The User Groups functionality can be found in the ‘Settings’ under ‘Access management’. This page explains how you could use the permissions and groups to manage the access within the KYC suite.
Summary
Permissions are a way to configure whether a group of users is allowed to perform specific functions within the KYC suite. Administrators are able to link permissions to groups and assign groups to users.
User Groups
A user group is a set of permissions that can be assigned to a user.
Group Type
There are two types of groups:
Default
A default group is a group with a fixed set of permissions.
Custom
A custom group is a group that has been created by an administrator and may be changed according to your needs.
Administrator Groups
If a permission with 'settings' in the name will be linked to a group, this group will be marked as an Administrator group. If a user is assigned to such a group, they will be allowed access to the Administrator page.
Create a new group
You can create a custom group to fit a specific combination of permissions to fit your needs.
Template
When you create a new group, you may use one of the templates that come with the KYC Suite. A template will fill in a group name and permissions, which may then be changed accordingly.Group name
This name will be used to refer to the group when assigning it to a user. An example of a group name could be "compliance officer" or "settings viewer".Description
This description can be used to provide additional information and cannot be left empty.Permissions
The permissions define what the users assigned to the group will be allowed to do. For more details, see 'Permissions'.
Permissions
The following permissions are currently supported within the KYC Suite. In the future, we expect to extend this list.
User Permissions
Name | Description | Default Group / Template |
addProductToClientDoneWrite | A user with this permission is allowed to finalise the workflow for adding a product to an existing client. See also: Add product to existing client | Approver |
manualIdentificationDoneWrite
| A user with this permission is allowed to complete a manual identification. A manual identification is completed when the status of a risk review is set to 'Done'. | Approver |
onboardingAcceptedWrite | Accept onboarding cases | Approver |
onboardingRejectedWrite | Reject onboarding cases | Approver |
workflowEndProductDoneWrite | A user with this permission is allowed to finalise the workflow for terminating a product. | Approver |
workflowEndPartyDoneWrite | A user with this permission is allowed to finalise the workflow for off-boarding a party. | Approver |
workflowReviewDoneWrite | A user with this permission is allowed to sign-off a risk review. A sign-off is when the status of a risk review is set to 'Done'. | Approver |
clientFileOverviewPartiesExport | Access to the 'Export' button in the Client File Overview | Administrator |
removeConnectionDoneWrite | Approve removing a connection. | Approver |
changePartyStatusDoneWrite | Approve changing the status of a party. | Approver |
Data import permissions
The following permissions are relevant in the context of importing data into Client File. Read more on our page about "Import and update data in Client File".
Name | Description | Default Group / Template |
workflowPartyInputOrchestrationDataChangedWrite | Edit data during a Client File import | None |
workflowPartyInputOrchestrationProcessingStartedWrite | Sign-off a Client File import | None |
workflowPartyInputOrchestrationValidationStartedWrite | Start validation for a Client File import | None |
Data deletion permissions
The following permissions are related to permanently deleting data from Client File.
Name | Description | Default Group / Template |
deleteProductWrite | Permanently delete products from Client File. | None |
deletePartyWrite | Permanently delete parties from Client File. | None |
dataRetentionSettingsWrite | Set up data retention settings which will permanently delete data from the Client File. | Administrator |
Administrator Permissions
The administrator permissions give access to different sections in the settings, including the access management section, where the permissions themselves can be managed. All of these settings are provided in the default group and template with the name 'Administrator'.
Name | Menu Item | Description |
userGroupsSettingsRead | Access Management > User Groups | An administrator with this permission is allowed to view/manage user groups |
userSettingsRead | Access Management > Users | An administrator with this permission is allowed to view/manage users |
accessTokenSettingsRead accessTokenSettingsWrite | Access Management > Tokens | An administrator with this permission is allowed to view/manage access tokens |
notificationSettingsRead notificationSettingsWrite | Access Management > Notifications | An administrator with this permission is allowed to view/manage notifications |
adminSettings | All, excluding the above | An administrator with this permission is allowed to manage the KYC-suite settings that have not yet been defined as separate permissions. This permission will be deprecated as soon as all permissions have been implemented separately. |
Read More
To read more about how to configure users. See our page: Access Management: Users