My solution to this was to move all my invoicing out of WA and into Wave. However I am still using my WA data base to initiate invoicing. We do all our membership invoicing once a year.

I have 2 Integromat scenarios:
#1 runs through my WA Membership level that needs to be invoiced and updates the 'customer' details in Wave with current information or if a new member, creates the Wave customer record.

#2 then generates the invoices in Wave and sends these to the members.

Our treasurer now only needs access to Wave and none of the other admins have Wave access.

An additional benefit of this process (besides not being held hostage to WA with the 20% surcharge for not using WA Payments) is that as we offered a discount last year due to Covid, I was able to generate invoices that showed the regular full membership amount as well as the discount

While we only do annual invoicing, it is quite possible to invoice some members annually and other say 2x a year or monthly or whatever while still having them all in the same membership level (just have a field in the record that indicates invoicing frequency). This means that I still only have to authorize web pages etc to a single membership level.

Wave allows for payment from either a credit card or direct withdrawal from a bank account.

Unfortunately bank account integration (both payments and transferring funds) is only available in Canada and the USA (Wave is a Canadian company).

I could also (if it was applicable) do invoicing for different Membership levels into different Wave instances, each of which can pay into different accounts. This effectively supports multi currency and multi chapter support from a financial perspective.

I just happened to choose Wave, but you could really do this with any payment processor where you can access it from Integromat (either with available Integromat modules or by using HTTP or Webhook calls from Integromat.

Agree. Our treasurer isn't the most computer literate person in the world. I'd really like to restrict his permissions to the least possible to let him do his job correctly. Likewise I'd like to avoid our event managers messing the finances up. In a volunteer organization you can't always have everyone with the capabilities you'd like.

As many have commented here, a separate admin role for finances is essential. Keeping these privileges separate form others is far more important than the existing distinctions for event, membership and news management! Unfortunately, this request only has to do with *granting access to financial functions. I exhort all who have posted her to support the more critical proposal to *restrict* these privileges;
https://forums.wildapricot.com/forums/308932-wishlist/suggestions/10993443-block-make-private-financial-details-from-some-adm
It is ridiculous that all *limited administrators* have access to financial functions!

Need new group permission for just FINANCE. Current option close to this is EVENTS MANAGER, but we don't want the bookkeeper to have access to events or membership.

Instead of predefined administrator categories, site Full Admin should have the ability to define site specific Admin categories.

In these categories, the full admin would be able to select from various modules. eg: financial data, other membership data, for which membership levels and so on.

As configured now, some of the predefined configurations provide too much access for a specific organization, while others not enough. So either the person sees too much or not enough to do their job.

Can we have a Finance Manager please? The only way Quickbooks downloads can be run is if you have full Administrator Access which is dangerous as they have control of the database.

Finances should be a category to grant admin for. Our treasurer has no need to see or work with any area of the database other than Finances.

I agree. We need full ‘finance admin’ permissions for our Treasure. He should be able to handle all of the functionality under the Finance tab on the website, including changing the credit card number associated with our site. It’s risky to give an untrained person full admin permissions. This is a high priority request for our organization.

There is no Financial Admin type - so for our Treasurer, I made him Donations Manager. Bit of a misnomer as we don't do Donations. But at least he's got less rights than a full Admin.
Over all, WA falls down with its rather blunt approach to security. This is such an important area, I'm disappointed it's so poorly implemented.

I need to give our Treasurer access to the financial functions (invoices, Quickbooks export, etc.).

Currently the only way to do that is to make him a full Admin. That is no way to run an organization or a website.

What's really needed is the ability to create custom admin roles. There are so many different admin privileges that a limited set of roles will never suit the needs of so many different organizations.

Lacking that, WA will continue to need to create different roles like this one.

this will combine the donation manager and finance tabs. This would be good for treasurer's of orgs who need access to the finance tab but not anything else in the system

******, I agree it would be tough to isolate all financials and therefore I think it would better to limit the access to lets call them associate Admins. We have about 10 Admins that have to be given full Event Admin rights just to manage 1 single Event. Limiting there rights to 1 Event will reduce the possible damage they could cause as well as access to all financial data. Maybe if needed they could also be limited on which Tabs within an Event they can edit. You would need to restrict access to the financials link within the Event since it would take them outside the Event into the financials.

Per U.S. Internal Revenue Service requirements, only the check signers for our organization can have Full Admin Access so the webmaster role has been compromised. Access is permitted for limited blocks of time and we must now keep a log of our exact activities.

Somehow separating access to the Financial component of the system would be very helpful. As webmaster I would still need access to it for adjustments but a log would be fine in that case.

Our Treasurer uses Quickbooks to keep track of our club finances. Exporting financial activity to Quickbooks from with Wild Apricot is currently a full-admin only function. That shouldn't be necessary to get all these data into Quickbooks.

I can see that issuing refunds/discounts for events or memberships might require some special admin privileges for treasurers. But it doesn't follow that they need to be able to create events, create or administer forums, change website templates, or change membership fields just so that they can do a Quickbooks export (or other money-specific things).

For the time being, I'm setting up our Treasurer as the Donations manager, as I think that will provide a lot of the access he needs.

For our purposes, the event managers and membership managers will likely handle most of the refunds and so forth for their respective areas. Our treasurer mostly just needs to be able to access the records, download them, etc.

The issue is that finance manager might need detailed access to original transaction records, possibly with ability to modify them and generate updated invoices. So it's not as simple as accessing the Finances tab (I think) - though the idea itself makes perfect sense since we have many clients with a dedicated 'treasurer' role and/or 'bookkeeper' role.

So I would highly appreciate ideas on what kind of access these roles should and should NOT have.

Is it possible to add "Finance manager" to the current membership manager, event manager, donations manager, and website editor?

It would be nice to be able to give access to that tab only to people who needed it. I can't find a way to do this currently.

We have found the grandularity of the Administrators to be lacking in several areas. But related to the Treasurer, it is non-existant. Our membership admin keeps up with membership and collects the monies and reports them to the treasurer. In our case, the treasurer never touches the monies, not does he/she have any responsiblity over the membership and member data. In an organization the size of ours (over 2000 members) separation of duties is imperative to pass our audits.

In our case, the membership admin verifies the member application, accepts the payments and deposits the monies (similar role is anticipated in online payments - just more of a reporting role) Reports are prepared and sent to the Treasurer monthly.

The treasurer then compares the reported income from membership to the deposits made in the bank accounts. The treasurer role is more like a read only version of the membership admin as it is currently defined. The way we've had to implement currently is give much more authority to individuals than is desired or needed in order to allow each role to be able to function.

It's been release quite a while ago. Could you please describe the main scenarios/responsibilities of such a role (treasurer)?

Yes, exactly! This would be for the organisation treasurer.

Will update this thread once the new release has been reviewed.