diff --git a/src/PowderCoating.Web/Helpers/HelpKnowledgeBase.cs b/src/PowderCoating.Web/Helpers/HelpKnowledgeBase.cs
index 964d9be..2937120 100644
--- a/src/PowderCoating.Web/Helpers/HelpKnowledgeBase.cs
+++ b/src/PowderCoating.Web/Helpers/HelpKnowledgeBase.cs
@@ -82,7 +82,8 @@ public static class HelpKnowledgeBase
         ROLE AWARENESS:
         - SuperAdmin: Full access to everything including Platform Management tools
         - CompanyAdmin: Full access to all company features including Settings, Users, Billing
-        - Manager: Access to jobs, quotes, invoices, customers, inventory, reports — no platform tools
+        - Manager: Access to jobs, quotes, invoices, customers, inventory, vendors, reports — no platform tools
+        - Accountant: Financial focus — bills & AP, invoices, bank reconciliations, chart of accounts, vendors, purchase orders, reports; no jobs, settings, or user management
         - Worker: Can create/edit jobs and quotes; no settings, billing, or user management
         - Viewer: Read-only access to most data; no create/edit capabilities
 
@@ -895,8 +896,9 @@ public static class HelpKnowledgeBase
         **Where:** [Company Users](/CompanyUsers) — via Settings menu → Users
 
         **Roles:**
-        - *CompanyAdmin* — full company access including settings, users, billing
-        - *Manager* — jobs, quotes, invoices, customers, inventory, reports — no settings or user management
+        - *CompanyAdmin* — full company access including settings, users, billing. All permissions granted automatically.
+        - *Manager* — jobs, quotes, invoices, customers, inventory, vendors, reports — no settings or user management
+        - *Accountant* — financial focus: bills & AP, invoices, bank reconciliations, chart of accounts, vendors, purchase orders, and reports. No job management, settings, or user management. When selected, the system auto-checks the five relevant permissions (Invoices, Reports, Vendors, Bills & AP, Accounting).
         - *Worker* — create/edit jobs and quotes; no settings, billing, or user management
         - *Viewer* — read-only access
 
@@ -906,6 +908,12 @@ public static class HelpKnowledgeBase
         3. System sends an invitation email
         4. Save
 
+        **Fine-grained permissions:** Below the role dropdown on the Create/Edit user form, individual permission checkboxes let you grant specific capabilities beyond what the role provides. Notable permissions:
+        - *Can Manage Bills & AP* — access to vendor bills, expenses, bill payments, and recurring bill detection. The Bills controller requires this permission for all write actions.
+        - *Can Manage Accounting* — access to chart of accounts, bank reconciliations, and journal entries.
+        - *Can View Reports* — access to all financial reports and AI analytics features (cash flow, anomaly detection, financial queries, late payment prediction).
+        CompanyAdmin users always have all permissions (checkboxes are locked). Accountant role auto-checks: Can Manage Invoices, Can View Reports, Can Manage Vendors, Can Manage Bills & AP, and Can Manage Accounting.
+
         **Resetting a password (sending a reset link):** On the Company Users list or the user's Details page, click the envelope-arrow button (<i class="bi bi-envelope-arrow-up"></i>) next to the user. This sends the user an email with a secure password reset link — they click it and choose a new password themselves. This is the recommended way to help a user who is locked out or who fat-fingered their email at signup.
 
         **Deactivating a user:** Use the toggle on the user list or the edit form.
diff --git a/src/PowderCoating.Web/Views/Help/Settings.cshtml b/src/PowderCoating.Web/Views/Help/Settings.cshtml
index 7e95c56..1a7b704 100644
--- a/src/PowderCoating.Web/Views/Help/Settings.cshtml
+++ b/src/PowderCoating.Web/Views/Help/Settings.cshtml
@@ -548,13 +548,52 @@
                         <tr><th style="width:25%">Role</th><th>Access level</th></tr>
                     </thead>
                     <tbody>
-                        <tr><td><span class="badge bg-danger">CompanyAdmin</span></td><td>Full company access including settings, users, and billing.</td></tr>
-                        <tr><td><span class="badge bg-warning text-dark">Manager</span></td><td>Jobs, quotes, invoices, customers, inventory, reports — no settings or user management.</td></tr>
+                        <tr><td><span class="badge bg-danger">Company Admin</span></td><td>Full company access including settings, users, and billing. All permissions granted automatically.</td></tr>
+                        <tr><td><span class="badge bg-warning text-dark">Manager</span></td><td>Jobs, quotes, invoices, customers, inventory, vendors, reports — no settings or user management.</td></tr>
+                        <tr><td><span class="badge bg-success">Accountant</span></td><td>Financial focus: bills &amp; AP, invoices, bank reconciliations, chart of accounts, vendors, purchase orders, and reports. No job management or settings access.</td></tr>
                         <tr><td><span class="badge bg-primary">Worker</span></td><td>Create and edit jobs and quotes; no settings, billing, or user management.</td></tr>
                         <tr><td><span class="badge bg-secondary">Viewer</span></td><td>Read-only access to most data.</td></tr>
                     </tbody>
                 </table>
             </div>
+            <p class="small text-muted mb-3">
+                When you select <strong>Accountant</strong> in the role dropdown, the permissions form automatically
+                pre-checks the five relevant permissions (Invoices, Reports, Vendors, Bills &amp; AP, Accounting).
+                You can adjust the individual checkboxes for users whose needs differ from the default.
+            </p>
+
+            <h3 class="h6 fw-semibold mt-3 mb-2">Fine-Grained Permissions</h3>
+            <p>
+                Below the role dropdown, each user has individual permission checkboxes. These let you grant
+                specific capabilities independently of the role — for example, giving a Worker access to view
+                reports without making them a Manager. Company Admins always have all permissions and the
+                checkboxes are locked.
+            </p>
+            <div class="table-responsive mb-3">
+                <table class="table table-sm table-bordered mb-0">
+                    <thead class="table-light">
+                        <tr><th style="width:35%">Permission</th><th>What it unlocks</th></tr>
+                    </thead>
+                    <tbody>
+                        <tr><td>Can Manage Jobs</td><td>Create, edit, and update job status.</td></tr>
+                        <tr><td>Can Manage Inventory</td><td>Add, edit, and adjust inventory items and stock levels.</td></tr>
+                        <tr><td>Can Manage Customers</td><td>Create and edit customer records.</td></tr>
+                        <tr><td>Can Create Quotes</td><td>Build and send quotes to customers.</td></tr>
+                        <tr><td>Can Approve Quotes</td><td>Internally approve quotes on behalf of the customer.</td></tr>
+                        <tr><td>Can Manage Calendar</td><td>Create and edit appointments.</td></tr>
+                        <tr><td>Can View Calendar</td><td>View the appointments calendar (read-only).</td></tr>
+                        <tr><td>Can Manage Products</td><td>Create and edit catalog items.</td></tr>
+                        <tr><td>Can View Products</td><td>Browse the catalog item list (read-only).</td></tr>
+                        <tr><td>Can Manage Equipment</td><td>Add equipment records and log maintenance.</td></tr>
+                        <tr><td>Can Manage Vendors</td><td>Create and edit vendor records.</td></tr>
+                        <tr><td>Can Manage Maintenance</td><td>Schedule and complete maintenance tasks.</td></tr>
+                        <tr><td>Can Manage Invoices</td><td>Create invoices and record payments.</td></tr>
+                        <tr><td>Can View Reports</td><td>Access all reports and AI analytics features.</td></tr>
+                        <tr><td><strong>Can Manage Bills &amp; AP</strong></td><td>Create and pay vendor bills, record expenses, and use recurring bill detection. Grants access to the full Accounts Payable section.</td></tr>
+                        <tr><td><strong>Can Manage Accounting</strong></td><td>Access the chart of accounts, bank reconciliations, and manual journal entries.</td></tr>
+                    </tbody>
+                </table>
+            </div>
 
             <h3 class="h6 fw-semibold mt-3 mb-2">Resetting a Password</h3>
             <p>

Permission	What it unlocks
Can Manage Jobs	Create, edit, and update job status.
Can Manage Inventory	Add, edit, and adjust inventory items and stock levels.
Can Manage Customers	Create and edit customer records.
Can Create Quotes	Build and send quotes to customers.
Can Approve Quotes	Internally approve quotes on behalf of the customer.
Can Manage Calendar	Create and edit appointments.
Can View Calendar	View the appointments calendar (read-only).
Can Manage Products	Create and edit catalog items.
Can View Products	Browse the catalog item list (read-only).
Can Manage Equipment	Add equipment records and log maintenance.
Can Manage Vendors	Create and edit vendor records.
Can Manage Maintenance	Schedule and complete maintenance tasks.
Can Manage Invoices	Create invoices and record payments.
Can View Reports	Access all reports and AI analytics features.
Can Manage Bills & AP	Create and pay vendor bills, record expenses, and use recurring bill detection. Grants access to the full Accounts Payable section.
Can Manage Accounting	Access the chart of accounts, bank reconciliations, and manual journal entries.