Modern Treasury segments a user’s ability to access resources or execute specific actions through a roles based authorization system. A user may belong to many roles within an organization, and they may access all resources and perform all actions allowed by the combined set of roles assigned to the user.
Where to find Roles?
Roles are accessed through the “Roles” link under the “Settings” menu on the sidebar.
How Permissions are Divided
There are four permission domains:
- Organization Level Permissions
- Developer Permissions
- Counterparty Permissions
- Account Permissions*
See below for a list of the resources within each domain.
Each permission can be assigned one of the following permission levels:
- "Manage and Edit Access" - Users can create or edit resources in this domain.
- "View Only Access" - Users can only view the resources.
- "No Access" - Users cannot even see the resources.
* Account Permissions
The permission level on the Accounts domain may be specified globally for all accounts within an organization or on a per-account basis.
In order to create or approve payment orders out of an account, a user must have a role that includes the "Manage, Review and Edit" permission globally on the specific account associated with the payment order.
What Exactly Is In Each Permission Domain?
- Email Settings
- NSF Protection Settings
- User Management
- Role Management
- Approval Rules
- Notification Rules
- Audit Trails
- API Keys
- IP Whitelist
- Counterparty Entities
- External Accounts
- Payment Orders
- Account Balances
- Expected Payments
- Paper Items
- Payment Order Approvals
Overriding the Approval Queue
If a user has the “Manage and Edit” permission level on the organization, they are allowed to approve any payment order, even if they create it themselves. (These actions will still be tracked.)
Viewing Paper Items and Returns Without an Internal Account
Modern Treasury may import data about a Return or Paper Item that reference a bank account that Modern Treasury is not linked to at the bank. In these cases, a user may view the created Return or Paper Item object if that user has a global “View Only” permission on the Accounts domain.