Accountant user permissions

  • 11
  • Idea
  • Updated 11 months ago
  • Not Planned
I recently added a new user account for my accountant. I assigned the role of "Accountant" and expected him to be able to make journal entries with his new account (something that all accountants love to do). However, he couldn't do this. Then I discovered that I needed to give him full user permissions so he could add journal entries. I really don't think this is a good idea. Why would you need full user permissions for the entire account just to add journal entries.

I think this needs to change and the ability to do this should come lower down in the permission levels. Also, when you add someone with the role of "Accountant" to your account - it would be good if the permissions slider was automatically set to allow them to add journal entries.
Photo of Andrew

Andrew

  • 24 Posts
  • 1 Reply Like

Posted 9 years ago

  • 11
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Hi Andrew,

The issue here is that journal entries are a fairly complicated accounting issue and therefore we felt it was most appropriate to set them for the full user permission level only, to avoid confusing users who are not accountants and don't have accountants.

Full user permission gives other rights as well as journal entries (e.g. marking VAT returns as filed).

I take your fair point about the role of Accountant maybe automatically having full permission - could I please throw this open to the floor and ask what other users would think of this, please?

Kind regards,

Emily
Photo of Andrew

Andrew

  • 24 Posts
  • 1 Reply Like
Hi Emily

I think there are 2 problems here:
1) It's a bit confusing if you add a user with the role "Accountant" and that person cannot make journal entries.
2) The only way you can allow another user to add journal entries is to give them full permissions. Personally, I do not want someone who's adding journal entries to have access to my account payment details, the ability to cancel my account, the ability to change the main account contact details, the ability to add other users with full user permissions etc etc.

I hope you can see my point :)

Best regards, Andrew
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Hi Andrew,

I hear where you're coming from.

As a workaround it might be possible for you to extend your accountant's user permissions to full temporarily while he/she posts the journal entries, then dial them back down again?

That said though, this does call into question whether you're worried about trusting your accountant, if you're concerned that he/she might start meddling with other areas of your books - after all you're trusting him/her to make complex entries to the accounting engine and work out your tax position for you.

But that's obviously something between you and your accountant in which I won't interfere!

Kind regards,

Emily
Photo of Andrew

Andrew

  • 24 Posts
  • 1 Reply Like
Hi Emily

Thanks for the suggestion. It's not that I don't trust my accountant, it's just that it's generally a good principle to not allow users access to things they don't need access to - especially things like canceling the account or access to the payment details. Why? One reason is that people sometimes write passwords down on post it notes. Let's say the cleaner then gets access. If the cleaner could only mess up a bit of my data with the password that's one thing and I could probably undo the damage. But if the cleaner has access to absolutely everything including payment info then that's another thing all together.

I think your permission structure is very unusual. If you look at most other apps, there is a concept of account "Owner" and often it's only the Owner that has access to things like payment details and cancelling accounts. I would highly recommend that you look at the way something like Basecamp (http://basecamphq.com) is set up with user accounts and permissions.

Best regards, Andrew
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Hi Andrew,

I take your fair point about password disclosure, of course writing passwords down is a bad idea but equally of course people do it! :-)

I'll make a note of your comments about the permission structure and pass them to our product team.

Please do keep the feedback coming, it's by knowing what's important to our customers that we can develop the software.

Kind regards,

Emily
Photo of Stuart Jones

Stuart Jones, Champion

  • 634 Posts
  • 40 Reply Likes
As an accountant I find this really frustrating.

I'm actually working on a FreeAgent client now and I can't complete the final adjustments and make sure the following year is correct because I'm prevented from entering journals!

I understand Andrew's concerns and I can't say I'm too happy that I have the ability to cancel accounts and make payments because it's the only way to enter journals. I use to think it was a matter of trust (as you do) but I now believe it's more than that. I think we have to put ourselves in the client's position rather than saying "you should trust your accountant".

Some of the firms locally I wouldn't trust to walk my dog let alone have full access to data.
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Hi Stuart,

Yours is a different issue again as you are a FreeAgent partner accountant - I think Andrew is setting up a user with type "Accountant".

I hear where you're coming from, but putting my own "think like a client" hat on, if I couldn't trust my accountant not to dip into areas such as payments and users, then I wouldn't want that person within ten feet of my business, far less my books.

I'm thinking that any accountant worth his/her salt carries out all sorts of top-level adjustments that our clients trust us to get right (e.g. accruals), so the extension of that would be that the client trusts the accountant not to meddle with areas like payment and users.

I certainly would never have an accountant, or a solicitor, that I couldn't trust absolutely.

Just my 2pworth.

Kind regards,

Emily
Photo of Stuart Jones

Stuart Jones, Champion

  • 634 Posts
  • 40 Reply Likes
I agree with you 100% Emily and I don't want to turn this into a discussion about accountants but there are some incompetent ones out there especially when they are let loose on software (which they don't fully understand).

The assumption used to be (and for some people still is) that all accountants are technically competent. This is no longer valid and the big problem businesses have is knowing which are the competent ones and which aren't. Until they know they are right to be wary.
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Hi Stuart,

I take your fair point - I guess it's not always easy to separate the sheep from the goats when it comes to choosing an accountant.

MIght there be an argument for setting the "Accountant" permissions differently?

Could I have feedback from yourself, Andrew and other users as to what you'd like accountants to be able to do - and not do?

Thanks very much.

Kind regards,

Emily
Photo of Andrew

Andrew

  • 24 Posts
  • 1 Reply Like
Hi Emily

For me, it's more a question of what an accountant should not have access to. I would definitely exclude them from:
My Account (this is the most important one)

I can't see why they should have access to any of the following but these are not so important:
Display Formats
Company Logo
FreeAgent URL
API & Feeds
Basecamp

Again, this is not about mis-trusting your accountant. It's more about the potential for misplaced passwords that could fall into the wrong hands via your accountant. Why create that risk? Why give them access to things that they will never need and should not have the ability to change? I don't think anyone will ever need their accountant to update the credit card details or cancel their account.

Hope that helps.

Best regards, Andrew
Photo of Stuart Jones

Stuart Jones, Champion

  • 634 Posts
  • 40 Reply Likes
All I want to be able to do is adjust any accounting entries which have already been made, add any which have been omitted and prepare journal entries.

But most importantly i want to be able to enter double entry journals not single entry twice where the second defaults to the current date which usually means a debit in one year and a credit in another!
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Thanks both for your thoughts.

Stuart, comment noted about the double entry journals, but remember most of our users aren't accountants and we're trying to make the software friendly for them!

I'll feed back to the rest of the team with your suggestions for increased flexibility on user permissions.

Please keep the feedback coming, as ever it's very valuable.

Kind regards,

Emily
Photo of Stuart Jones

Stuart Jones, Champion

  • 634 Posts
  • 40 Reply Likes
I don't want it for the clients I want it for the accountants!
Photo of Andrew

Andrew

  • 24 Posts
  • 1 Reply Like
I agree. I think it's quite easy for web apps to cater for different audiences. Correct me if I'm wrong but I would have thought that the most likely users of the journal entry section are going to be accountants. So why not make that particular section user friendly for them?
Photo of Stuart Jones

Stuart Jones, Champion

  • 634 Posts
  • 40 Reply Likes
Thanks Andrew.
Photo of jon

jon

  • 48 Posts
  • 2 Reply Likes
As a new user reading around this and trying to get things set up right, I agree with the sentiments expressed here. It's sounding like the choice of role really has little bearing on what a user can do. Instead it's all down to the permissions slider. In which case the role drop down seems to serve little purpose other than to put a little label next to a user saying "Director" or "Accountant"

I'm sure there are probably a lot of unsuspecting users, who've thought that because there's an option to create an "Accountant" user, that carries with it some kind of control of access.

I know it's a difficult tightrope to walk between making permissions effective, and unwieldy to manage but this really needs to be a little finer grained.

Probably more a selective model, rather than the cumulative one implemented by the slider.

I want the accountant to be able to do everything they need to do, but nothing they don't. Just the same as an employee, shouldn't have access to anything that should be for Director's eyes only.
Photo of Jo Potts

Jo Potts

  • 4 Posts
  • 0 Reply Likes
9 months and it _seems_ that nothing has been done to improve the system with respect to this matter. I think a more selective model like jon suggested is a good idea. The slider could still be kept, but then with an additional and initially hidden 'advanced' access settings options being given too to resolve this problem.
Photo of Steve Baxter

Steve Baxter

  • 1 Post
  • 0 Reply Likes
I've just tripped over this - my accountant needs to make some journal entries, to do this I need to give her full access to my account!

I really think that either we need better granularity here or the "accountant" role needs to be set up more intelligently.
Photo of Scotty Vernon

Scotty Vernon

  • 10 Posts
  • 0 Reply Likes
Agreed. I'm amazed how many issues i stumble across on here that are raised 3+ years ago and STILL haven't been addressed.

One has to question whether any of these issues are even passed on to the product team.

Accountants should be able to enter journals without having full access to the account. I really don't understand Emily's argument, with regards to trust. It's not about trust. I'd hide all the options i *know* my accountant wouldn't need. In this day and age, you can never take enough precautions to ensure your data is kept safe online. We're not talking about old-school paper based accounting here.

Higher granularity over what sections in the settings area are available to the accountant would be nice. I know for a fact my accountant would never need access to the My Company and Integration sections. So why should i have to make them visible if i don't want to?
Photo of Scotty Vernon

Scotty Vernon

  • 10 Posts
  • 0 Reply Likes
And i'm not talking about malice or meddling with settings, when i speak about trust, i'm talking about common mistakes that can be made when using a digital system. Trust will never protect you from that.

I'm sure i speak for most people when i say i like make sure i take as many precautions as possible when using systems online to ensure my data is kept safe. To use trust as an excuse not to implement a feature is irrelevant.
Photo of Emily

Emily, Employee

  • 2325 Posts
  • 176 Reply Likes
Hi Scotty,

Thanks for your comments here.

A bit of background - I'm a qualified accountant and I trained in practice, so I've seen the client/accountant relationship both from the FreeAgent side and the practice side. I had (and still have a very small number of) clients of my own who use FreeAgent.

Using your example, at least one of these clients needs my help with setting up integrations and would worry if I couldn't see this to help her.

I do agree that every client/accountant relationship is different and different businesses want different levels of support from their accountants. My clients do expect, trust and need me to be able to do everything in their FreeAgent account on their behalf, but I do appreciate that not every client/accountant relationship is like that.

Please do rest assured we're not ignoring these comments here and we have taken them on board, but it really is impossible for our product team to be able to implement everything as quickly as we would like.

My apologies.

Kind regards,

Emily
Photo of Robin Bowes

Robin Bowes

  • 71 Posts
  • 2 Reply Likes
As someone else has recently stated, I can't believe how many issues I keep running into that appear to have been started several years ago an are still outstanding.

I'd like to give my accountant access to my business accounts, but as an IT Consultant I understand only too well the importance of security and don't want to give them full access to my entire FreeAgent account.

The OP stated the issue very clearly over three years ago. Is there some resaon you've not addressed this yet?

R.
Photo of Robert White

Robert White

  • 1 Post
  • 0 Reply Likes
Just ran into this problem as well, myself.

I see a very clear distinction between granting your accountant access to your journals versus granting them full permissions; regardless of the matter of trust.

Say for example you hire a cleaner that knows the alarm code to your property to perform their duties. Does the fact that you trust them to clean your house mean you should entrust the pin to your safe to them as well?
Photo of Dominic Wroblewski

Dominic Wroblewski

  • 2 Posts
  • 0 Reply Likes
Having the same problem myself!

Emily: I really don't like the way you're trying to assume we don't trust our accountants, or try to disregard what ever customers have written.

Why should I let people access my accounts full details just because you feel that making journal entries is a "fairly complicated accounting issue"?
Photo of Jon Evans

Jon Evans

  • 2 Posts
  • 1 Reply Like
I'm relatively new to FreeAgent and really like the product.

However, I'm just about to add my accountant as an extra user and came across this thread. I absolutely agree with the OP that this is a weakness in the current system. It has nothing to do with whether you trust your accountant -- the problem exists with all users, since FreeAgent assumes there is a natural progression of functionality that maps onto different users (the sliding scale mentioned by one of the other posters).

If you look at the user set-up screen, you'll see what I mean.

Is invoicing a client "more advanced" than setting up a new project?
Should bills be "more advanced" than invoices?

The answer is, it depends on the organisation and the individuals. The truth is, there is no natural ordering to the functionality and FreeAgent has made a mistake by imposing one.

Now it may be that the development team will never fix this, but on the off chance that this gets to them, here's the solution.

1) Categorise the functionality within FreeAgent into a dozen or so areas (journal entries might be one of these, and adding/updating users would be another)
2) Allow permissions to be set for each area of functionality independently
3) When a new user is being set up, automatically set the permissions according to the type of user (e.g. accountants should really only be doing accountancy, not adding users or creating projects!) -- but allow the default combination to be overridden

I trust my accountant implicitly, but I'm sure he'd feel more comfortable knowing that he's only got access to the right functionality and can only see the data he needs to do his job. The same applies if I want to add my wife, my cleaner or my dog as a user. It's part of something called Data Governance and companies have been badly burned by not taking it seriously.

I'll check back in a few years to see if it's been fixed (joke), but for now I think the best option is to grant my accountant a lower level of access until such time as he needs to do something with my books other than just take a look occasionally. I can then raise his access level temporarily. This is much like granting FreeAgent advisers temporary access to your books when they're dealing with a support issue -- I'm sure they're a trustworthy bunch, but would you leave that access enabled all the time?

Oh...and as I said at the beginning I really like the product, so I'm sure I'll come to live with the quirks -- nothing's perfect, but hopefully the FreeAgent team will get onto this eventually.

Jon