Skip to main content
All CollectionsMastering LoctaxUser management and Roles & Permissions
A guide to roles and permissions
A guide to roles and permissions

This article covers user access and permissions on Loctax. Access is the combination of entity access, the user role, and shared content.

Bart Van Remortele avatar
Written by Bart Van Remortele
Updated over a week ago

This article covers user access and permissions on Loctax. Access is the combination of entity access, the user role, and shared content.

In the video below, our Customer Success Lead, Colin, provides a practical, step-by-step guide on how to effectively manage roles and configure the appropriate permissions within Loctax.

Entity access controls which entities a user can interact with, whereas user roles define the permissions for various functionalities within the system. The article further distinguishes between system roles provided by Loctax, such as Admin, Member, Viewer, and Guest, and custom roles. Custom roles allow users to tailor access to specific apps and specify how they can interact with these apps.

Managing the user access

To find user access, click on your organization's icon first, and then click on "Organization settings". Next, go to Users where you’ll find an overview of all users.

When inviting a user, you’ll need to assign two key elements: the User Role (which defines what the user is allowed to view and do within specific entities or apps) and the Entity Access (which specifies the entities the user can access).

The combination of these two—user role and entity access—determines the level of information a user can see and the actions they are permitted to perform on the platform.

In the article below, we will delve deeper into Entity Access and user roles.

Entity access

You can limit the entity access for users. The entity access is always determined on a per-entity basis.

When inviting a new user (or modifying the permissions of an existing user), you can choose which entities should be visible to the user:

  • All

  • Regions

  • Countries

  • Specific entities

💡 When all entities of a region/country are selected, the entire region/country is automatically selected. This means that access will be granted to any newly created entities within that region/country as well.

💡 You cannot grant access to a specific VAT registration. However, you can grant access to an entity, specifically to its indirect tax page.

🚨 Currently, it is only possible to define entity access when assigning a custom role to a user. For example, users with the role “Admin” or “Member” will always have access to all entities.

User roles

Roles are used to determine the permissions for specific functionalities, such as viewing and editing. These permissions will be applied to all entities accessible to the user.

It's important to note that roles are not unique to individual users. Multiple users can have the same role.

Viewing

When a user has viewing permissions, they can access a specific page, view all the data on that page (for all years), and download any uploaded documents.

  • For instance, if the user has view access to the "Entity details" → "Corporate tax" section, they will be able to view the Corporate tax page for all the entities they have access to and download the corporate tax return.

Editing

When a user has editing permissions, they can view and edit a specific page, access and edit all data on that page for all years and download and upload all documents.

For example, if the user has edit access to "Entity details" → "Indirect tax", they will see the Indirect tax page for all the entities they have access to. They will also be able to edit all data points on that page. Additionally, the user will have the ability to download and upload tax returns.

Roles by Loctax & custom roles

Overview roles by Loctax (system roles)

  • Admin: This role provides view and edit access to all areas. It cannot be edited. With this role, you automatically have access to all entities.

  • Member: This role provides access to all areas, except organization settings. It cannot be edited. With this role, you automatically have view and edit access to all entities.

    • This role is suitable for users who need to view and edit all data but are not allowed to invite other users or change organization settings.

    • For example, someone working in the tax department.

  • Viewer: This role provides view access to all areas but does not allow adding new data or changing existing data, unless explicitly requested through a task. It cannot be edited. With this role, you automatically have view access to all entities.

    • This role is intended for users who have an oversight role within the organization but should not be able to edit data unless explicitly requested through a task.

    • For example, someone from the legal department who supports the tax team.

  • Guest: This role provides access to tasks assigned to you and notes shared with you. It does not have access to entity details, organization features, or apps. It cannot be edited. With this role, you automatically do not have access to entities.

    • This role is suitable for (external) users who are only asked to perform specific tasks but should not be able to view or edit any entity information.

Below you can see a screenshot of the user role of a “Member”. You can see that the member has view and edit rights for all Entity details and collaboration features, and only view rights for Organization settings.

Custom roles

If the Roles provided by Loctax (system roles) do not meet your needs, don't worry! You can create your own custom role by clicking the "+ New role" button.

We have already included one custom role for you:

  • Contributor: Users with this role will have view access to all "Entity details", but you can modify these settings as needed.

Create your own custom role

Using custom roles, you can grant users access to Loctax without giving them access to all entities. You can define the entity access for users with a custom role.

When setting up a user role, you can specify which apps that role should have access to. If a custom role has access to an app, the user assigned that role will only see content linked to entities they have access to.

For example, if the custom role has access to the Risk app, when accessing the Risk app, the user will only see risks linked to entities they have access to.

You can create multiple custom roles if needed. When creating a new custom role, you have the option to inherit the settings from previous custom roles, which means copying all permissions from another role. Currently, you can only inherit from other custom roles.

We recommend creating as few roles as possible, while still ensuring that there are enough roles to avoid losing track of user permissions. Before creating specific roles for your organization, we suggest reviewing the system roles proposed by Loctax to see if they meet your needs.

💡 For example, if your finance colleagues assist you with uploading annual accounts, you can create a new role called "Finance". For this role, you can define that users can only see the "Data" tab on entity details. Then, for each specific colleague, you can select which entities they are allowed to access. In this example, all finance colleagues have the same role ("Finance"), but they have access to different entities.

Did this answer your question?