Updated on 9/27/2019
Financial Data Access Control
Direct link to topic in this publication:


Your company’s financial information must only be available to certain employees: financial director, chief accountant, or other accounting staff. Other employees must not be able to change such information or even have access to it. In the case of large chain restaurants, employees of one store must not have access to the information of the other. Even within one store, responsibilities might be split: an accountant that pays invoices might not have access to the company’s bank account.

To control the access, you can make some employees responsible for a restaurant and its bank accounts—they can view reports and change accounts. Here we explain how you can do it in iiko according to employees’ roles. At first, let’s see where in iiko you can set the responsibility and what privileges are used in the financial block, and then proceed to the use cases.

Access Setup 

To make an employee a store’s responsible, one needs to have the following permissions: “View list of employees” (B_VE) and “Add, delete, and edit employees' files” (B_EE).

For this, specify the store in the Responsible field on the Additional information tab of the employee’s file. Check the required stores.

An employee has access to the financial information of a venue where he or she is in charge.

When signed in to iikoChain, you can only see those stores where you assigned a responsible employee.

Allocating responsibility in the store

To assign account managers, you need to have the “Edit chart of accounts” (B_ECOA) permission and do it under the “all subdivisions” mode in iikoChain.

You can do it in the account details. 

An employee may access the account if he or she is assigned an account responsible. An employee that has access to the account must also be assigned a responsible staffer in the store and have permissions to edit the account transactions. 

If an employee has no access to the bank account, this account can be accessed according to the financial block privileges and responsibilities in the store.

Assigning an account responsible employee

To change a chart of accounts, view and edit accounts, make account transactions, pay invoices, and run Cash flow statements, an employee must have special permissions. For this, the following permissions are required:

Permission Name Description
B_FIN Work with finances Ability to handle financial module—Finances menu item is available.
B_VCOA View chart of accounts Ability to view a list of accounts—Finances > Chart of Accounts menu item is available.
B_ECOA Edit chart of accounts Ability to edit, create, and delete accounts. To access the Chart of Accounts, one needs to have the B_VCOA permission as well.
B_MCB Open account Ability to open an account and view transactions—Finances > Chart of accounts menu item and the Open account button are available.
B_ECB Create and edit manual account transactions Ability to make transactions on the accounts in the Chart of Accounts.
B_INVP Pay invoices Ability to pay invoices—Finances > Debt to contractors menu item is available.
B_ECFA Edit CF items Ability to edit CF items (Finances > CF Items).
B_VCFR View cash flow report Ability to view Cash Flow Statement (Finances > Cash Flow Statement).

Separation of Permissions 

Viewing Restaurant Reports 

You can grant some of your employees permissions to view financial reports and account transactions of certain subdivisions only. The reports would cover such subdivisions only.

Let’s provide James Hetfield an access to East-1’s financial reports and accounts. 

  1. Select this store in the Responsible field on the employee’s file.
  2. Provide this employee the following permissions: B_FIN, B_VCOA, B_VBALR, B_VPLR, and B_VCFR.
  3. You don’t have to specify an account responsible.

Placing James Hetfield in charge of East-1

This employee would see only East-1 when signed in to iikoChain.

In the Chart of Accounts, he sees only East-1’s balance. The Balance sheet, Profit and loss report, and Cash flow statement show only those amounts that belong to East-1, and it is the only store available in the Subdivision filter.

Chart of Accounts shows East-1 balance only


Balance Sheet covers East-1 only

Profit and loss report shows only East-1 data

Let’s grant this employee permission to view account transactions—“Open account” (B_MCB). For comparison, let’s grant Lars Ulrich the same permission to handle finances but we also make a responsible employee in all the chain stores.

Employee Responsible for the store Permissions to handle finances Responsible for the account
Lars Ulrich entire chain B_FIN, B_VCOA, B_VBALR, B_VPLR, B_VCFR, B_MCB, B_ECOA account managers are not set
James Hetfield only at East-1 account managers are not set

In this case, Lars is able, when signed in to iikoChain, view transactions of all stores. James—only East-1 transactions. He can see the opening and closing balances of this store only.

Lars can see transactions of all stores

James can view his own store transactions only

If an employee has the “View chart of accounts” (B_VCOA) and “Open account” (B_MCB) permissions, he or she may access the Chart of accounts and open a list of transactions with a double-click or using the shortcut menu item—Account Transactions. If he or she has only the B_MCB permission, an employee needs to go to Finances > Open Account and select the required account to view the transactions.

Handling the Chart of Accounts 

Your Financial Director not only needs to view transactions but also change the structure of the chart and edit accounts of the entire chain. For this, he or she has to able to edit the chart of accounts:

  1. Assign him or her a responsible employee in the entire chain.
  2. And provide the following permissions: “Work with finances” (B_FIN), “View chart of accounts” (B_VCOA), “Open account” (B_MCB), “Create and edit manual account transactions” (B_ECB), and “Edit chart of accounts” (B_ECOA).

Financial Director may change the chart of accounts structure and edit accounts

Handling Available Accounts 

It so happens that accountants can only view the data required for their job and have no access to the rest of the accounts. Let’s see how you can provide access to specific accounts.

Suppose there are two accountants in the chain:

  • Kirk Hammet is in charge of the “Trade cash registers” account in the entire chain.
  • Jason Newsted is in charge of the “Trade cash registers” account in East-1 only.

Let’s set up the access accordingly.

  1. In Kirk’s file, you have to select all stores in the Responsible field, and in Newsted’s file—only East-1.
  2. Grant the following permissions: B_FIN, B_VCOA, B_MCB, B_ECB.
  3. Both have to be in charge of the “Trade cash registers” account.
Employee Outlet Mngr. (Responsible) Permissions to handle Finances Account Mngr. (Responsible)
Kirk H. entire chain B_FIN, B_VCOA, B_MCB, B_ECB “Trade Cash Registers”
Jason N. only at East-1 B_FIN, B_VCOA, B_MCB, B_ECB “Trade Cash Registers”

In this case, Kirk may create, edit, and remove “Trade cash registers” transactions in the entire chain.

Whereas, Jason may change “Trade cash register” transactions only in East-1.

Both accountants may change transactions in other accounts (that have no responsible employee assigned): Kirk—in the entire chain, Jason—only East-1.

Kirk can create, edit, and delete transactions in the entire chain

For comparison, let’s provide another employee with the same privileges and assign him or her a responsible employee in East-1 but we would not indicate them in the account. In this case, they have no access to the “Trade cash registers” account details. They may also change other East-1’s transactions except for the “Trade cash registers” account transactions, which he or she is not responsible for.

An employee has no access to the Trade Cash Registers account

Canceling Responsibility and Revoking Permissions 

Let’s consider how the access to the accounts depends on the responsibility assigned and finance-related permissions provided. Suppose we have the same accountants—Kirk and Jason. Kirk is responsible for the “Trade cash registers” account in the entire chain and has all the necessary privileges to handle finances.

Let’s remove the responsibility for the “Trade cash registers” account: while in the account details, select it in the Responsible field and click Delete. Now he may view and edit this account but cannot change its details as Jason is still in charge of the account.

Kirk may view and edit the account but cannot change its details

We remove the remaining responsible employee in this account. Now Kirk may edit this account, view and create transactions in all stores.

Let’s remove Kirk’s responsibility for the venue. For this, uncheck all Responsible fields on the Additional information tab of the employee’s file. Now he may view and edit the “Trade cash register” account but cannot create transactions (account shows no details and he cannot choose the store where the transaction belongs).

If you revoke all the finance-related permissions, an employee won’t be able to open accounts in the Chart of Accounts or use the Open account option.

Learning Who Is In Charge

To learn who is assigned a responsible employee in the store:

  1. Go to the Employees main menu item and select the Employees directory.
  2. Key in the store name in the Responsible column search bar.
  3. The table will show those employees who have this store specified in the Responsible field.