Understanding roles & permissions
Sequence uses role-based access control (RBAC) to manage what users can see and do within your workspace. Each user can be assigned one or more roles, with permissions designed around common finance team structures.Key concepts
Key concepts
| Workspace | Your Sequence account where roles are managed |
| Role | A collection of permissions that defines what a user can do |
| Permission | Specific access rights to resources and actions |
| Resource | Objects like customers, invoices, or billing schedules |
| Action | Operations like create, read, update, delete, or feature-specific actions |
| Least privilege | Users start with minimal access and are granted additional permissions as needed |
Default user roles
Sequence provides four default roles that mirror common finance team structures. Users can be assigned multiple roles to customize their access level.Admin
Full access to all resources and actions, including user management and system settings.
Finance User
Complete access to billing operations with limited administrative capabilities.
Sales User
Quote management and customer interaction focused permissions.
View-only
Read-only access across all resources for reporting and analysis.
Permission matrix
The following table shows the specific permissions for each default role across Sequence resources:| Resource or Action | Admin | Finance User | Sales User | View-only |
|---|---|---|---|---|
| Customers | β Full access | β Full access | β Full access | ποΈ View-only |
| Billing Schedules | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Start a schedule | β | β | β | β |
| Products & Pricing | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Quotes | β Full access | ποΈ View-only | β Full access | ποΈ View-only |
| Publish quote | β | β | β | β |
| Accept quote | β | β | β | β |
| Execute quote | β | β | β | β |
| Invoices | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Finalize & send invoice | β | β | β | β |
| Credit Notes | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Usage & Events | β Full access | ποΈ View-only | ποΈ View-only | ποΈ View-only |
| Revenue Recognition | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Settings | β Full access | ποΈ View-only | ποΈ View-only | ποΈ View-only |
| Invite users | β | β | β | β |
| Edit users | β | β | β | β |
| Integrations | β Full access | ποΈ View-only | ποΈ View-only | ποΈ View-only |
| Discounts | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Credit Grants | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
| Tax Management | β Full access | β Full access | ποΈ View-only | ποΈ View-only |
Legend: β
= Full CRUD access, ποΈ = View-only access, β = No access
Managing user roles
Inviting new users
When inviting new users to your workspace, they are assigned the View-only role by default following the principle of least privilege. You can upgrade their permissions after they join.Updating user permissions
Security & compliance
Audit trails
All user permission change actions are logged with role information for compliance and security auditing.Best practices
Role assignment strategy
Role assignment strategy
- Start with the most restrictive role appropriate for each userβs job function
- Assign multiple roles only when necessary for cross-functional responsibilities
- Regularly review and audit user permissions
- Use View-only role for external stakeholders and reporting needs
Finance team organization
Finance team organization
- Finance Users: Day-to-day billing operations, invoice management, revenue recognition
- Sales Users: Quote creation and management, customer relationship activities
- Admin: System configuration, user management, integration setup
- View-only: Executives, analysts, and external auditors
Security considerations
Security considerations
- Maintain at least two admin users for redundancy
- Remove access immediately when team members leave
- Use View-only role for temporary or external access
Frequently asked questions
Can a user have multiple roles?
Can a user have multiple roles?
Yes, users can be assigned multiple roles. Their effective permissions will be the union of all assigned roles.
Can I create custom roles?
Can I create custom roles?
Custom roles are not available in the initial release. The system is designed to support additional granular permissions in future updates.
How do I ensure workspace access isn't lost?
How do I ensure workspace access isn't lost?
Always maintain at least one active admin user. The system will prevent removing admin permissions from the last admin user.