AI Finance Team — Roles & Permissions
This guide describes how access works in AI Finance Team. It covers what users can do based on their role and how membership is granted.
How the Platform Is Organized
AI Finance Team supports collaboration between accounting firms and their clients. The structure is:
- Accounting organizations are firms or practices that prepare financial records for their clients.
- Client organizations are the businesses whose books are being kept.
- A workspace represents one client engagement. The accounting firm manages the workspace; the client uses it. Accountants typically work across multiple workspaces; client users see only their own.
Users have two kinds of roles: an organization-level role within their organization and a workspace role within each workspace they belong to.
Organization-Level Roles (Accounting Firm Members)
Every member of an accounting firm has an organization-level role. This determines what they can do across the whole firm, independent of any specific workspace.
| Organization role | Typical user | Key capabilities |
|---|---|---|
| Admin | Founder, partner, or senior accountant | Create workspaces, manage the team, join any workspace, approve join requests |
| Member | Accountant or staff | Works inside workspaces they have been added to; can request to join others |
Organization admins can do everything a member can do, plus:
- Create new client workspaces (see Workspaces)
- See all workspaces that belong to the firm on the dashboard, including ones they haven't personally joined
- Join any firm workspace with one click (they are added as accountant admin)
- Approve or reject join requests submitted by organization members (see Joining a Workspace below)
- Manage the firm's team from the Organization settings page: invite new members, promote/demote, remove members, and revoke pending invitations
Organization members (non-admin accountants) work only in workspaces they have been explicitly added to or have requested to join. They do not see the Organization settings page or the Join button on the dashboard, but they can request access to any workspace in the firm.
Client-side users (client owner, client member) have no organization role on the accounting firm side. They exist entirely within the workspaces they've been invited to.
Organization Settings
The Organization settings page is accessible from the bottom of the sidebar for organization admins. It provides:
- A list of all current team members with their roles and email addresses
- Controls for promoting a member to admin or demoting an admin to member
- A bulk invite form — add up to 10 rows in one go, each with an optional name pre-fill and a chosen role, plus an optional personal message shared with the whole batch (see Inviting People below)
- A list of pending organization invitations with the ability to copy the link again or revoke
- An inbox of pending workspace join requests submitted by organization members
Plain organization members (non-admin accountants) can view the member list but cannot take any actions.
Workspace Roles
Every member of a workspace has one of four roles. This determines what they can see and do within that specific workspace.
| Role | Side | Typical user |
|---|---|---|
| Accountant admin | Firm | Lead accountant on the engagement |
| Accountant | Firm | Supporting accountant or staff |
| Client owner | Client | Founder, CEO, or senior decision-maker at the client |
| Client member | Client | Bookkeeper, controller, or assistant at the client |
Accountant Admin
The lead accountant on the client engagement.
Can do:
- Everything an accountant can do
- Invite new members to the workspace (other accountants or client users)
- Revoke pending workspace invitations
- See the workspace's full member list
- See the firm's full team in addition to the workspace members (the "Your team at [Firm Name]" section in workspace settings)
Accountant
A supporting accountant from the firm.
Can do:
- View the workspace dashboard, invoices, bank transactions, closing, and reports
- Upload invoices on behalf of the client
- Edit invoice headers (direction, entity, partner)
- Edit invoice line item categories
- Approve or override AI-generated categorizations
- Match invoices to bank transactions
- Add internal notes on transactions (visible only to accountants)
- Access bank transaction details
Cannot:
- Invite or remove workspace members
- See the firm's full team list (only sees members of this specific workspace)
Client Owner
The senior person at the client company.
Can do:
- See the workspace dashboard and invoices
- Upload invoices and receipts
- View the workspace member list
- Invite other client users to join the workspace as client members
- View, create, and edit reports (see Reports)
Cannot:
- Edit invoice headers or line item categories
- Access bank transactions
- See accountant-only notes
- Access closing
- Invite accountants
Client Member
Other users at the client company who interact with the platform.
Can do:
- See the workspace dashboard and invoices
- Upload invoices and receipts
- View the workspace member list
- View, create, and edit reports (see Reports)
Cannot:
- Edit invoice headers or line item categories
- Access bank transactions
- See accountant-only notes
- Access closing
- Invite anyone
What Each Role Sees
Sidebar Navigation
| Section | Accountant admin | Accountant | Client owner | Client member |
|---|---|---|---|---|
| Home | ✓ | ✓ | ✓ | ✓ |
| Invoices | ✓ | ✓ | ✓ | ✓ |
| Bank transactions | ✓ | ✓ | — | — |
| Closing | ✓ | ✓ | — | — |
| Reports | ✓ | ✓ | ✓ | ✓ |
| Settings | ✓ | ✓ | ✓ | ✓ |
| Organization settings | organization admin only | — | — | — |
Settings → Team Section
| Component | Accountant admin | Accountant | Client owner | Client member |
|---|---|---|---|---|
| Workspace members list | ✓ | ✓ | ✓ | ✓ |
| "Your team at [Firm Name]" section | ✓ | — | — | — |
| Invite new member form | ✓ | — | ✓ (client roles only) | — |
| Pending invitations list | ✓ | — | ✓ | — |
| Revoke pending invitation | ✓ | — | ✓ (own invites) | — |
The client owner's invite form is restricted: they can invite other client members, but cannot invite accountants or other client owners.
Invoices
| Action | Accountant admin | Accountant | Client owner | Client member |
|---|---|---|---|---|
| Upload an invoice | ✓ | ✓ | ✓ | ✓ |
| View invoice details | ✓ | ✓ | ✓ | ✓ |
| Edit header (direction, entity, partner) | ✓ | ✓ | — | — |
| Edit line item categories | ✓ | ✓ | — | — |
Clients submit raw documents; accountants do the categorization and verification.
Reports
| Action | Accountant admin | Accountant | Client owner | Client member |
|---|---|---|---|---|
| View reports and drill down | ✓ | ✓ | ✓ | ✓ |
| Create a new report | ✓ | ✓ | ✓ | ✓ |
| Edit report structure (lines, categories, expressions) | ✓ | ✓ | ✓ | ✓ |
| Rename or delete a report | ✓ | ✓ | ✓ | ✓ |
How Membership Works
Inviting People
Both workspace settings (for an accountant admin or a client owner) and Organization settings (for an organization admin) expose the same invite panel. The flow is the same in both places.
The panel lets you queue up to 10 invites in one batch:
- One row per recipient — fill in the email address and pick a role. The role dropdown is restricted based on where you are (e.g. a client owner can only invite client members; an organization admin can only invite at organization level).
- An optional Name field per row. If you fill it in, the recipient's invitation email opens with their name (e.g. "Hi Anna,") instead of "Hi there," and the signup form pre-fills their full name when they accept.
- An optional Message textarea (max 500 characters) that the whole batch shares. URLs in the message become clickable links in the email.
- Click Send invite (or Send N invites when the batch has more than one row). Each successful row drops out of the form; rows that failed to send (e.g. duplicate email) stay with an inline error so you can fix them and retry.
After sending, AI Finance Team emails each recipient automatically with the invitation link and your custom message. You no longer need to copy and share the URL by hand — though the inviter still sees the link as a fallback in case email delivery fails.
Each invitation:
- Expires 14 days after creation
- Can be revoked by the inviter at any time before acceptance
- Is bound to the specific email address provided
Accepting an Invitation
When the recipient clicks the invite URL:
- If they're not signed in, they're directed to log in or sign up. The invitation token is preserved through the auth flow. Their full name is pre-filled on the signup form if the inviter provided one.
- If they sign in with a different email than the invitation was sent to, the page surfaces a "Wrong account? Sign out" link so they can switch identities without losing the invitation.
- If they sign up, an account is created with the email the invitation was sent to.
- On successful acceptance:
- Workspace invitation → they are added to the workspace and redirected to it.
- Organization invitation → they are added to the firm's team and redirected to the workspace dashboard. A guest-admin banner appears at the top of any workspaces they're not yet a member of, with a one-click Join button.
Joining a Workspace
There are three ways to end up in a workspace:
- You accept an invitation. Standard path — see above.
- You're an organization admin. All workspaces in the firm are visible to you on the dashboard. Workspaces you haven't joined show a Join button — click it and you're added as accountant admin immediately.
- You're an organization member and you request to join. Organization members see a "Browse firm workspaces" view listing workspaces they don't belong to. Clicking Request to join sends a request to all organization admins of the firm. They review the request in their Organization settings inbox and either approve (you're added as accountant) or reject (you get a notification email explaining why).
The third path is new — it replaces the older flow where organization members had to ask an admin to add them manually.
After Acceptance
A new member sees the workspace immediately. Their role determines what's visible according to the tables above. Their account exists at the platform level, so if they later leave the workspace (or are added to another), their account persists.
Removing a Member
Admins can remove a member who has already accepted:
- Workspace member — an accountant admin can remove anyone from the workspace (except themselves if they're the only admin). The action lives in the workspace's Team page next to each member name.
- Organization member — an organization admin can remove anyone from the firm. This also removes them from every workspace they were in. The action lives on the Organization settings page.
Removed users keep their account at the platform level — they just lose access to that workspace or firm.
What's Not Yet Built
A few capabilities the data model supports but the user interface doesn't yet expose:
- Bank connection management UI. Bank account data exists but the UI for clients to connect, disconnect, or manage their bank link is not yet built.
- Export to accounting software. The export feature is not yet built.
- Approval workflows. Such as requiring senior approval before an invoice is finalized.
- Audit trail. Visibility into who did what and when.
These are planned but not part of the current release.
This represents the platform as it exists today. As features ship, this document gets updated to reflect new capabilities.