Add your team

Invite users, assign roles, and control access with RBAC.

AskBooks ships with role-based access control (RBAC). Each user gets exactly one role per tenant.

Roles - **Super Admin** — full access, including billing and tenant deletion. - **Admin** — full functional access, no billing. - **Accountant** — books, invoices, GST returns. Cannot manage users. - **Manager** — sales/purchase, but no GL postings. - **Employee** — limited to assigned modules (timesheets, expenses). - **Viewer** — read-only.

Inviting a user Go to **Settings → Users → Invite**. Enter the email and pick a role. They receive a signed invite link valid for 72 hours. On first login they set up password and (mandatory) MFA.

Changing or revoking access Click any user in the list. **Change role** updates instantly. **Revoke** signs them out from all sessions and disables further logins; their audit trail entries are preserved.

Best practice Use the principle of least privilege. The most common mistake is granting Admin to everyone — instead, grant Accountant or Manager and elevate only when needed.