User roles
This document outlines the role-based access control system implemented in our platform, detailing standard user roles, permission categories, and security best practices to ensure data security and operational efficiency.
Our platform uses a role-based access control system designed to enhance both data security and operational efficiency. This system limits access to ensure users only interact with necessary functions and data, maintains compliance with regulatory requirements for data protection, and streamlines workflow by allowing efficient management of tax compliance processes.
Standard User Roles
The platform provides the following standard roles:
- Owner
- The Owner role provides complete control over the platform with full access to the solution. Users with this role can access all projects from organizations they belong to and can reset user passwords. With Read/Write/Maintenance privileges, this role works well for system administrators and compliance officers. For SAF-T administration, Owners have comprehensive control over SAF-T configuration, submission processes, and error handling.
- Reader (Guest)
- The Reader role grants read-only access to assigned projects, allowing users to view information without the ability to change data. This role works for auditors, consultants, and executives who need overview access to the system. Within SAF-T administration, Readers can view SAF-T reports and submission status but can't make changes.
- Writer (Collaborator)
- Writers have access to assigned projects with modification rights, enabling them to use the solution and change data, though they can't perform system maintenance. This role suits finance team members and tax professionals who need to work with the data directly. Writers can upload and download files as well as see all related data; they can also manage users for their assigned projects.