Production-grade access control. Built for finance teams.
Custom role templates, per-member access previews, bulk role changes with impact analysis, and the only org-role pruning engine in the GCC B2B space — all included from the Growth plan upwards.
11
Built-in roles
20+
Granular caps
Per-row
Audit events
Yes
ZATCA-ready
Author your own org-roles. In seconds.
Built-in roles (Finance, Approver, Inventory Manager, …) cover the 80% case. For the other 20%, author a custom role as a subset of any built-in base.
Snake_case key, display label, base role, description, and a capability checkbox list — that's it. No config files, no deploys.
- Subset of a built-in base role's whitelist — never escalates
- Soft-delete auto-reassigns members back to the base role
- Tenant-isolated — your roles never leak to other organisations
- Versioned + audit-logged on create / update / delete
Custom Roles · 3
ap_clerkfrom financejr_buyerfrom purchaserro_auditorfrom auditorSee exactly what every member sees.
Click any team member to open a live access drawer — visible capabilities in emerald, pruned capabilities in greyed-out strikethrough.
Audit "who has access to Earnings?" in two clicks. Compliance reviews go from spreadsheet exports to point-and-click.
- Real-time computation against the live RBAC matrix
- Capabilities mapped to friendly tab names + raw keys
- Surfaces pruning rationale — base vs effective capability sets
- Works for both built-in and custom roles automatically
✓ Visible · 8
- Earnings & payouts
- Wallet
- Invoices
- Finance dashboard
- Analytics
✗ Hidden · 12
- Products
- Orders
- Team
- Policies
- Procurement
Restructure 50 sub-users with one click.
Select members in the team table, pick a target role, and the platform computes the access impact across all of them before you commit.
Aggregate gains and losses by capability — "3 members will gain Finance access, 5 will lose Products access" — with skip rules for owners and same-role members baked in.
- Owner protection — owners are always skipped, never demoted
- Smart skip-rules for same-role members and unknown user IDs
- Per-row audit log entries — full forensic trail
- Single transaction — fully reversible by running the inverse change
5
Applicable
0
Skipped
5
Selected
Will gain · 7
Will lose · 2
How it stacks up
Most B2B platforms stop at owner / member.
We give you the same RBAC primitives enterprise SaaS spends six figures building — fully integrated, ZATCA-aware, and exposed via clean REST endpoints for your auditors.
| Capability | Typical B2B SaaS | Buyu Growth+ |
|---|---|---|
| Built-in org-roles | 2–3 (admin/member) | 11 (Finance, Approver, Inventory Manager, …) |
| Custom role templates | ✗ | ✓ Unlimited, per tenant |
| Per-member access preview | ✗ | ✓ Live capability diff |
| Bulk role change with impact preview | ✗ | ✓ Up to 100 members at once |
| Per-row audit log | Some | ✓ Forensic-grade, queryable |
| Soft-delete with auto-reassign | ✗ | ✓ Zero-downtime restructure |
Ready to give finance their own dashboard?
Free trial, no credit card required. Upgrade to Growth or Enterprise to unlock the full RBAC toolkit.