Teams & permissions
Teams are permission containers. A user’s effective permissions are the union of every team they’re a member of. This is how you control who can see clients, edit invoices, manage settings, and so on.
Three things to know up front:
- Owner and admin bypass all team checks. They see everything regardless.
- A user’s effective set is the union of all their teams. Adding someone to two teams gives them the combined permissions.
- Teams own “access all clients.” Even with permissions, a user only sees clients they’re individually assigned to — unless their team has Access all clients turned on.
Where to find them
Open Team from the sidebar, then click the Teams & Permissions tab.
Teams (4) [+ New Team]
─────────────────────────────────────────────────────────
Owner Team [System] [✏]
Full access, owner-only — cannot be modified.
1 member.
Admins [System] [✏]
All permissions, all clients.
2 members.
Preparers [✏]
Tax preparers — see assigned clients only.
4 members.
Reviewers [✏]
Tax reviewers — see all clients in their queue.
2 members.| Element | Notes |
|---|---|
| + New Team | Inline form to create a new team |
| System badge | Marked teams are platform-shipped and have edit restrictions |
| Pencil | Opens the team editor |
| N members | How many firm users belong to this team |
System teams vs custom teams
| Type | Examples | Editable? |
|---|---|---|
| System | Owner Team, Admins, Preparers, Reviewers, Signers | Yes (name and permissions can change), but cannot be deleted |
| Custom | Anything you create | Fully editable and deletable |
System teams ship with sensible defaults so a new firm has working roles from day one. Edit them to match your firm’s reality.
How to create a team
Click + New Team. Inline form:
| Field | Notes |
|---|---|
| Name | Required — “Bookkeepers,” “Audit team,” “Front office” |
| Description | Optional — appears under the name in the team list |
The team is created empty (no permissions, no members, no access-all-clients). Click into it to configure.
The team editor
Click the pencil to open a dedicated editor (replaces the team list temporarily — there’s a back arrow at the top).
Header
← Bookkeepers
System team — cannot be deleted (if applicable)Name and Description
Editable text fields. Access all clients is a checkbox below — see Access all clients.
Members
The Members section lists every firm user who’s currently a member of this team. Owner and Admin badges show next to their names.
You can’t add or remove members from this editor — that flow lives in the Members & Invitations tab (click the pencil next to a member there, toggle teams).
Permissions grid
The permission picker is grouped by module. Each module is a row with checkboxes for the actions in that module:
| Module | Actions |
|---|---|
| Clients | View, Create, Edit, Delete, Assign |
| Contacts | View, Create, Edit, Delete |
| Documents | View, Upload, Edit, Delete |
| Pipelines | View, Create, Edit, Delete |
| Engagements | View, Create, Edit, Delete |
| Tasks | View, Create, Edit, Delete, Assign |
| Communications | View, Send, Edit, Delete |
| Billing | View, Create, Edit, Delete |
| Reports | View, Export |
| Notes | View, Create, Delete |
| Administration | Manage Tags, View Teams, Manage Teams, View Settings, Edit Settings |
| Template Library | View |
| Notifications | View |
| Dashboard | View |
Only the permissions your firm is entitled to (based on your plan) show up. If you’ve purchased a tier that doesn’t include Reports, the Reports row hides entirely.
Saving
Click Save Changes at the bottom. The team updates immediately. Members of this team get the new permissions on their next page load.
How permissions resolve
When a user opens a page or takes an action:
- Owner check — if they’re the owner, pass.
- Admin check — if they’re an admin, pass.
- Permission check — does the requested permission appear in any of their teams?
- Client-access check (for client-scoped surfaces) — is the client one they’re assigned to, or does one of their teams have Access all clients on?
If any of the first three checks fail, the user sees a “you don’t have access” notice or the navigation item is hidden. If only the client-access check fails, they can see the surface but it shows only the clients they have access to.
Access all clients
Access all clients on a team is a separate axis from regular permissions. It controls whether team members see:
- On — every client in the firm
- Off — only clients they’re individually assigned to (via Client → Assignments)
| Use cases | Why |
|---|---|
| Owners / partners | On — they oversee the entire book |
| Reviewers | Either, depending on firm structure — often on so they can review anyone’s returns |
| Preparers | Often off — they only see their own clients to avoid cross-contamination |
| Bookkeepers serving specific accounts | Off, with explicit assignment |
Toggle the checkbox in the team editor to flip this.
System teams ship with sensible defaults — Owner Team and Admins both have Access all clients on; Preparers and Reviewers start off but firms commonly flip Reviewers on.
Permission patterns
A few common firm structures, expressed as team layouts:
Small firm (1 owner, 2 staff)
- Owner Team — the owner
- Staff — both staff, with Access all clients on, all permissions except Settings edit and Team manage
Everyone sees everything; only the owner can change firm-level config.
Mid-size firm (1 owner, 1 admin, 8 staff in pods)
- Owner Team — owner
- Admins — 1 admin
- Pod A — 4 preparers, assigned to specific clients, Access all clients off
- Pod B — 4 preparers, separate book, Access all clients off
- Reviewers — 2 senior preparers, Access all clients on, review queue access
Pod isolation by default; reviewers see across pods.
Practice with bookkeepers + tax pros
- Tax preparers — full tax-prep permissions, no Bookkeeping module
- Bookkeepers — bookkeeping permissions, no Tax or E-sign permissions
- Cross-functional admins — both
How to delete a team
Custom teams have a Delete button. A confirmation appears:
“Bookkeepers” will be deleted. Its 4 members will lose any permissions they only got from this team.
Confirming detaches all members and removes the team. If a member was solely on this team, they retain sign-in but see nothing until they’re added to another team.
System teams can’t be deleted — the Delete button is hidden.
What changes immediately vs on next login
| Change | When it takes effect |
|---|---|
| Adding or removing a permission | Immediately on next page load |
| Adding or removing a member from a team | Same — instant |
| Renaming a team | Instant in the editor; activity log uses the old name for historical events |
| Toggling Access all clients | Instant — the user’s next page load reflects it |
There’s no “sign out and back in” requirement — permissions are checked fresh on every request.
Why no per-engagement permissions yet
A common ask is “can I give preparer X access only for tax year 2026?” — V1 doesn’t support per-engagement scope. Workarounds:
- Move the engagement onto a single-user team
- Move the engagement onto a different client and assign that client to a separate user
A finer-grained engagement-scope permission is on the long-term roadmap.
Permissions
| Action | Required |
|---|---|
| View the Teams tab | Owner only (entire page is owner-gated) |
| Create, edit, or delete teams | Owner only |
| Be a member of a team | Anything — membership doesn’t require its own permission |
Next
- Members & invitations — how users get assigned to teams.
- Firm credentials — shared logins teams can access.
- Onboarding defaults — pre-set the assigned preparer for new clients.