> ## Documentation Index
> Fetch the complete documentation index at: https://docs.antei.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Access Control & Audit

> Overview of Antei’s role-based access model, permission types, and audit trail capabilities for enterprise-grade control and traceability.

<Icon icon="lock-keyhole" size={26} color="#4B5563" />

# Access Control & Audit

Antei uses a **role-based access control (RBAC)** model to ensure users have the appropriate level of access based on their function. Every action is logged, traceable, and scoped to the organization for compliance and security.

***

## Core Concepts

* **Org-Scoped Access** — All access is scoped to a specific organization. Users cannot see or affect other orgs.
* **Role-Based Control** — Access is granted based on assigned role (Admin, Tax Manager, etc.).
* **Resource-Level Permissions** — Permissions are configured for modules like Reconciliation, Vault, Billing, etc.
* **Granular Permission Types** — Create, Read, Update, Delete, Download, Integrate, Purchase.
* **Fully Auditable** — All access changes and data actions are logged.

***

## Roles & Descriptions

| Role             | Description                                                            |
| ---------------- | ---------------------------------------------------------------------- |
| **Admin**        | Full system access. Manages users, settings, and sensitive operations. |
| **Tax Manager**  | Oversees filings, notices, reconciliations, and return workflows.      |
| **Tax Preparer** | Prepares data, reconciles transactions, supports return generation.    |
| **Team Member**  | Provides financial inputs but doesn’t manage tax workflows.            |
| **Auditor**      | Read-only access to history, returns, logs, and compliance data.       |
| **Viewer/Guest** | Limited view into dashboards and status metrics.                       |
| **Tech Member**  | Manages integrations and system connectivity only.                     |
| **Other**        | Anonymous or unclassified access.                                      |

***

## Resource Categories

| Category     | Resources                                                                                                                          |
| ------------ | ---------------------------------------------------------------------------------------------------------------------------------- |
| **Taxation** | Compliance Exposure, Services, Reconciliation, Returns, Invoice Generator,Tax Dashboards, Filing Summaries, Payment Link Generator |
| **Settings** | Integrations, Billing, Access Control, Org Settings, Data Logs                                                                     |
| **Assets**   | Vault, Fixed Assets, Operational Assets                                                                                            |
| **General**  | Products, Customers, Transactions, Invoices                                                                                        |

***

## Permission Types

| Permission    | Description                                   |
| ------------- | --------------------------------------------- |
| **Create**    | Add new records (e.g., invoices, tax filings) |
| **Update**    | Modify existing entries                       |
| **Read**      | View details, reports, dashboards             |
| **Delete**    | Temporarily remove records (soft-delete only) |
| **Download**  | Export files, reports, or audit logs          |
| **Purchase**  | Buy services, licenses, or modules            |
| **Integrate** | Set up or modify external system connections  |

***

## Audit Trails

Antei logs every significant user action:

* Logins, session activity, and timeouts
* Changes to settings, permissions, and configurations
* CRUD operations on core data (transactions, invoices, returns)
* Manual overrides in unprocessed records
* Integration sync history and webhook results

> 🔒 All logs are timestamped, scoped to user & org, and visible under **Org Settings → Audit Trail**.

***

## Access Control Principles

* **Least Privilege** — Users are granted only the access needed for their role
* **Resource-Level Scoping** — Access can be tailored per module but **not** per country/entity
* **Permission Customization** — Admins can override default permissions per user or role
* **Manual Overrides Tracked** — All changes to validation and mapping are logged

***

## Coming Soon

We will soon publish a downloadable **Role × Resource × Permission** matrix for enterprise audit and compliance teams.

***

## FAQs

<Expandable title="Who can assign or modify user roles?">
  Only users with the **Admin** role can assign or change roles for others within the same organization.
</Expandable>

<Expandable title="Can multiple roles be assigned to the same user?">
  No. Each user holds a **single role per organization**. However, they can belong to multiple orgs with different roles.
</Expandable>

<Expandable title="Can I control access to specific countries or entities?">
  No. **Country or entity-level access** is not currently supported. Access is scoped by **resource/module only**.
</Expandable>

<Expandable title="Can I customize permissions for individual users?">
  Yes. Admins can override default role permissions on a per-user basis via the **Access Control** settings.
</Expandable>

<Expandable title="Is audit data tamper-proof?">
  Yes. Audit logs are **immutable**, timestamped, and stored with org context. They cannot be modified or deleted by users.
</Expandable>

<Expandable title="Can I export access logs?">
  Yes. Logs can be exported as **CSV or JSON** for compliance review and external audits.
</Expandable>

***

## Need Help?

For help configuring access or understanding audit logs, reach out to [support@antei.com](mailto:support@antei.com).
