User permissions
Permissions provide the user or team members with different levels of access to areas of the product.
The access types are:
No access: The user or team members cannot see the area of the product at all.
Read-only: Limited access to the area of the product.
Read and write: Full access to the area of the product.
What users and team members can do with read-only and read and write access is different for each permission.
Product applications
Access for the Product application permission is assigned per product:
No access: Profiles with product applications for this product only are not displayed.
If No access is assigned for all products, the Profiles tabs are not displayed.
Read-only:
See all profiles with product applications for this product.
Add files and comments to profile conversations.
See tasks and check results.
Add files and notes to task notes.
Assign product applications to users and teams.
Read and write
Add new product applications for the specified product.
Approve/reject/cancel product applications.
Create and apply decision reasons.
Pass/fail/incomplete tasks.
Run checks.
Edit applicant profiles.
Plus, all permissions that are assigned to users with Read-only access.
Caution
If a user has Read-only or Read and write access to any of the profile's product applications, the user can see all of the profile's product applications and associated tasks as well as the full history of all product applications in the audit report. However, the user may not be able to see tasks and cannot take action on the product application or tasks, such as approve/reject the product application, pass/fail tasks, or run checks.
Reports
All reports
No access: The Reports tab is not displayed.
Read-only: See reports for Product applications, Tasks, and Checks.
Export data
No access: The button to export report data from the Applications overview section is disabled.
Read-only: Export report data from Applications, and Checks reports. Note that to do this, you also need Read-only access for the All reports permission because this is what enables you to see the reports.
Smart policies
No access: The Policy Builder tab is not displayed.
Read-only: See smart policies and configuration details such as data provider setup and task configuration.
User management
Manage users
No access: The Manage users section is not displayed on the User Management tab.
Read-only: See all users on your account, along with their personal details and user roles.
Read and write:
Add/deactivate users.
Edit user details.
Assign roles to users and teams.
Reset user passwords.
Plus, all permissions that are assigned to users with Read-only access.
Manage roles
No access: The Manage roles section is not displayed on the User Management tab.
If No access is assigned for Manage users and Manage roles, the User Management tab is not displayed.
Read-only: See all roles for your account.
Read and write:
Create/edit/delete user roles.
Plus, all permissions that are assigned to users with Read-only access.
Developer tools
Master API key
No access: The API key section is not displayed on the Manage account menu.
Read-only: Get the key(s) used to make calls to the Passfort API.
Read and write: Issue/revoke API keys.
Webhook config
No access: The Webhook config section is not displayed on the Manage account menu.
Read and write: Configure/edit webhooks.
IP allow list
No access: The IP allow listing section is not displayed on the User Management tab.
Read-only: See all IP addresses on the allow list.
Read and write:
Enable/disable IP allow listing.
Add/remove IP addresses and ranges.
Edit descriptions for IP addresses and ranges.
Data protection
Permanently delete profiles
No access: The Delete this profile option is not displayed on profiles.
Read and write: Permanently delete profiles using the Delete this profile option. Deleting profiles is a permanent action and the profile cannot be recovered. We recommend only enabling this option for users who need to delete profiles to meet GDPR requirements. For profiles that may be needed at a later date, we recommend rejecting or canceling the product application, which removes it from the Profiles tab.
To permanently delete a profile, the user must also have Read-only or Read and write access for the profile's product for the Product applications permission.
Permanently delete files
No access: The Delete file option is not displayed for profile files.
Read and write: Permanently delete profile files using the Delete file option. These files will be inaccessible and will not be recoverable via the portal or the API. We recommend only enabling this option for users who need to delete files to meet GDPR requirements.