Complete Guide to Planning User Roles, Permissions, and Edit Log Security in TallyPrime & TallyPrime Server Edition
03 Jul 2026
General
0 views
As organizations grow, multiple employees begin accessing the same Tally company data for accounting, inventory management, GST filing, payroll, banking, reporting, and auditing. Without a well-defined user security structure, businesses face risks such as unauthorized voucher modification, accidental deletion, data leakage, and compliance issues.
Modern versions of **TallyPrime equipped with Edit Log and organizations using TallyPrime Server require proper planning before creating users. Instead of assigning permissions randomly, businesses should prepare a complete User Requirement Sheet that defines every employee's responsibilities, department, and system access.
This article explains how to collect user information, design security roles, assign permissions, and implement a scalable security policy in TallyPrime.
Why Proper User Planning is Important
Many organizations simply create users with generic permissions, which often results in:
- Unauthorized voucher editing
- Incorrect financial entries
- Accidental deletion of masters
- Weak password security
- No accountability
- Audit complications
- Data inconsistency
- Compliance risks
- GST reporting errors
- Inventory manipulation
A structured user planning process eliminates these problems.
Benefits of Role-Based Access Control (RBAC)
Role-Based Access Control allows users to receive permissions based on their job responsibilities instead of assigning rights individually.
Advantages include:
- Faster user creation
- Standardized permissions
- Easier employee onboarding
- Better audit compliance
- Improved security
- Reduced human error
- Simplified administration
- Easier troubleshooting
- Consistent security policy
- Better management reporting
Information to Collect Before Creating Users
Before opening TallyPrime Security Control, collect the following information from the customer.
Employee Details
- Employee ID
- Employee Name
- Department
- Designation
- Branch
- Email Address
- Mobile Number
- Joining Date
- Reporting Manager
- Employee Status
Login Details
Collect:
- Tally Username
- Initial Password
- Password Change Required
- Login Status
- Active/Inactive
- Expiry Date (if applicable)
Department Information
Examples include:
- Accounts
- Sales
- Purchase
- Inventory
- Warehouse
- HR
- Payroll
- Management
- Administration
- Audit
- Finance
Role Planning
Instead of configuring every employee separately, create reusable roles.
Example roles:
- Administrator
- Accounts Head
- Senior Accountant
- Accountant
- Cashier
- Purchase Executive
- Sales Executive
- Store Manager
- Store Operator
- Payroll Executive
- HR Executive
- Internal Auditor
- External Auditor
- Management
- Read Only User
Each role should define its own permission set.
User Rights Planning
Permissions should be documented before implementation.
Typical permissions include:
- Company Creation
- Company Alteration
- Backup
- Restore
- Rewrite Company
- Split Company
- Create Voucher
- Alter Voucher
- Delete Voucher
- Cancel Voucher
- Create Ledger
- Alter Ledger
- Delete Ledger
- Create Stock Item
- Alter Stock Item
- Banking
- Payroll
- Cost Centres
- Budget
- GST Reports
- Inventory Reports
- Outstanding Reports
- Printing
- Export
- Import
- Email Reports
- Security Control
Voucher-Level Security
Each voucher type should have separate permissions.
Examples:
- Sales
- Purchase
- Payment
- Receipt
- Contra
- Journal
- Credit Note
- Debit Note
- Stock Journal
- Delivery Note
- Receipt Note
- Physical Stock
- Rejections In
- Rejections Out
For every voucher define:
- Create
- Alter
- Delete
- Cancel
- Print
Edit Log Planning
Edit Log records every important activity performed by users.
Permissions may include:
- View Edit Log
- Print Edit Log
- Export Edit Log
- View Deleted Entries
- View Cancelled Vouchers
- View Modified Entries
- View Original Values
- Allow Backdated Changes
- Approve Changes
- Reverse Changes
Edit Log significantly improves accountability and traceability.
TallyPrime Server Edition Security
For organizations using TallyPrime Server Edition, additional planning is recommended.
Typical server permissions include:
- Company Access
- Session Monitoring
- User Monitoring
- Lock Company
- Unlock Company
- Backup
- Restore
- User Administration
- Data Monitoring
- Performance Monitoring
- Company Maintenance
Password Policy
A secure password policy should include:
- Minimum 8–12 characters
- Uppercase letters
- Lowercase letters
- Numbers
- Special characters
- Password expiry
- First login password change
- No password sharing
- No default passwords
Suggested Excel Workbook Structure
An ideal implementation workbook should contain:
- User Master
- Department Master
- Role Master
- User Rights
- Voucher Rights
- Edit Log Permissions
- Server Rights
- Password Details
- Approval Matrix
- Remarks
This workbook becomes the reference document for future audits and user management.
Best Practices
- Never share Administrator credentials.
- Assign only the permissions required for the user's role.
- Avoid giving delete rights unless absolutely necessary.
- Restrict access to sensitive financial reports.
- Review user permissions periodically.
- Disable accounts of employees who leave the organization.
- Maintain password confidentiality.
- Keep regular backups before changing security settings.
- Enable Edit Log wherever applicable.
- Document all role changes for future reference.
Common Mistakes
Avoid these common errors:
- Giving Administrator rights to everyone
- Shared login credentials
- Weak passwords
- No password policy
- No documentation
- Unrestricted voucher deletion
- No approval workflow
- Ignoring Edit Log
- No periodic security review
- Poor role planning
Conclusion
Proper security planning in TallyPrime is much more than creating usernames and passwords. A structured implementation using departments, predefined roles, user rights, voucher permissions, Edit Log controls, and TallyPrime Server security creates a secure, scalable, and audit-friendly accounting environment.
Preparing a comprehensive Excel requirement sheet before implementation reduces deployment time, minimizes configuration errors, and ensures that every employee receives only the permissions necessary to perform their job efficiently. This approach also simplifies future audits, user onboarding, and security management while helping organizations maintain better control over their accounting data.
#TallyPrime #TallyPrimeServer #TallyERP #TallySecurity #EditLog #AuditTrail #Accounting #Bookkeeping #GST #Inventory #Finance #AccountingSoftware #BusinessAutomation #ERP #RoleBasedAccess #RBAC #CyberSecurity #DataSecurity #UserManagement #FinancialControl #Audit #InternalAudit #Compliance #ServerEdition #TallySupport #TallyConsultant #TallyPartner #Accounts #Payroll #Banking #VoucherEntry #InventoryManagement #BusinessManagement #SmallBusiness #Enterprise #PasswordPolicy #AccessControl #ITAdministration #AccountingTips #ERPSoftware #BusinessSecurity #SoftwareImplementation #AccountingSystem #FinancialManagement #DigitalAccounting #DataProtection #BusinessTechnology #SystemAdministration #AuditCompliance #BisonInfosolutions
TallyPrime
TallyPrime Server
Tally Edit Log
Tally Security
User Rights
User Roles
Role Based Access
RBAC
Tally User Creation
Tally Login
Password Policy
Security Control
Voucher Rights
Ledger Permissions
Inventory Rights
GST User Rights
Pa