Role-Based Access
Roles, access items and action-level security
Define roles as collections of access items, assign action-level access rules, hide sensitive entity details and secure critical actions with MFA, audit logs and admin controls.

Access control
Action protected
Live business context
Define roles as collections of access items, assign action-level access rules, hide sensitive entity details and secure critical actions with MFA, audit logs and admin controls.
Why it matters
Access is defined at the action, role and entity level.
Role-Based Access in Ofisync separates users, roles and access levels. A role is a collection of access items, and each action can be governed by rules such as open access, user group access, user tag access, role-based access, user-specific access or admin-only access.
Let users access the records they need while hiding sensitive parts they are not allowed to see.
Model access around roles, groups, tags, specific users and administrators instead of one broad permission switch.
Keep changes to roles, actions and protected records traceable through audit logs and security checks.
Guided workflow
From setup to daily execution.
Define access items
Create the access items that represent what users can view, create, edit, approve, delete, export or administer.
Build roles from access
Group access items into roles, then assign users, groups or tags depending on how the organization manages responsibility.
Secure and audit
Apply MFA and privileged controls to sensitive actions, then use audit logs to review who accessed, changed or attempted protected operations.
Access model fit
Built around roles as collections of access items.
A user may be allowed to open a client, project or billing record, but still be blocked from viewing financial fields, editing sensitive details, exporting data or approving an action. The access model needs to control the exact action, not just the page.
How Role-Based Access works in practice.
Scenario 1
Access starts with items, not vague permissions
The system defines access items for actions users can perform. These actions can be as broad as viewing a module or as narrow as approving a specific record, exporting data or seeing a sensitive section.
Scenario 2
Roles are collections of access items
A role is built by combining access items. Instead of giving users a flat title with unclear power, admins decide exactly which actions belong to a role.
Scenario 3
Each action can use the right access level
An action can be open to all authenticated users, limited to a user group, allowed by user tags, controlled by role, restricted to named users or reserved for administrators.
Scenario 4
Users inherit power through roles, groups and tags
A user can receive access because of their assigned role, membership in a user group, assigned tags or direct inclusion on a user-specific access list.
Scenario 5
Entity access can still hide sensitive parts
A user may be allowed to open an entity while some fields, actions or sections remain hidden. This allows access to the record without exposing everything inside it.
Scenario 6
Admin access protects privileged operations
Some actions are reserved for administrators or privileged users. These can include role management, access rule changes, protected approvals or other high-risk operations.
Scenario 7
MFA strengthens sensitive access
Multi-factor authentication can be used to add security around login and sensitive actions, especially where privileged access or account security is involved.
Scenario 8
Audit logs make access accountable
The system can record who changed roles, who accessed protected records, who attempted restricted actions and which security-sensitive operations were performed.
Scenario 9
Access rules stay connected to real work
Because access is defined per action and can apply across entities, teams can protect clients, files, projects, billing records, documents, credentials and other modules with the same model.
Access scenarios
Where granular permissions protect daily work.
Access scenario 1
Action-level access control
An admin can define who can view, edit, approve, delete, export or perform another action using the access level that fits that action.
Access scenario 2
Entity access with hidden details
A user can have access to an entity while selected aspects of that entity remain hidden because their role or access items do not allow those details.
Access scenario 3
Privileged security controls
Admin-only actions, role changes and sensitive operations can require stronger protection, including MFA and audit logs.
Inside access control
A security workspace for roles, users and protected actions.
The access workspace keeps users, roles, access items, access levels, MFA, privileged actions, entity visibility, hidden fields and audit logs connected so admins can define exactly who can do what.
Admins
Access items, role composition, MFA, admin-only actions and audit logs
Managers
User groups, user tags, assigned users and team-level action permissions
Users
Allowed entities, hidden fields, permitted actions and restricted operations
Access records
What defines roles and permissions
Security movement
Actions Ofisync can prepare from access rules
Access view
Role composition
Review which access items belong to each role and which users inherit those permissions.
Access view
Access level review
Check whether actions are controlled by open access, groups, tags, roles, specific users or admin-only restrictions.
Access view
Security audit
Review MFA activity, role changes, restricted action attempts and access to protected entity sections.
Connected security modules
Modules protected by roles and access rules.
Users
Add, import, configure, tag, secure, disable and audit the users who work inside Ofisync across branches, departments, groups, roles and notification preferences.
Multi-Tenancy
Run each organization on its own database with complete data isolation, then use branches and roles inside that organization when further separation is needed.
File & Storage Management
Find, preview, organize and share the files attached across clients, projects, users, billing records and other entities from one access-controlled location.
Ready to see it live?
Walk through Role-Based Access with an Ofisync specialist.
We will map the demo around your business workflow, show the connected modules and help you identify the fastest path to rollout.