Booksmor Accounting | Simplified
Start free trial

Team, Roles and Permissions (operational)

How to invite team members, assign roles, customise permissions, and manage access — from inside the app.

How to invite team members, assign roles, customise permissions, and manage access — from inside the app.

For the overview of how multi-user works for prospects, see Multi-company, Team & CA Collaboration. This doc covers the operational flows.

Time to read: ~10 minutes. You’ll need: Owner role (or a custom role with team.manage).

Where to find the screens

  • Setup → Team — list of members + invite + revoke.
  • Setup → Team → Roles — role definitions with the per-feature permissions matrix.

Step 1 — Invite a team member

  1. Setup → Team → click + Invite member.
  2. Fill in:
    • Email — the invitee’s address. They’ll receive a welcome email.
    • Role — pick one of the 9 pre-built roles, or a customised role you’ve created.
    • Temporary password — optional. If you leave it blank, Booksmor auto-generates a 12-character policy-compliant password and emails it.
  3. Click Invite.

The invitee receives an email with the temporary password. On first login, they’re forced to set their own password (the must_change_password flag triggers a redirect to /change-password before any other page renders).

The 9 pre-built roles — summary

RoleOne-line summary
OwnerFull access. Manage users + billing. Cannot demote the last Owner.
ManagerSame as Owner minus billing + user management.
AccountantAll vouchers, all reports, GST prep + file.
CashierReceipts and payments. View customers / vendors. No financial reports.
AuditorRead-only everywhere.
SalespersonSales invoices + customer management. No purchase / financial access.
Store KeeperProducts, stock, delivery challans. View purchases / sales.
Production StoreManufacturing module + view products + stock.
HRPayroll module. No financial / sales access.

These cover most setups. Customise via Setup → Team → Roles if needed.

Step 2 — Customise a role’s permissions

  1. Setup → Team → Roles → click a role’s name.
  2. The permissions matrix opens:
    • Rows: every feature / voucher type / report.
    • Columns: read, create, post (for vouchers); view (for reports).
  3. Tick / untick the cells you want to change.
  4. Click Save.

Changes apply immediately to every user with that role.

Granular permission keys

A few patterns to know:

  • voucher.<type>.<action> — per-voucher-type access. E.g. voucher.sales.create, voucher.purchase.post, voucher.payment.read.
  • report.<report_key> — per-report visibility. E.g. report.pnl, report.balance_sheet, report.sales_register.
  • master.<entity>.<action> — per-master CRUD. E.g. master.customer.write, master.product.read.
  • Module-levelpayroll.read, payroll.write, payroll.disburse, manufacturing.write, etc.
  • Specialperiod.lock (close past periods), bank.import (run bank reconciliation), gst.prepare / gst.file.

Coarse-implies-granular alias

A role with the coarse voucher.read permission implicitly gets every voucher.<type>.read — you don’t need to tick each one individually. Same for voucher.create, voucher.post, master.read, master.write.

This makes roles easier to compose: grant coarse for normal use, then restrict specific types if you need (e.g. grant voucher.read but explicitly remove voucher.payment.read for a salesperson).

Common customisations

”Cashier can see Sales Register”

Default Cashier role has no financial reports. To allow:

  1. Roles → Cashier → find report.sales_register → tick view.
  2. Save.

”Accountant can’t delete vouchers”

Default Accountant has full voucher access. To restrict:

  1. Roles → Accountant → find voucher.delete (or per-type variants) → untick.
  2. Save.

The Accountant can still create + post + edit; just can’t delete.

”Custom role: Branch Manager”

A role for a branch head — can do everything except billing / user management.

  1. Roles+ New role → name it “Branch Manager”.
  2. Tick the permissions you want (often the same as Manager minus a couple of specific ones).
  3. Save.
  4. Assign to relevant team members via their member detail page.

Manage existing members

Change a member’s role

  1. Setup → Team → click the member’s row.
  2. Pick a new role from the dropdown.
  3. Click Save.

Effect is immediate.

Revoke access

  1. Setup → Team → member row → click Revoke.
  2. Confirm.

Their session ends immediately; they can’t log in until you re-invite (with a fresh temporary password if needed).

Historical actions stay in the audit log under their original name/email — revoking doesn’t erase history.

Reset a member’s password

If a member forgot their password, they can use Forgot password on the login page (sends them an OTP to their email). As Owner you can also reset:

  1. Team → member row → Reset password.
  2. Generate a new temporary password (Booksmor creates one).
  3. The member must change it on next login.

Owner-uniqueness guard

You cannot demote or revoke the last Owner. There must always be at least one Owner per company. To transfer ownership:

  1. Promote another member to Owner first.
  2. Then demote yourself.

If you try to revoke the only Owner, you get a clear error and the action is blocked.

Audit log

Every membership / role change creates an audit log entry — visible to any Owner. Useful for compliance:

  • Who invited whom, when.
  • Who changed whose role, when.
  • Who was revoked, when, by whom.

Find it via the Operations → Audit page (or similar admin surfaces depending on your plan).

Common questions

Can two members share one login? Strongly discouraged. Each person should have their own login for audit accountability. There’s no charge for adding more members.

How do I see who’s currently logged in? The audit log shows recent login events. A live “who’s online” view is on the roadmap.

Can I bulk-invite multiple members at once? Not via the UI today. Each invite is one-by-one. For 10+ at a time, contact support — there’s a CLI helper.

My team member’s email changed. Team → member row → Edit email → enter the new address → save. They keep their role, permissions, and historical actions. The new email is what they’ll log in with.

Can I assign multiple roles to one member? One role per member per company. If they need permissions from two roles, create a custom role that combines what they need.

A member sees fewer screens than I expect. The sidebar filters based on the member’s role permissions — they only see groups / pages they have at least one permission for. To debug: open their role’s permissions matrix and check the relevant permission keys.

Can I limit a member to specific customers / branches? Per-record access (e.g. “only customers in Karnataka”) isn’t supported today. The closest workaround: use custom voucher books for branches and grant book-level access via custom roles.

What if my CA needs access but I don’t want them seeing payroll? Either invite them with the Accountant role (no payroll by default), or customise a “CA — no payroll” role. CAID-linked CAs use the special CA role — customise that one via Team → Roles → CA.

Troubleshooting

Invite email didn’t arrive. Check spam. Some email providers block welcome emails from new SaaS senders. Workaround: tell the invitee their email + the temporary password yourself, they can log in and change it.

Member sees “Access denied” on a page you expect them to access. Their role’s permissions matrix is missing the relevant key. Open Roles → [their role] and tick the right permission.

You see “Cannot demote the last Owner” trying to remove yourself. You’re the only Owner. Promote someone else to Owner first.

Need more help? Email support@booksmor.com with the member email and what’s misbehaving.