How users, roles, and permissions work together

Sage Intacct includes several components that work together to provide a flexible framework for giving users access to applications and features.

Permissions

Permissions give users the ability to access features and complete tasks.

Permissions are not assigned by default except for limited permissions for administrator users. To provide access to applications and features, you must assign permissions after creating a user record. There are three ways to do this: 

  • Assign permissions directly to the user

  • Assign a role to the user

  • Assign the user to a user group associated with one or more roles

Users

  • If your company is set up for user-based permissions, you must assign permissions directly to each user after you create their user record.

    You can save time by using role-based permissions, which allows you to add permissions to a role, and then assign that role to as many users as needed. See Roles for more information.

  • If your company uses role-based permissions, you assign users to a role, which is basically a collection of permissions.

  • When you create a user record, you select a user type. The user type determines the maximum set of features that a user can access in Intacct.

User types

  • User type defines the most that a user can see or do.

  • What a user can actually see and do depends on their permissions.

    See User types and permissions to learn how these features work together.

  • Users cannot access features and activities beyond what's allowed by their user type, regardless of their role or permissions.

Roles

If your company is set up for role-based permissions, you assign a role to a user instead of assigning individual permissions. We strongly recommend using role-based permissions.

A role is basically a group of permissions. Roles save time and make it easier to assign the same set of permissions to multiple users and to ensure that permissions are consistent across users.

For example, you can assign all Accounts Receivable clerks the same role instead of assigning permissions to each of them individually. Or when an employee leaves the company, you can assign their role to their replacement. This ensures that the new employee has the same permissions.

  • Changing a role affects all users assigned to the role.

  • You can assign more than one role to a user.

  • Users with multiple roles have all of the permissions from each role. For example, if Role A and Role B are assigned to a user, and Role A has permissions that Role B does not, the user will have all of the permissions in Role A.

Regional availability

Users, roles, and permissions are available in the following regions:

All regions