Roles and Permissions.
Every role in InvoiceScript and the permissions each role grants.
Roles and Permissions
For: owners and admins who manage team access.
InvoiceScript uses four roles. Each installation has one owner.
Role summary
| Role | Purpose |
|---|---|
| Owner | Full access. The primary account holder. |
| Admin | Full access. Same permissions as owner, without installation ownership. |
| Accountant | Read-only financial access. Can view documents, customers, items, and export data. Cannot create or modify documents. |
| Employee | Operational access. Can create and manage invoices, customers, and items. Cannot see aggregate financial data or access settings. |
Permission matrix
| Permission | Owner | Admin | Accountant | Employee |
|---|---|---|---|---|
| Documents | ||||
| View all documents | ✓ | ✓ | ✓ | ✗ |
| View own documents | ✓ | ✓ | ✗ | ✓ |
| Create documents | ✓ | ✓ | ✗ | ✓ |
| Edit all documents | ✓ | ✓ | ✗ | ✗ |
| Edit own documents | ✓ | ✓ | ✗ | ✓ |
| Delete own drafts | ✓ | ✓ | ✗ | ✓ |
| Delete any draft | ✓ | ✓ | ✗ | ✗ |
| Finalize documents | ✓ | ✓ | ✗ | ✓ |
| Send documents | ✓ | ✓ | ✗ | ✓ |
| Customers | ||||
| View customers | ✓ | ✓ | ✓ | ✓ |
| Manage customers | ✓ | ✓ | ✗ | ✓ |
| Items | ||||
| View items | ✓ | ✓ | ✓ | ✓ |
| Manage items | ✓ | ✓ | ✗ | ✓ |
| Financial | ||||
| View financial summary | ✓ | ✓ | ✓ | ✗ |
| Settings | ||||
| Manage settings | ✓ | ✓ | ✗ | ✗ |
| Users | ||||
| Manage users | ✓ | ✓ | ✗ | ✗ |
| Transfer ownership | ✓ | ✗ | ✗ | ✗ |
| Recurring schedules | ||||
| Manage recurring schedules | ✓ | ✓ | ✗ | ✓ |
| Data | ||||
| Export data | ✓ | ✓ | ✓ | ✗ |
| Audit log | ||||
| View full audit log | ✓ | ✓ | ✗ | ✗ |
| View own audit log | ✓ | ✓ | * | ✗ |
Notes
Owner vs. Admin. The owner and admin roles have identical permissions. The difference is code-level: only the owner can transfer ownership, and only one user can be the owner at a time.
Employee visibility. Employees can view and manage their own documents but cannot see aggregate financial data (dashboard KPIs, receivables, overdue totals). They can see customer records and the item catalog. Document lists and detail pages show only documents the employee created.
Accountant access. Accountants have read-only access to all financial data. They can view documents, customers, and items, and export data (CSV, XML). They cannot create, edit, or send documents.
Accountant audit log (*): The accountant role has the audit_log.view_own permission, but the audit log page is currently accessible to owners and admins only. A dedicated own-activity view for accountants is planned for a future release.
Recurring schedules. Only roles with invoices.manage permission (owner, admin, employee) can access recurring invoice schedules. Accountants cannot view or manage recurring schedules.
Related pages
Ready to build?
One-time purchase. Self-hosted. Own every file forever.