Entity restrictions for users
Related information
Related topics
In a multi-entity shared company, users log in to the top level of the company. Users can switch to any entity to which they have access.
If you have administrator privileges, you can:
- Create and edit users at the top level of the company.
- Control which entities a user can access.
Types of entity restrictions
Access to entities can be restricted on a user-by-user basis. Restricting a user by entity helps ensure that only authorized users can enter transactions and make changes. For example, an AP specialist might work with a particular entity only.
- Unrestricted. Users who are not restricted to particular entities can log in to the top level and go to any entity.
- Restricted to 2 or more entities. Users who are restricted to 2 or more entities can log in to the top level and access a subset of entities. They cannot switch to restricted entities, and will not see those entities in lists.
- Restricted to a single entity without top level access. Users cannot switch to any other entities. For ease of navigation, signing in takes the user directly to that entity.
- Restricted to a single entity with top level access. If the Enable access to top level checkbox is selected for a user, that user can access the top level even if they're restricted to a single entity. Signing in takes the user directly to the top level.
The actions that a user can take within entities, and at the top level of a company, are further controlled by the user's permissions.
Effects of restrictions on records
If a user who is restricted to specific entities changes a record involving entities outside their restricted view, only those portions of the record that the restricted user can access are saved. Attempts to save any portion of the change outside the user restrictions may produce an error.
For example, suppose a journal entry approver has permission to approve a particular transaction, but is subsequently restricted from accessing an entity or location used for the transaction. The newly restricted user can no longer approve the journal entry, as they can't see the entirety of the transaction. A user with unrestricted access to the journal entry would need to approve the journal entry instead.
Restrict a user to one or more entities
You can allow user access to any set of entities, including elimination entities. Elimination entities are used with Global Consolidations and Domestic Consolidations. For all General Ledger reports that include consolidation books, users must have access to all entities included in the book.
Users restricted to two or more entities log in to the top level of the company.
| Subscription | Administration |
|---|---|
| User type | Business user with admin privileges |
| Permissions | Users: List, View, and Edit |
- Ensure you are working at the top level of your Intacct company by selecting Top level above the application bar.
- Go to Company > Admin > Users, roles, and groups > Users.
- Locate the user and click Edit.
- Select the User entities tab.
- Select the drop-down and select an entity to restrict a user to.
- Select Save, then enter your password to verify your identity.
- If you are restricting a user to a single entity, you need to enable access to the top level for that user.
Enable user access to the top level
Users who are restricted to a single entity in a multi-entity company cannot log in at the top level because they are restricted to a single entity.
However, administrators can select Enable access to top level for those users who are restricted to a single entity in a multi-entity company. Granting access to the top level enables users restricted to a single entity to log in to the top level by default when logging in to a company.
It's a best practice for administrators to enable access to the top level for all users who are restricted to a single entity in a multi-entity shared company.
Users with access to more than one entity can always access the top level.
| Subscription | Administration |
|---|---|
| User type | Business user with admin privileges |
| Permissions | Users: List, View, and Edit |
- Ensure you are working at the top level of your Intacct company by selecting Top level above the application bar.
- Go to Company > Admin > Users, roles, and groups > Users.
- Locate the user and click Edit.
- Select User entities.
- Select Enable access to top level.
- Select Save, then enter your password to verify your identity.
Grant user access to all entities
If a user should be able to access all entities, then verify that the Entity table on the User entities tab is blank.
| Subscription | Administration |
|---|---|
| User type | Business user with admin privileges |
| Permissions | Users: List, View, and Edit |
- Ensure you are working at the top level of your Intacct company by selecting Top level above the application bar.
- Go to Company > Admin > Users, roles, and groups > Users.
- Locate the user and click Edit.
- Select the User entities tab.
- Select Delete (Trash can) for each entity.
- Select Save, then enter your password.
