Restrict consultant approvals to consultant groups

Consultants have broad visibility into client documents to support bookkeepers and troubleshoot issues. Without a restriction, this visibility also gives them access to approve buttons at every step in the client’s flow. The Forbid external rules for approval setting removes that unintended access while keeping their read access intact.

What does this setting do?

When enabled, consultants can only approve, forward, or reject documents at groups that are flagged as consultant groups. For documents sitting at any other group, the action buttons are disabled for consultants. Visibility and the ability to write notes are unaffected.

Where: Approval flow → Groups and settings → Approval settings tab → Forbid external rules for approval

1. Make sure at least one consultant group exists and has consultants as members. (If no consultant groups exist, enable this setting only after creating them — otherwise consultants will be unable to approve anything.)
2. Go to Approval flow → Groups and settings in the left sidebar.
3. Click the Approval settings tab.
4. Enable Forbid external rules for approval.
5. Confirm the save prompt by clicking OK.

Example

A consultant group called Consultant review is placed as the last step before posting. Consultants can act on documents at that step. For all earlier client-owned groups (such as a department manager group), the approve button is disabled for consultants — the client’s own users handle those steps.

Caution

If you enable this setting before any consultant groups are configured, consultants will have no groups where they can act. Create at least one consultant group first.

When to leave this setting off

A few situations where you would leave this toggle off:

• No consultant groups are defined and consultants are intentionally acting as backup approvers across the full flow.
• Consultants are explicitly used as cover for client approvers during vacations or absences, and need to act at client-owned groups.
• During onboarding or testing, when consultants need full approval access to set up and verify the flow before go-live.

Once go-live is confirmed and consultant groups are in place, turning this on is the recommended default.

Related: Configure global approval settings