People & access: roles explained
Who sees what in Larch - what is enforced today, what is a label, and what is planned.
The one boundary that is enforced
Larch has two surfaces, and the separation between them is Enforced
- Firm console - where the firm team works: engagement data, financials, mappings, statement structures, deliverables, registers, and setup. Firm users never appear in the client portal.
- Client portal - where client users go: published deliverables, tasks, questions, and decisions for their company. Client users never see the firm console, draft analysis, internal comments, data plumbing, or mapping screens.
Firm roles
Today, every firm user has firm-console access across all engagements. Per-role differences are Label only until the engagement team model ships. Lead and Partner Reviewer are assignments (they drive the work queue and its Mine filter), not permissions.
| Role | Best for | Today | Planned |
|---|---|---|---|
| Firm Admin | Firm operations and configuration. | Full firm-console access, all engagements. | Firm settings and user management. |
| Partner | Senior review, client relationship ownership, final judgment. | Full firm-console access, all engagements. | Approval and publish gates. |
| Engagement Lead | The fractional CFO or day-to-day engagement owner. | Full access; Lead/Reviewer assignment drives the queue, not access. | Engagement-scoped ownership. |
| Analyst | Data prep, mapping, variance prep, draft analysis support. | Full firm-console access, all engagements. | Prep-level permissions. |
Client roles
Today, client roles are business-context labels - portal access is identical across all of them. Label only
| Role | Best for | Today | Planned |
|---|---|---|---|
| Owner | The principal, CEO, or final decision maker. | Same portal access as every client role. | Decisions, approvals, published packs, owner-level review. |
| GM / Operator | The operating lead who provides context and owns follow-ups. | Same portal access as every client role. | Operational asks, KPIs, assigned decisions. |
| Controller / Finance Lead | The client-side finance or bookkeeping contact. | Same portal access as every client role. | Accounting questions, data follow-up, file requests, financial schedules. |
| Other stakeholder | A client-side participant who does not fit the other categories. | Same portal access as every client role. | May split into Observer / External Reviewer for published-only access. |
| Observer | Reserved - exists in the data model but is not offered when inviting today. | Not assignable from the invite form; would have the same portal access. | Published-only access when role-based portal permissions ship. |
Inviting, resending, revoking
- Invite. Engagement → People & Activity → People → Invite client user. Pick the role that best describes the person - it is context for your team and the Pack cover, not a permission level.
- Resend. Pending invites carry a Resend button (fresh magic link, supersedes the old one).
- Revoke. Pending invites can be revoked - the invite stops working and the row disappears. To change a role or email on a pending invite, revoke it and send a new one. Accepted users cannot be revoked from this screen.
- Audit. Every invite, resend, and revocation is recorded under People & Activity → Activity.
Firm-team members
Firm users are provisioned by Larch during firm setup - there is no self-serve firm invite yet. That arrives with the engagement team and role-permission model, so that new firm users can be scoped before they are added.
This page states what the product enforces today. When role-based permissions ship, this page changes with them.
Larch · FourX Partners · This manual describes the platform as deployed; when in doubt, the live preview and coverage warnings in the product are authoritative.