The right access for every job.

Owners, accountants, sales reps, viewers — give each role the exact permissions it needs and nothing more.

  • Sensible default roles
  • Custom roles when you need them
  • Enforced everywhere — UI and API
  • Updates audited

What you get

Owners, accountants, sales — fine-grained access for every job.

Defaults that work

Out of the box: Owner, Admin, Accountant, Sales, Viewer. Most teams never need more.

Custom when needed

Build roles that match your org. Toggle permissions per resource.

Enforced everywhere

RBAC isn't UI-only — the API enforces the same checks. No backdoors.

Audit any change

Role assignments and permission edits are logged like everything else.

How it works

  1. 1

    Pick a default role

    Most teams start with Owner / Admin / Accountant / Viewer.

  2. 2

    Customize if needed

    Edit a role or build a new one with the exact permissions you want.

  3. 3

    Assign on invite

    Roles attach to users at invite time and can change later.

  4. 4

    Review periodically

    The Roles page shows who has what — review and tighten any time.

Frequently asked

Can I limit a user to just one part of the system?

Yes. Custom roles can grant or deny each resource individually.

Can my accountant see reports without editing data?

Yes. The default Accountant role has full read access plus journal-entry rights.

Are role changes audited?

Yes. Every assignment and permission edit is on the audit log.

Ready to run cleaner books?

Open Nefin in minutes. No credit card required.