What are Roles?
Roles are how Modern Treasury segments a user’s ability to access resources or execute specific actions through a roles based authorization system. A user may belong to many roles within an organization, and they may access all resources and perform all actions allowed by the combined set of roles assigned to the user.
Types of Roles
As of March 2020, we created default roles to make permissioning a bit easier (see below for types of permissions).
These default roles are a great place to start as you evaluate the users on the team and how to set the proper rules.
- Administrators: Manage and Edit access for all permissions
- Developers: Manage and Edit access for Developer Settings, Counterparties and Accounts; View Only access for Manage Organization
- Finance: Manage and Edit Access for Counterparties and Accounts; View Only access for Manage Organization; No Access for Developer Settings
You can also add new roles that make sense for your organization.
Where to find Roles
On your dashboard sidebar, under the “Settings” menu, you can access “Roles.” This is where you can create new roles in addition to defaults.
What are Permissions?
There are six permission domains: Organization Level, Developer, Counterparty, External Accounts, Ledgers and Account Permissions.
Each permission domain grants a user specific access into Modern Treasury. You can assign the following levels to each permission:
- "Manage and Edit Access" - Users can create or edit resources in this domain.
- "View Only Access" - Users can only view the resources.
- "No Access" - Users cannot even see the resources.
See below for a list of the resources within each domain.
Organization Level Permissions
Organization Level Permissions allow for a user to have insights into the setup for Modern Treasury. With this level, there is visibility into:
- Organization Settings, which include aspects like the organization’s name, email settings, NSF protection
- User and Role Management. For users with manage and edit access, they can create, update, and delete users and roles.
- Approval Rules for payment orders
- Notification Management
- Audit Trail Access
We recommend Admins of Modern Treasury have Manage and Edit access to the Organization Level Permissions.
Developer Permissions allow for a user to have insights into API Keys and Configuration, Webhooks, Events, and API Logs.
Counterparty Permissions allow for a user to have access to counterparty detail information as well as submitting invitations to be paid/charged. This does not allow you to add an account for the counterparty.
External Account Permissions
External Account Permissions allow for a user to add or edit the external account details of a counterparty. This permission should be assigned to those setting up customers to be paid or charged. Partial view access only displays the last four digits of account numbers.
Ledgers Permissions allow you to add or edit ledgers data within Modern Treasury.
Accounts Permissions allows a user to have access to their organization’s bank accounts. With this permission, a user will be able to view and manage payment orders, account balances, transactions, expected payments, paper items, and returns. You also have the ability to approve payment orders for accounts you have access to.
A role can be granted access to all accounts. The benefit of this setup is that when future accounts are added, the role will also have access. However, if you want to only grant access to certain accounts, that can be configured as well.
A user can create and approve payment orders out of an account so long as they have “Manage, Review and Edit” permissions on the specific account associated with the payment order. If they created the payment order, however, they will not be able to approve their own payment order. The only way to override this behavior is described below under “Overriding the Approval Queue.”
Overriding the Approval Queue
If a user has the “Manage and Edit” permission level on the organization, they are allowed to approve any payment order, even if they create it themselves. Although we typically don’t recommend setting up your roles this way, it can be beneficial if you are a small company or want a particular type of user (i.e., your CEO) to be able to bypass the rules. These actions will still be tracked.
Viewing Paper Items and Returns Without an Internal Account
Modern Treasury may import data about a Return or Paper Item that reference a bank account that Modern Treasury is not linked to at the bank. In these cases, a user may view the created Return or Paper Item object if that user has at least the global “View Only” permission on the Accounts domain.