Data Hierarchy & Permissions
Access Control & Audit
Overview of Antei’s role-based access model, permission types, and audit trail capabilities for enterprise-grade control and traceability.
Access Control & Audit
Antei uses a role-based access control (RBAC) model to ensure users have the appropriate level of access based on their function. Every action is logged, traceable, and scoped to the organization for compliance and security.Core Concepts
- Org-Scoped Access — All access is scoped to a specific organization. Users cannot see or affect other orgs.
- Role-Based Control — Access is granted based on assigned role (Admin, Tax Manager, etc.).
- Resource-Level Permissions — Permissions are configured for modules like Reconciliation, Vault, Billing, etc.
- Granular Permission Types — Create, Read, Update, Delete, Download, Integrate, Purchase.
- Fully Auditable — All access changes and data actions are logged.
Roles & Descriptions
| Role | Description |
|---|---|
| Admin | Full system access. Manages users, settings, and sensitive operations. |
| Tax Manager | Oversees filings, notices, reconciliations, and return workflows. |
| Tax Preparer | Prepares data, reconciles transactions, supports return generation. |
| Team Member | Provides financial inputs but doesn’t manage tax workflows. |
| Auditor | Read-only access to history, returns, logs, and compliance data. |
| Viewer/Guest | Limited view into dashboards and status metrics. |
| Tech Member | Manages integrations and system connectivity only. |
| Other | Anonymous or unclassified access. |
Resource Categories
| Category | Resources |
|---|---|
| Taxation | Compliance Exposure, Services, Reconciliation, Returns, Invoice Generator,Tax Dashboards, Filing Summaries, Payment Link Generator |
| Settings | Integrations, Billing, Access Control, Org Settings, Data Logs |
| Assets | Vault, Fixed Assets, Operational Assets |
| General | Products, Customers, Transactions, Invoices |
Permission Types
| Permission | Description |
|---|---|
| Create | Add new records (e.g., invoices, tax filings) |
| Update | Modify existing entries |
| Read | View details, reports, dashboards |
| Delete | Temporarily remove records (soft-delete only) |
| Download | Export files, reports, or audit logs |
| Purchase | Buy services, licenses, or modules |
| Integrate | Set up or modify external system connections |
Audit Trails
Antei logs every significant user action:- Logins, session activity, and timeouts
- Changes to settings, permissions, and configurations
- CRUD operations on core data (transactions, invoices, returns)
- Manual overrides in unprocessed records
- Integration sync history and webhook results
🔒 All logs are timestamped, scoped to user & org, and visible under Org Settings → Audit Trail.
Access Control Principles
- Least Privilege — Users are granted only the access needed for their role
- Resource-Level Scoping — Access can be tailored per module but not per country/entity
- Permission Customization — Admins can override default permissions per user or role
- Manual Overrides Tracked — All changes to validation and mapping are logged