Access Control & Audit Antei uses a role-based access control (RBAC) model to ensure users have the appropriate level of access based on their function. Every action is logged, traceable, and scoped to the organization for compliance and security.
Core Concepts
Org-Scoped Access — All access is scoped to a specific organization. Users cannot see or affect other orgs.Role-Based Control — Access is granted based on assigned role (Admin, Tax Manager, etc.).Resource-Level Permissions — Permissions are configured for modules like Reconciliation, Vault, Billing, etc.Granular Permission Types — Create, Read, Update, Delete, Download, Integrate, Purchase.Fully Auditable — All access changes and data actions are logged.
Roles & Descriptions Role Description Admin Full system access. Manages users, settings, and sensitive operations. Tax Manager Oversees filings, notices, reconciliations, and return workflows. Tax Preparer Prepares data, reconciles transactions, supports return generation. Team Member Provides financial inputs but doesn’t manage tax workflows. Auditor Read-only access to history, returns, logs, and compliance data. Viewer/Guest Limited view into dashboards and status metrics. Tech Member Manages integrations and system connectivity only. Other Anonymous or unclassified access.
Resource Categories Category Resources Taxation Compliance Exposure, Services, Reconciliation, Returns, Invoice Generator,Tax Dashboards, Filing Summaries, Payment Link Generator Settings Integrations, Billing, Access Control, Org Settings, Data Logs Assets Vault, Fixed Assets, Operational Assets General Products, Customers, Transactions, Invoices
Permission Types Permission Description Create Add new records (e.g., invoices, tax filings) Update Modify existing entries Read View details, reports, dashboards Delete Temporarily remove records (soft-delete only) Download Export files, reports, or audit logs Purchase Buy services, licenses, or modules Integrate Set up or modify external system connections
Audit Trails Antei logs every significant user action:
Logins, session activity, and timeouts
Changes to settings, permissions, and configurations
CRUD operations on core data (transactions, invoices, returns)
Manual overrides in unprocessed records
Integration sync history and webhook results
🔒 All logs are timestamped, scoped to user & org, and visible under Org Settings → Audit Trail .
Access Control Principles
Least Privilege — Users are granted only the access needed for their roleResource-Level Scoping — Access can be tailored per module but not per country/entityPermission Customization — Admins can override default permissions per user or roleManual Overrides Tracked — All changes to validation and mapping are logged
Coming Soon We will soon publish a downloadable Role × Resource × Permission matrix for enterprise audit and compliance teams.
FAQs Show Who can assign or modify user roles?
Only users with the Admin role can assign or change roles for others within the same organization.
Show Can multiple roles be assigned to the same user?
No. Each user holds a single role per organization . However, they can belong to multiple orgs with different roles.
Show Can I control access to specific countries or entities?
No. Country or entity-level access is not currently supported. Access is scoped by resource/module only .
Show Can I customize permissions for individual users?
Yes. Admins can override default role permissions on a per-user basis via the Access Control settings.
Show Is audit data tamper-proof?
Yes. Audit logs are immutable , timestamped, and stored with org context. They cannot be modified or deleted by users.
Show Can I export access logs?
Yes. Logs can be exported as CSV or JSON for compliance review and external audits.
Need Help? For help configuring access or understanding audit logs, reach out to support@antei.com . 
