Updated January 04, 2026
Access Control
Access Control in EquiBillBook provides advanced security features to control who can access what data and when. This includes record-level access, branch restrictions, time-based access, and other security measures.
What is Access Control?
Access Control determines:
- Which records users can see
- Which branches/locations users can access
- What actions users can perform
- When users can access the system
- IP-based restrictions
- Data visibility rules
Accessing Access Control Settings
To configure access control:
- Navigate to Settings → User Settings → Access Control
- You'll see various access control options
- Configure settings based on your security requirements
Types of Access Control
1. Record-Level Access
Control which records users can view:
All Records
- User can see all records in the system
- Best for: Managers, Admins
- Use when: User needs full visibility
Own Records Only
- User can only see records they created
- Best for: Staff, Sales Agents
- Use when: Users should only see their work
Branch/Location Specific
- User can only see records for assigned branches
- Best for: Branch managers, Location staff
- Use when: Multi-location business
Department Specific
- User can only see records for their department
- Best for: Department staff
- Use when: Department-based access needed
2. Module Access Control
Control which modules users can access:
- Enable/disable entire modules
- Set module-specific permissions
- Control feature access within modules
3. Branch/Location Access
Restrict access to specific branches:
- Assign users to specific branches
- Users can only access data for assigned branches
- Useful for multi-location businesses
4. Time-Based Access
Control when users can access the system:
- Set access hours (e.g., 9 AM - 6 PM)
- Set access days (e.g., Monday - Friday)
- Configure time zones
5. IP-Based Access
Restrict access from specific IP addresses:
- Allow only office IP addresses
- Block specific IP ranges
- Configure IP whitelist
6. Action-Based Access
Control what actions users can perform:
- View only
- Create new records
- Edit existing records
- Delete records
- Approve transactions
Configuring Access Control
Step 1: Access Settings
- Go to Settings → User Settings → Access Control
- Select the user or role to configure
Step 2: Set Record-Level Access
- Select access level (All Records, Own Records, Branch Specific)
- If branch specific, select allowed branches
- Configure department restrictions if applicable
Step 3: Configure Module Access
- Enable/disable modules
- Set permissions for each module
- Configure feature-level access
Step 4: Set Branch Restrictions
- Select allowed branches
- Set default branch
- Configure branch switching rules
Step 5: Configure Time Restrictions (if applicable)
- Set access hours
- Set access days
- Configure time zone
Step 6: Set IP Restrictions (if applicable)
- Add allowed IP addresses
- Configure IP whitelist
- Set up IP blocking rules
Step 7: Save Settings
- Review all configurations
- Click "Save" or "Update"
- Settings will be applied immediately
Access Control Scenarios
Scenario 1: Sales Agent
- Record Access: Own Records Only
- Modules: Sales, Customers
- Actions: View, Add, Edit (no Delete)
- Branches: All branches
- Time: Business hours only
Scenario 2: Branch Manager
- Record Access: Branch Specific
- Modules: All modules
- Actions: Full access for their branch
- Branches: Assigned branch only
- Time: No restrictions
Scenario 3: Accountant
- Record Access: All Records
- Modules: Accounts, Reports, Sales (view), Purchase (view)
- Actions: View, Add, Edit (no Delete)
- Branches: All branches
- Time: Business hours
Scenario 4: Warehouse Staff
- Record Access: Own Records + Branch
- Modules: Inventory, Purchase (view)
- Actions: View, Add, Edit
- Branches: Assigned warehouse
- Time: Warehouse hours
Advanced Access Control Features
Approval Workflows
- Set approval limits for transactions
- Configure who can approve what
- Set up multi-level approvals
Financial Limits
- Maximum transaction amounts
- Discount limits
- Payment approval thresholds
Data Field Restrictions
- Hide sensitive fields
- Restrict editing of specific fields
- Mask sensitive information
Best Practices
- Principle of Least Privilege: Give minimum necessary access
- Regular Audits: Periodically review access controls
- Documentation: Document access control policies
- Testing: Test access controls before full implementation
- Monitoring: Monitor access logs regularly
- Updates: Update access controls when roles change
Access Control and Security
Access control is a critical security feature:
- Prevents unauthorized access to data
- Protects sensitive information
- Ensures compliance with regulations
- Maintains data integrity
- Supports audit requirements
Troubleshooting
User cannot see expected records?
- Check record-level access settings
- Verify branch assignments
- Check if records belong to user/branch
- Review module access permissions
User cannot access a module?
- Check module access settings
- Verify module is enabled
- Check user's role permissions
- Review access control restrictions
Time restrictions not working?
- Verify time zone settings
- Check access hours configuration
- Ensure system time is correct
- Check if user has override permissions
IP restrictions blocking legitimate access?
- Verify IP address is correct
- Check IP whitelist
- Consider dynamic IP addresses
- Review IP blocking rules
Related Articles
- User Management: Managing individual users
- User Roles and Permissions: Understanding roles and permissions
- User Groups: Organizing users into groups
- User Activation/Deactivation: Activating and deactivating users
Proper access control ensures your data is secure while allowing your team to work efficiently within their authorized scope!