Add, edit, and delete user roles

User roles control what the users of your account can see and do.

Each role includes a set of permissions for read and write access to different areas of the product.

For example, you might create these roles:

  1. Compliance officer role providing read and write access for all products in the Onboarding and Monitoring areas and no access the Billing area.
  2. Institution admin role providing read and write access to the Billing area and no access the Onboarding and Monitoring areas.

All roles are completely customisable.

Use the Manage roles area to add, edit, and delete user roles, then use the Manage users area to apply them to your users.

To add, edit, and delete user roles, you need to have Read and write access for the User management > Manage roles permission. If you don’t have access and you think you should, contact the administrator of your account.

Add a user role

  1. Go to User Management > Manage roles.
  2. Click New role. The Add new role page is displayed.
  3. Write the role's name in the Role name field.
  4. To provide a short description of the role, write it in the Role description field. If you leave this field blank, the description is displayed as No description provided.
  5. To add permissions to the role, click a permission to expand it, then select the type of access you’d like to enable (e.g. Read-only or Read and write). By default, no permissions are granted. Learn what users can do with each permission.
  6. Click Add new role. The role is displayed in the list of roles to the left. When you go to the Manage users area, you can assign it to users.

Edit a user role

  1. Go to User Management > Manage roles.
  2. Select the role you’d like to edit.
  3. To change the name, update the Role name field.
  4. To change the description, update the Role description field.
  5. To change permissions, click a permission to expand it, then select the type of access you’d like to enable (e.g. Read-only or Read and write). Learn what users can do with each permission.
  6. Click Save changes. The role is updated. If you modified the permissions, users see the changes immediately.
If a user doesn’t see changes to their permissions, ask them to refresh their browser.

Delete a user role

  1. Go to User Management > Manage users and remove the role from all users who have it assigned to them. It’s not possible to delete a role when it’s assigned to one or more users.
    The number of users with the role assigned to them is displayed to the right of the role’s name in the Manage roles area. This must be displayed as 0 users before the role can be deleted.
  2. Go to User Management > Manage roles.
  3. Select the role you’d like to delete.
  4. Click Delete role. A confirmation dialog is displayed.
  5. Click Delete role. The role is removed from the list of roles and can no longer be assigned to users.
If the Delete role button is disabled, one or more users have the role assigned to them. You must remove the role from their assigned roles before you can delete it.

What permissions can users have?

Onboarding & monitoring

This permission gives users access to product applications and applicant profiles in the Onboarding and Monitoring areas.

Read and write access is assigned per product.

  • Read: See all applications for the specified product. This includes seeing the applicant profiles and adding files and comments to profile conversations. It also includes seeing the application tasks and checks as well as adding notes and files to task notes.
  • Write: Add/accept/reject/cancel any application for the specified product. Also includes the ability to pass/fail/incomplete tasks, run checks, and edit applicant profiles.
If No access is assigned for all products, the Onboarding and Monitoring areas are not displayed.

Reports

This permission gives user access to reports in the Reports area.

  • Read: Download any report that’s been generated.
  • Write: Generate new reports.
If No access is assigned for this permission, the Reports area is not displayed.

Smart policies

This permission gives users access to see policies in the Policy Builder area.

  • Read: See all smart policies.
If No access is assigned for this permission, the Policy Builder area is not displayed.

Users

This permission gives users access to manage users and user roles in the User management area.

Manage users
  • Read: See all users on your account, along with their personal details and user roles.
  • Write: Add/deactivate any user on your account. Also includes editing any user’s details and resetting any user’s password.
If No access is assigned for Manage users, then Manage users is not displayed in the User Management area.
Manage roles
  • Read: See all user roles for your account.
  • Write: Create/edit/delete user roles.
If No access is assigned for Manage roles, then Manage roles is not displayed in the User Management area.
If No access is assigned for Manage users and Manage roles, the User Management area is not displayed.

Billing

This permission lets users top up the account balance and the manage payment card in the Billing and Payment Info areas of Manage account.

  • Read and write: Top up your account and add/update the payment card used to top up the account.
If No access is assigned for this role, the Billing and Payment Info areas are not displayed under Manage account.

Developer tools

This permission gives users access to the API key that’s displayed in the API Key area of Manage account.

  • Read: Get the key to make calls to the PassFort API. Also includes the ability to configure/edit webhooks.
If No access is assigned for this role, the API Key area is not displayed under Manage account.

Data protection

This permission gives users access to the Delete this profile option that's displayed on profiles accessed from the Onboarding and Monitoring areas.

Deleting profiles is a permanent action and the profile cannot be recovered. We recommend only enabling this option for users who need to delete profiles to meet GDPR requirements. For profiles that may be needed at a later date, we recommend rejecting or cancelling the application, which removes it from the Onboarding and Monitoring areas.

  • Read and write: Permanently delete profiles.
To permanently delete a profile, the user must also have Read access for the profile’s product application in the Onboarding & Monitoring permission.
If No access is assigned for this role, the Delete this profile option is not displayed on profiles.


How did we do?