Understanding & Creating Permissions
Permissions define what actions users can take within your digital banking platform, such as viewing account data, approving payments, or managing employees. They are the building blocks of access control, allowing you to tailor user capabilities based on roles and responsibilities.
How Permissions Work
Many core permissions are auto-created by the system based on services like:
Ledger
Payments
Accounts
Access Management
These built-in permissions typically cover standard operations like read (*_r), write (*_w), and approve (*_a). These cannot be modified but are always available for use when assigning roles.
When to Create Custom Permissions
While core permissions are system-generated, admins can create additional permissions to support custom workflows or more granular access control. For example, you might need a permission for:
Viewing only flagged transactions
Approving high-value payments over a certain threshold
Accessing internal reporting tools
To create a new permission:
In the Manage Permissions screen, click Add New.
In the Add a new permission screen, select the applicable instruction.
Type a suggestive name and description of the permission. Example permissions:
ledger-svc/view_large_txns_r— View transactions over a set amountemployee-svc/update_roles_w— Edit employee role assignmentschart-svc/structure_preview_r— View chart of accounts structure without edit access
Naming convention for permissions
Use the following format:
<service-name>/<action>_<suffix>Service Name: identifies the module (e.g.,
employee-mgmt,ledger,access-mgmt)Action: describes what the permission allows
Suffix:
_r= read/view_w= write/create/edit
Click Add a permission to confirm.
You can add all the necessary permissions and then proceed to creating the roles.
Best Practices
Use consistent naming conventions (e.g.,
*_rfor read,*_wfor write).Regularly audit inactive permissions.
Always provide a meaningful reference to clarify what each permission does.
Last updated