User permissions are one of the most important components of Sage Intacct’s financial management ecosystem. Properly configuring roles and permissions ensures secure financial operations, compliance with organizational policies, and a smooth user experience across all teams.
Because permissions govern what users can see, do, and approve within Sage Intacct, misconfigurations can lead to reporting inconsistencies, accidental data changes, and even audit findings. This guide explains everything you need to know to configure user access correctly.
1. How Access Control Works in Sage Intacct
Sage Intacct uses Role-Based Access Control (RBAC) to streamline and standardize user permissions.
1. Users
Individual accounts assigned to real people or system connectors.
2. Roles
A reusable grouping of permissions that can be assigned to many users.
3. Permissions
Specific abilities within modules, such as:
- View
- Add
- Edit
- Post
- Approve
- Delete
- Reverse
This layered structure prevents errors and makes it easy to expand your system without rebuilding access from scratch.
2. Types of Access You Need to Understand
A. Entity Access
A user can have access to:
- A single entity
- Multiple entities
- All entities
- Top-level only
Important: Top-level access gives visibility into consolidated data and shared lists—limit this access carefully.
B. Module Access
Each module (AP, AR, GL, Cash Management, Projects, Order Entry, etc.) has its own set of permissions.
Example in Accounts Payable:
- Create bills
- Post bills
- Process payments
- Void payments
- Approve payments
Example in General Ledger:
- Create journal entries
- Post journal entries
- Reverse journal entries
- Manage account groups
- Manage closing periods
Understanding your workflow helps determine who needs what.
C. Functional and Administrative Permissions
Advanced permissions include:
- Manage users
- Modify company info
- Manage Smart Rules & Smart Events
- Create or modify dimensions
- Perform consolidations
- Import data
These permissions should be restricted to system admins or senior accounting personnel.
3. Building a Role Structure: Best Practices for Scalability
The strongest permission systems use defined, reusable roles rather than building unique access for each user.
Recommended Role Framework
- Executives / Leadership
- Read-only at top level
- Dashboard visibility
- Access to financial statements
- Finance Admin / Controller Role
- Full access to GL, AP, AR
- Posting permissions
- Reporting access
- Limited system settings
- AP Role
- Create & post bills
- Approve or process payments (depending on policy)
- Vendor management (optional)
- AR Role
- Create invoices
- Receive payments
- Customer management
- Department / Operational Roles
- View dashboards
- Approve workflows
- Submit purchasing or expenses
- Read-Only Role
- View reports or dashboards without editing anything
This role-based approach eliminates guesswork and prevents misconfigurations.
4. Segregation of Duties (SOD) in Sage Intacct
Adhering to SOD best practices ensures safer accounting operations.
Examples of SOD policies:
- AP processors should not approve payments
- AR staff should not modify items affecting revenue
- Cash managers should not reconcile their own transactions
- Controllers should not approve transactions they created
- Admin rights should not be shared widely
SOD is essential for:
- Audit readiness
- Fraud prevention
- Operational transparency
ADSS Global can help you design a SOD model tailored to your organization.
5. Common Permission Issues & How to Fix Them
Issue 1: User sees entities they should not
Fix: Adjust entity access under user settings or ensure “All Entities” is unchecked.
Issue 2: User cannot post or approve transactions
Fix: Review role permissions → ensure “Post” or “Approve” is selected.
Issue 3: Too many admins
Fix: Consolidate admin roles and assign individual responsibilities.
Issue 4: User cannot access dashboards or reports
Fix: Assign reporting permissions or dashboard visibility.
Issue 5: User approvals not appearing in workflows
Fix: Verify workflow step assignments and ensure approval rights are active.
6. Permission Auditing & Maintenance
Quarterly audits maintain long-term system health.
Audit Checklist
- Export permission matrix for review
- Check for unnecessary admin access
- Confirm temporary permissions were removed
- Validate access for terminated employees
- Confirm entity access aligns with job roles
- Review approval workflows
7. Tips for Long-Term Access Control Success
- Build reusable roles, not individual permissions
- Document your access model
- Limit admin access
- Train department heads on approval workflows
- Review user access during onboarding & offboarding
- Use Smart Rules to block unauthorized changes
ADSS Global provides role design, permission cleanup, and audit support for organizations of all sizes.
8. When to Contact ADSS Global
Reach out if:
- Your permission structure is inconsistent
- You’re preparing for an audit
- Too many users have broad access
- You’re adding new entities or modules
- You want SOD-compliant permission design
If you need tailored support or deeper insights into optimizing Sage Intacct, reach out to ADSS Global—our team is here to help you move forward with clarity and confidence.