Create, edit, and delete roles

Roles control what users can see and do on your account. They can be applied to individual users or to all members of a team.

Each role includes a set of permissions. Permissions provide the user or team members with different levels access to areas of the product.

The access types are:

  • No access: The user or team members cannot see the area of the product at all.
  • Read-only: Limited access to the area of the product.
  • Read and write: Full access to the area of the product.
What users and team members can do with read-only and read and write access is different for each permission. To get an explanation of each one, see What permissions can users have?

Here's an example of the kind of roles you might have on your account:

  1. Compliance officer: Providing full access for all products on the Onboarding and Monitoring tabs and no access the Billing section.
  2. Institution admin: Providing full access to the Billing section and no access to the Onboarding and Monitoring tabs.
To create, edit, and delete user roles, you need to have Read and write access for the Manage roles permission. If you don’t have access and you think you should, contact the administrator of your account.

Create a role

  1. Go to User Management > Roles.
  2. Click New role. The Add new role page is displayed.
  3. Write the role's name in the Role name field.
  4. To provide a short description of the role, write it in the Role description field. If you leave this field blank, the description is displayed as No description provided.
  5. To add permissions to the role, click a permission to expand it, then select the type of access you’d like to enable (e.g. Read-only or Read and write). By default, no permissions are granted. Learn what users can do with each permission.
  6. Click Add new role. The role is displayed in the list of roles to the left. If you have Read and write access the Manage users permission, you can assign assign the role to users and team members.

Edit a role

  1. Go to User Management > Roles.
  2. Select the role you’d like to edit.
  3. To change the name, update the Role name field.
  4. To change the description, update the Role description field.
  5. To change permissions, click a permission to expand it, then select the type of access you’d like to enable (e.g. Read-only or Read and write). Learn what users can do with each permission.
  6. Click Save changes. The role is updated. If you modified the permissions, users and team members see the changes immediately.
If a user or team member doesn’t see changes to their permissions, ask them to refresh their browser.

Delete a role

Roles can only be deleted if they're not assigned to any users.

  1. Go to User Management > Users and remove the role from all users who have it assigned to them.
    The number of users with the role assigned to them is displayed to the right of the role’s name in the Roles section. This must be displayed as 0 users before the role can be deleted.
  2. Go to User Management > Roles and select the role you’d like to delete.
  3. Click Delete role. A confirmation dialog is displayed.
  4. Click Delete role. The role is removed from the list of roles and can no longer be assigned to users.
If the Delete role button is disabled, one or more users have the role assigned. Remove the role from the users, then repeat the steps to delete the role.

What permissions can users have?

Onboarding & monitoring

Access for the Onboarding & Monitoring permission is assigned per product:

  • No access: Profiles with applications for this product only are not displayed.

    If a profile also has an application for a product that the user has Read-only or Read and write access to, the user can see that the profile has made an application to this product, but they cannot take action on it (e.g. approve or reject it) or see the application's tasks.
If No access is assigned for all products, the Onboarding and Monitoring tabs are not displayed.
  • Read-only:
    • See all profiles with applications for this product.
    • Add files and comments to profile conversations.
    • Approve/reject/cancel applications.
    • See tasks and check results.
    • Add files and notes to task notes.
    • Assign applications to users and teams.
  • Read and write:
    • Add new applications for the specified product.
    • Pass/fail/incomplete tasks.
    • Run checks.
    • Edit applicant profiles.
    • Plus, the Read-only access described above.

Reports

All reports
  • No access: The Reports tab is not displayed.
  • Read-only: See reports on the Applications and Checks sections, plus download any report that's been generated in the Report Generator section.
  • Read and write: Generate new reports on the Report Generator section, plus the Read-only access described above.
Export data
  • No access: The button to export report data from the Applications overview section is disabled.
  • Read-only: Export report data from the Applications overview section. Note that to do this, you also need Read-only or Read and write access for the All reports permission because this is what enables you to see the Applications overview section.

Smart policies

  • No access: The Policy Builder tab is not displayed.
  • Read-only: See all smart policies.

Users

Manage users
  • No access: The Manage users section is not displayed on the User Management tab.
  • Read-only: See all users on your account, along with their personal details and user roles.
  • Read and write:
    • Add/deactivate users.
    • Edit user details.
    • Assign roles to users and teams.
    • Reset user passwords.
    • Plus, the Read-only access described above.
Manage roles
  • No access: The Manage roles section is not displayed on the User Management tab.
  • Read-only: See all roles for your account.
  • Read and write:
    • Create/edit/delete user roles.
    • Plus, the Read-only access described above.
If No access is assigned for Manage users and Manage roles, the User Management tab is not displayed.

Billing

  • No access: The Billing and Payment Info options are not displayed on the Manage account menu.
  • Read and write:
    • Top up your account.
    • Add/update the payment card used to top up your account.

Developer tools

Master API key
  • No access: The API key section is not displayed on the Manage account menu.
  • Read-only: Get the key(s) used to make calls to the PassFort API.
  • Read and write: Issue/revoke API keys.
Webhook config
  • No access: The Webhook config section is not displayed on the Manage account menu.
  • Read and write: Configure/edit webhooks.

Data protection

This permission gives users access to the Delete this profile option.

Deleting profiles is a permanent action and the profile cannot be recovered. We recommend only enabling this option for users who need to delete profiles to meet GDPR requirements. For profiles that may be needed at a later date, we recommend rejecting or cancelling the application, which removes it from the Onboarding and Monitoring tabs.

  • No access: The Delete this profile option is not displayed on profiles.
  • Read and write: Permanently delete profiles.
To permanently delete a profile, the user must also have Read-only or Read and write access for the profile's product for the Onboarding & Monitoring permission.


How did we do?


Powered by HelpDocs