, describes how the role hierarchy affects report access, and provides step-by-step instructions for granting report permissions to your users.
How Report Permissions Work
Each report in AccuArk checks for a specific RPT_VIEW permission when it opens. If the current user's role does not include that permission, the report will not appear in the Reports menu and cannot be accessed. Permissions are assigned at the role level, meaning all users with a given role share the same report access.
Complete List of Report Permissions
The following table lists all 18 RPT_VIEW permissions, their IDs, and the reports they control:
| ID | Permission | Reports Controlled |
|---|---|---|
| 1 | RPT_VIEW_SALES | POS Sales Report, Sales by Item, Sales Summary, Sales by Category/Customer/Cashier/Location (Sales Analysis), Sales by Time Period, Average Ticket/Basket Analysis (Sales Trends), Top Items/Slow Items (Top & Bottom) |
| 2 | RPT_VIEW_EXCEPTIONS | Returns/Refunds, Voids/Cancelled Transactions, Discounts Summary, Price Overrides, No-Sale/Drawer Open Events, Negative Margin Sales |
| 3 | RPT_VIEW_AR | Accounts Receivable Aging, Open Invoices, Customer Statements, Credits/Credit Memos, Unapplied Payments |
| 4 | RPT_VIEW_POS_SHIFTS | Shift Detail, Cash Drawer Reconciliation, Paid In/Paid Out, Daily Close (Z Report) |
| 5 | RPT_VIEW_BILLS | Accounts Payable Aging, Bills Detail, Vendor Statements, Vendor Credits |
| 6 | RPT_VIEW_PAYMENTS_MADE | Payments by Method, Check Register, Disbursement Summary |
| 7 | RPT_VIEW_VENDORS | Vendor Payment History, Vendor Performance |
| 8 | RPT_VIEW_PURCHASING | Purchasing Summary, Open Purchase Orders, Receiving Report, Backorders, Ordered vs Received vs Billed |
| 9 | RPT_VIEW_INV_ONHAND | Stock Availability, Stock by Location, Inventory Valuation, Reorder Alert |
| 10 | RPT_VIEW_INV_MOVEMENT | Inventory Movement Ledger, Inventory Adjustments, Transfers, Receiving Detail, Negative Stock Exceptions |
| 11 | RPT_VIEW_INV_COSTING | Purchase History by Item, Cost Changes, Vendor Price List |
| 12 | RPT_VIEW_INV_ANALYTICS | Inventory Turnover, Days on Hand, Dead Stock, Fast/Slow Movers |
| 13 | RPT_VIEW_FINANCIAL | Financial Dashboard, Trial Balance, Profit and Loss, Balance Sheet, Cash Flow Statement, P&L by Location |
| 14 | RPT_VIEW_ACCOUNTING | General Ledger Detail, Journal Entries, Journal Entry Audit, Sales Tax Liability, Taxable vs Non-Taxable, Tax Exempt Sales, Tax by Jurisdiction |
| 15 | RPT_VIEW_CASH_MGMT | Deposits/Cash Drops, Cash Flow Summary, Paid In/Paid Out Summary, Cash by Location |
| 16 | RPT_VIEW_CUSTOMERS | Customer List, Customer Activity, Top Customers, Customer Retention, Store Credit/Gift Card Liability |
| 17 | RPT_VIEW_EMPLOYEES | Clock In/Out Detail, Hours Worked Summary, Overtime Summary, Break Compliance, Edited Punches Audit, Labor Cost vs Sales, Sales per Labor Hour, Staffing by Hour, POS Actions by Employee, Permissions/Role Assignments |
| 18 | RPT_VIEW_AUDIT | Login Audit, Lockouts/Auth Failures, User Sessions, Permission Changes, Voids/Refunds Approvals, Price Overrides Audit, Manual Discounts Audit, Inventory Adjustments Audit |
Role Hierarchy and Default Access
AccuArk's role hierarchy determines the default level of report access:
| Role | Default Report Access |
|---|---|
| Super Admin (role_id=6) | All 18 RPT_VIEW permissions granted automatically. Full access to every report. |
| Location Admin (role_id=7) | All 18 RPT_VIEW permissions granted automatically. Full access to every report, scoped to their assigned locations. |
| Manager (role_id=8) | No report permissions by default. Must be explicitly granted. |
| Employee (role_id=9) | No report permissions by default. Must be explicitly granted. |
| Accountant (role_id=10) | No report permissions by default. Must be explicitly granted. |
Super Admins and Location Admins always have full report access and this cannot be removed. For all other roles (Manager, Employee, Accountant), report permissions must be explicitly assigned by an administrator.
How to Grant Report Permissions
Follow these steps to add report access to a role:
- Go to Settings > Roles & Permissions from the main menu
- Select the role you want to edit from the role list (e.g., Manager)
- Scroll down to the Reports section in the permissions panel
- Check the box next to each RPT_VIEW permission you want to grant
- Click Save to apply the changes
All users with that role will immediately gain access to the newly granted reports. No restart or re-login is required.
To remove report access, uncheck the permission and save. The reports will disappear from the user's Reports menu on their next menu refresh.
Best Practices by Role
The following recommendations balance operational needs with the principle of least privilege:
Managers
Managers typically need visibility into day-to-day operations. Recommended permissions:
- RPT_VIEW_SALES — Monitor sales performance and trends
- RPT_VIEW_EXCEPTIONS — Review voids, refunds, and discounts for loss prevention
- RPT_VIEW_POS_SHIFTS — Verify cash drawer accuracy and shift close-outs
- RPT_VIEW_EMPLOYEES — Track attendance, hours, and labor costs
Optionally add RPT_VIEW_INV_ONHAND if the manager is responsible for stock levels at their location.
Accountants
Accountants need access to financial data but typically do not need operational reports. Recommended permissions:
- RPT_VIEW_FINANCIAL — Financial statements including P&L and Balance Sheet
- RPT_VIEW_ACCOUNTING — General ledger, journal entries, and tax reports
- RPT_VIEW_BILLS — Accounts payable and vendor bills
- RPT_VIEW_PAYMENTS_MADE — Outgoing payment tracking
- RPT_VIEW_AR — Accounts receivable and customer balances
- RPT_VIEW_VENDORS — Vendor payment history and performance
This set gives accountants everything they need for bookkeeping, tax preparation, and financial reporting without exposing operational or employee data.
Employees
Employees generally should have limited or no access to reports. They can view their own data through the My Work menu (My Timecard, My Profile, My Team Dashboard) without needing any RPT_VIEW permissions.
If you have senior employees who assist with management tasks, consider creating a custom role (such as "Senior Employee" or "Shift Lead") with a targeted set of report permissions rather than granting broad access to the base Employee role.
Security Considerations
- Audit access is sensitive — RPT_VIEW_AUDIT reveals login patterns, session data, and permission changes. Only grant this to roles that have a legitimate need for security oversight.
- Financial data is confidential — RPT_VIEW_FINANCIAL and RPT_VIEW_ACCOUNTING expose profit margins, account balances, and tax data. Restrict these to accounting and executive roles.
- Employee data is protected — RPT_VIEW_EMPLOYEES shows attendance, hours, and labor costs. In many jurisdictions, this data has privacy implications. Only grant to roles responsible for HR or payroll.
- Review permissions periodically — Run the Permission Changes audit report to verify that report permissions have not been expanded beyond what is intended.
Tips
- Start restrictive, then expand — It is easier to grant additional permissions upon request than to clean up overly broad access after the fact
- Use custom roles for special cases — Rather than granting exceptions to a base role that affects all users with that role, create a new role with the specific permissions needed
- Document your decisions — Keep a record of which roles have which report permissions and why, so that the rationale is clear when permissions are reviewed later
- Test from the user's perspective — After changing permissions, log in as a user with that role to verify that the Reports menu shows exactly what you expect