Permissions Catalogue
Permissions are pre-defined within the Fenergo SaaS application and represent a series of functional capabilities across the various features within the application.
Permissions determine what a user can do within the system. They cover administrative, operational and configuration based user activities.
From an Operational user's POV, permissions control what the user can access, create, cancel, etc. For example, a user may have permission to initiate journey, access client entity data, and trigger screening. Permissions also govern what the Configuration user is allowed to do within the system whether including operations such as create, edit, and approve with respect to configuration sets. For example, a user may have permission to create Policy drafts, edit the requirements within it, and then approve any changes to policies.
Permissions are organized by Domain and are pre-defined per specific API capabilities within the system. Permissions are broken up into the following categories:
- Access - the ability to access a feature
- Edit - the ability to edit within a feature
- Create - the ability to create an instance of an object related to feature
- Cancel - the ability to cancel an activity within a feature
- Delete - the ability to delete within a feature
- Approve - the ability to approve within a feature
- Archive - the ability to archive within a feature
Permissions are added to Teams. While the individual permissions are pre-configured and cannot be changed, Teams are configurable and the the combinations of permissions contained within team are fully configurable.
This document also includes suggested "User Personas" to help understand logical combinations of permissions across different job functions.
Within this document, the term "Lower-Level Environment" is used to describe non-production environments such as DEV, SIT, UAT, PRE-PROD.
Administration
Configuration Exchange
| Permission Name | Description | Notes |
|---|---|---|
| Configuration Exchange Access | Ability to access the Configuration Exchange feature | This permission allows users to go into the Configuration Exchange feature and explore. It's the most basic permission for the feature, however edit permissions are also required to be able to Import configuration to a tenant. |
| Configuration Exchange Edit | Ability to use Configuration Exchange to import draft items to/from permitted domains | This permission is typically limited to an organization's Release Management function in Production and Pre-Prod tenants but is often made available to System Configuration users in lower-level environments such as Dev and UAT. |
| Configuration Exchange Publish | Ability to choose to Publish imported items to permitted domains | This permission is required to access the 'Import in a Published State' toggle within Configuration Exchange. Domain 'Approval' permissions are also required to successfully publish imported configuration |
warning
A Release Management user with the permission Configuration Exchange Edit requires Access and Edit permissions within each of the various domains they are promoting configuration to/from.
Configuration Release Hub
| Permission Name | Description | Notes |
|---|---|---|
| Configuration Release Hub Access | Ability to access the Configuration Release Hub feature and view Configuration Bundles | Allows users to navigate to Configuration Release Hub → Configuration Bundles and view bundle contents. This permission does not allow users to create, edit, or import bundles. |
| Configuration Release Hub Create Bundle | Ability to create and edit Configuration Bundles within the source tenant | Typically granted to configuration or release teams responsible for building and maintaining bundles in the Dev tenant. Enables users to create drafts, edit bundle details, and add/remove selected items. |
| Configuration Release Hub Import Bundle | Ability to import a published Configuration Bundle version to a target tenant via API | Required to initiate import endpoints. Users do not require domain-level configuration permissions in the target environment. Suitable for automation users, pipelines, and deployment functions. |
Data Migration
| Permission Name | Description | Notes |
|---|---|---|
| Data Migration Administrator | Ability to execute Data Migration activities | This permission is typically limited to an organization's Release Management function in all client environments. |
ETL (Extract Transform Load)
| Permission Name | Description | Notes |
|---|---|---|
| ETL Administrator | Ability to access ETL tool, Create and Run migrations | Required by Migration users in lower-level environments to access the ETL configuration. Generally, only provided to Application Support Teams in a Production environment. |
| Agency ETL Administrator | Ability to access and use Agency ETL task for bulk upload | Required to view and use the Agency ETL task in an Agency Request Journey. This permission doesn't affect access to the ETL tool for migrations. |
Security
| Permission Name | Description | Notes |
|---|---|---|
| Security Configuration Access | Ability to access the Security Configuration feature | Required by System Configuration users in lower-level environments to access the Security Configuration. Generally, only provided to Application Support Teams in a Production environment. It is necessary for a user to have this Permission in order to make use of the other permissions for this Domain via the UI and to Access the User Management screen. |
| Security Configuration Create | Ability to create new Teams via the Security Configuration feature | Required by System Configuration users in lower-level environments to create Teams. This permission is not typically granted to users in a Production environment. |
| Security Configuration Edit | Ability to edit Teams via the Security Configuration feature including assigning Permissions to a team and cloning an existing team | Required by System Configuration users in lower-level environments to configure Teams. This permission is not typically granted to users in a Production environment. |
| Security Configuration Delete | Ability to delete Teams via the Security Configuration feature. | Required by System Configuration users in lower-level environments to delete Teams. This permission is not typically granted to users in a Production environment. |
| Security User Administration | Ability to access the User Administration feature | Required by User Administration User to assign Teams to individual Users. This permission is typically limited to an organization's User Administration function in a Production environment but is often made available to System Configuration users in lower-level environments. |
| Security Create New User | Ability to create a new user in this tenant | Required by User Administration User to create new Users. This permission is typically limited to an organization's User Administration function in a Production environment but is often made available to System Configuration users in lower-level environments. |
| Security Edit Users | Ability to access the Edit User details | Required by User Administration User to edit Users. This permission is typically limited to an organization's User Administration function in a Production environment but is often made available to System Configuration users in lower-level environments. |
| Security Remove Users | Ability to remove Users from a tenant | Required by User Administration User to remove Users. This permission is typically limited to an organization's User Administration function in a Production environment but is often made available to System Configuration users in lower-level environments. |
Configuration Permissions
Credit Policy
| Permission Name | Description | Notes |
|---|---|---|
| Credit Policy Configuration Access | Ability to access the configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to access the Credit Policy Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Credit Policy Configuration Edit | Ability to create new and edit existing configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to create and modify configuration within the Credit Policy Configuration Feature. This permission is not typically granted to users in a Production environment. |
| Credit Policy Configuration Delete | Ability to delete existing configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to delete a published version or full record. This permission is not typically granted to users in a Production environment. |
| Credit Policy Configuration Approve | Ability to approve configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to approve a Credit Policy Configuration. This permission is not typically granted to users in a Production environment. |
| Credit Policy Configuration Archive | Ability to archive configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to archive a Credit Policy Configuration version. This permission is not typically granted to users in a Production environment. |
Data Protection
| Permission Name | Description | Notes |
|---|---|---|
| Data Protection Configuration Access | Ability to access and interact and navigate into the Data Protection domain/screen | Required by System Configuration users responsible for reviewing Data Protection Regimes. |
| Data Protection Configuration Create | Ability to create new Data Protection regimes via the ADD button | Required by System Configuration users responsible for creating new Data Protection Regimes. |
| Data Protection Configuration Edit | Ability to edit existing Data Protection regimes | Required by System Configuration users responsible for editing existing Data Protection Regimes. |
| Data Protection Configuration Delete | Ability to delete existing Data Protection regimes | Required by System Configuration users responsible for deleting existing Data Protection Regimes. |
| Data Protection Configuration Approve | Ability to Approve versions of Entity Check Configuration. | Required by System Configuration users in lower-level environments to Approve Data Protection Entity Check configuration. This permission is not typically granted to users in a Production environment. |
| Data Protection Configuration Archive | Ability to Archive versions of Entity Check Configuration. | Required by System Configuration users in lower-level environments to Archive Data Protection Entity Check configuration. This permission is not typically granted to users in a Production environment. |
Digital ID&V Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Digital ID&V Configuration | Ability to access the Digital ID&V Configuration | Users with this permission can configure the Fenergo Native Digital ID&V solution or Jumio integration. |
Document Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Document Configuration Access | Ability to access the Document Types feature | Required by System Configuration users in lower-level environments to access the Document Types Configuration area. Generally, only provided to Application Support Teams in a Production environment. It is necessary for a user to have this Permission to make use of the other permissions for this Domain via the UI. |
| Document Configuration Edit | Ability to create new Document Types sets and update existing Document Types sets | Required by System Configuration users in lower-level environments to create new sets of Document Types as well as make changes to existing versions of Document Types in Fenergo SaaS. This permission is not typically granted to operational users in a Production environment. |
| Document Configuration Delete | Ability to delete existing Document Types | Required by System Configuration users in lower-level environments to delete Document Types. This permission is not typically granted to operational users in a Production environment. |
| Document Configuration Approve | Ability to approve a set of Document Types that is submitted for publication | Required by System Configuration users in lower-level environments to approve or reject a set of Document Types after it has been submitted for approval. This permission is not typically granted to operational users in a Production environment. |
| Document Configuration Archive | Ability to archive a set of Document Types | Required by System Configuration users in lower-level environments to archive a set of Document Types. This permission is not typically granted to operational users in a Production environment. |
eSignature Configuration
| Permission Name | Description | Notes |
|---|---|---|
| eSignature Configuration Access | Ability to access the eSignature Configuration feature | Required by System Configuration users who will need to see the configuration set up between eSign vendors and Fenergo SaaS. |
| eSignature Configuration Create | Ability to create new configurations within the eSignature Configuration feature | Required by System Configuration users who will be establishing eSignature capability and connection between eSign vendors and Fenergo SaaS. |
| eSignature Configuration Edit | Ability to edit existing configurations within the eSignature Configuration feature | Required by System Configuration users who will be updating eSignature capability and connection between eSign vendors and Fenergo SaaS. |
| eSignature Configuration Delete | Ability to delete configurations within the eSignature Configuration feature | Required by System Configuration users who will be removing eSignature capability between and eSign vendor and Fenergo SaaS. |
Event Ingress
| Permission Name | Description | Notes |
|---|---|---|
| Get Event Details | Ability to retrieve Ingress Event Details | This permission allows users to retrieve details on Event Ingress messages such as Event Type, Processing Status and further details. Users with this permission will see Integration Hub in the Dashboard menu. |
| Get Event Payload | Ability to retrieve Ingress Event Payload | This permission allows users to retrieve past event payload, and processed message for when event subtype is DataImport. Take special care when assigning this permission in a Production-like environment as the messages can contain sensitive data. |
External Data Configuration
| Permission Name | Description | Notes |
|---|---|---|
| External Data Mapper Access | Ability to access the External Data Mapper tool | This permission is used by SaaS engineering or clients to access the External Data Mapping APIs [GET] to make changes to the External Data Provider attributes mapping. |
| External Data Mapper Edit | Ability to use the External Data Mapper tool to make changes to the mapping | This permission is used by SaaS engineering or clients to make changes to the External Data Mapping APIs [PUT] to make changes to the External Data Provider attributes mapping. |
| External Data Configurator Access | Ability to access the External Data Configuration page and interact with the associated APIs | This permission is used by SaaS engineering or clients to access the External Data Configuration page for setting up an External Data Provider. |
| External Data Configurator Create | Ability to create new External Data Configurations | This permission is used by SaaS engineering as a part of Tenant set up and is not required by clients to be applied to users. |
| External Data Configurator Edit | Ability to edit within the External Data Configuration page | This permission is used by SaaS engineering or clients to make edits within the External Data Configuration page and is also required for changes to a specific provider. |
| External Data Configurator Delete | Ability to delete External Data Configurations | This permission is used by SaaS engineering as a part of Tenant management and is not required by clients to be applied to users. |
Impact Assessment
| Permission Name | Description | Notes |
|---|---|---|
| Risk Impact Assessment Access | Ability to View a completed Risk Impact Assessment | This permission allows users to view the outcomes of a completed Risk Impact Assessment. The permission is needed by users who don't have Edit permission but are involved in the process of evaluating changes to risk configuration. |
| Risk Impact Assessment Edit | Ability to initiate a Risk Impact Assessment | This permission allows users to populate the parameters and run a Risk Impact Assessment. The permission is required by users who make changes to stable risk configuration and need to evaluate that impacts match expectations. |
Integration Flows Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Configuration Access | Ability to view Flow Configurations in Flow Studio | Required by System Configuration users in lower-level environments to access Flow Configurations in Flow Studio. Generally, only provided to Application Support Teams in a Production environment. It is necessary for a user to have this Permission to make use of the other permissions for this Domain via the UI. |
| Configuration Edit | Ability to interact with and save changes to a Flow Configuration in Flow Studio | Required by System Configuration users in lower-level environments to make changes to the Flow Configuration in Flow Studio Feature. This permission is not typically granted to users in a Production environment. |
| Configuration Approve | Ability to approve/reject a Flow Version that is submitted for publication | Required by System Configuration users in lower-level environments to approve or reject a Flow Version changes. This permission is not typically granted to users in a Production environment. |
| Configuration Delete | Ability to delete a Flow | Required by System Configuration users in lower-level environments to delete a Flow. This permission is not typically granted to users in a Production environment. |
| Mapping Edit | Ability to interact with and save changes to a Schema or Mapping Configuration in Flow Studio | Required by System Configuration users in lower-level environments to make changes to the Schema or Mapping Configuration in Flow Studio Feature. This permission is not typically granted to users in a Production environment. |
| Auth Configuration Access | Ability to view Custom Authentication configurations in Flow Studio | Required by System Configuration users in lower-level environments to view Custom Authentication configuration in Flow Studio Feature. This permission is not typically granted to users in a Production environment. |
| Auth Configuration Edit | Ability to change Custom Authentication configurations in Flow Studio | Required by System Configuration users in lower-level environments to make changes to the Custom Authentication configuration in Flow Studio Feature. This permission is not typically granted to users in a Production environment. |
Journey Builder
| Permission Name | Description | Notes |
|---|---|---|
| Journey Builder Access | Ability to access the Journey Builder feature | Required by System Configuration users in lower-level environments to access the Journey Builder Feature. Generally, only provided to Application Support Teams in a Production environment. It is necessary for a user to have this Permission to make use of the other permissions for this Domain via the UI. |
| Journey Builder Edit | Ability to interact with and save changes to the Journey Builder feature | Required by System Configuration users in lower-level environments to make changes to the Journey Builder Feature. This permission is not typically granted to users in a Production environment. |
| Journey Builder Approve | Ability to approve a Journey schema that is submitted for publication | Required by System Configuration users in lower-level environments to approve a journey schema. This permission is not typically granted to users in a Production environment. |
| Journey Builder Archive | Ability to archive a Journey version or schema | Required by System Configuration users in lower-level environments to archive a journey schema. This permission is not typically granted to users in a Production environment. |
| Journey Builder Delete | Ability to delete a Journey schema | Required by System Configuration users in lower-level environments to delete a journey version or schema. This permission is not typically granted to users in a Production environment. |
| Journey Launch Control Access | Ability to Access the Journey Launch Controls configuration | Required by System Configuration users in lower-level environments to access Journey Launch Controls configuration. This permission is not typically granted to users in a Production environment, but may be granted so that bespoke Users in a Production environment can understand the underlying logic of the configured Journey Launch Controls. |
| Journey Launch Control Delete | Ability to delete existing Journey Launch Controls Configuration | Required by System Configuration users in lower-level environments to Delete Journey Launch Rules configuration. This permission is not typically granted to users in a Production environment. |
| Journey Launch Control Edit | Ability to create and edit Journey Launch Controls configuration | Required by System Configuration users in lower-level environments to Delete Journey Launch Rules configuration. This permission is not typically granted to users in a Production environment. |
Journey Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Journey Configuration Edit | Ability to update tenant-wide journey configuration settings | Required by System Configuration users in lower-level environments to manage global journey behavior settings such as cancellation comment requirements. This permission is not typically granted to users in a Production environment. |
Journey Scheduler
| Permission Name | Description | Notes |
|---|---|---|
| Journey Scheduler Access | Ability to access the Journey Scheduler feature | Required by System Configuration users in lower-level environments to access the Journey Scheduler Feature. Generally, only provided to Application Support Teams in a Production environment. It is necessary for a user to have this Permission to make use of the other permissions for this Domain via the UI. |
| Journey Scheduler Edit | Ability to create new Journey Schedules and update existing Journey Schedules | Required by System Configuration users in lower-level environments to create new Journey Schedules as well as make changes to existing Journey Schedules in Fenergo SaaS. This permission is not typically granted to users in a Production environment. |
| Journey Scheduler Delete | Ability to delete existing Journey Schedules | Required by System Configuration users in lower-level environments to delete existing Journey Schedules. This permission is not typically granted to users in a Production environment. |
| Journey Scheduler Approve | Ability to approve a Journey Scheduler that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Journey Schedule. This permission is not typically granted to users in a Production environment. |
| Journey Scheduler Archive | Ability to archive a Journey Schedule version | Required by System Configuration users in lower-level environments to archive a Journey Schedule. This permission is not typically granted to users in a Production environment. |
Localisation
| Permission Name | Description | Notes |
|---|---|---|
| Localisation Access | Ability to access the Localisation feature | Required by System Configuration users in lower-level environments to access the Localisation Feature. Typically, this is only provided to Application Support Teams in a Production environment. |
| Localisation Edit | Ability to interact with the Localisation feature including creating new Localisation versions and loading dictionaries | Required by System Configuration users in lower-level environments to create and modify Localisation configuraiton. This permission is not typically granted to users in a Production environment. |
| Localisation Approve | Ability to approve a Localisation version that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Localisation version. This permission is not typically granted to users in a Production environment. |
| Localisation Archive | Ability to archive a Localisation version | Required by System Configuration users in lower-level environments to archive a Localisation version. This permission is not typically granted to users in a Production environment. |
| Localisation Delete | Ability to delete a Localisation version or full record | Required by System Configuration users in lower-level environments to delete a Localisation version or full record. This permission is not typically granted to users in a Production environment. |
Logging Centre
| Permission Name | Description | Notes |
|---|---|---|
| Logging Centre Access | Ability to access Integration Logs | This permission allows users to access logs produced by integration services in Fenergo SaaS. Currently this is limited to Event Ingress DataImport messages. |
| Logging Centre Edit | Ability to configure Integration Logs | This permission allows users to change log settings (e.g. opt-in/out) used by integration services in Fenergo SaaS. |
Lookup Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Reference Data Editor Access | Ability to access the Reference Data feature | Required by System Configuration users in lower-level environments to access the Reference Data Feature. Typically, this is only provided to Application Support Teams in a Production environment, however in some cases this may be provisioned to business users to stay informed on the reference data being used across Production. Note: A user requires the 'Lookup Access' Permission to interact with the Reference Data feature. |
| Reference Data Editor Edit | Ability to interact with the Reference Data feature including creating new reference data lists, creating new drafts, editing drafts, deleting values from a draft and submitting drafts for approval | Required by System Configuration users in lower-level environments to create and modify Reference Data lists within the Reference Data Feature. This permission is not typically granted to users in a Production environment. Note: A user requires the 'Lookup Access' Permission to interact with the Reference Data feature. |
| Reference Data Editor Approve | Ability to approve a Reference Data List version that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Reference Data list version. This permission is not typically granted to users in a Production environment. Note: A user requires the 'Lookup Access' Permission in order to properly interact with the Reference Data feature. |
| Reference Data Editor Archive | Ability to archive a Reference Data List version | Required by System Configuration users in lower-level environments to archive a Reference Data List version. This permission is not typically granted to users in a Production environment. Note: A user requires the 'Lookup Access' Permission to interact with the Reference Data feature. |
| Reference Data Editor Delete | Ability to delete a Reference Data list version or full record | Required by System Configuration users in lower-level environments to delete a Reference Data List version or full record. This permission is not typically granted to users in a Production environment. Note: A user requires the 'Lookup Access' Permission to interact with the Reference Data feature. |
Naratives Access/Management
| Permission Name | Description | Notes |
|---|---|---|
| Naratives Access | Ability to view the Narratives tab on the Entity Profile Page | Required for anyone who should be able to view or provide narratives |
| Compliance Narratives Access | Ability to view the 'Compliance Narratives' section (and any added narratives via the eye button) within the Narratives tab of the EPP | Required for anyone who should be able to view 'Compliance Narratives' |
| Compliance Narratives Create | Ability to see the 'Add' button and create new 'Compliance Narratives' | Required for any client facing users who will interact with clients on compliance matters |
| Compliance Narratives Edit | Ability to see the edit button (pencil) and use it to edit existing 'Compliance Narratives' | Required for any client facing or Compliance Manager users who may need to adjust an existing 'Compliance Narrative' |
| Compliance Narratives Delete | Ability to see the delete button (bin/trash) and use it to delete existing 'Compliance Narratives' | Required for any client facing or Compliance Manager users who may need to delete an existing 'Compliance Narrative' |
| Business Narratives Access | Ability to view the 'Business Narratives' section (and any added narratives via the eye button) within the Narratives tab of the EPP | Required for anyone who should be able to view Business narratives |
| Business Narratives Create | Ability to see the 'Add' button and create new 'Business Narratives' | Required for any client facing users who will interact with clients on Business matters |
| Business Narratives Edit | Ability to see the edit button (pencil) and use it to edit existing 'Business Narratives' | Required for any client facing or Business Manager users who may need to adjust an existing 'Business Narrative' |
| Business Narratives Delete | Ability to see the delete button (bin/trash) and use it to delete existing 'Business Narratives' | Required for any client facing or Business Manager users who may need to delete an existing 'Business Narrative' |
Policy Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Policy Configuration Access | Ability to access the Policy Configuration feature including the Policy search feature | Required by System Configuration users in lower-level environments to access the Policy Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Policy Configuration Edit | Ability to interact with the Policy Configuration feature including creating new Policies, editing drafts and submitting policy drafts for approval | Required by System Configuration users in lower-level environments to create and modify Policies within the Policy Configuration Feature. This permission is not typically granted to users in a Production environment. |
| Policy Configuration Approve | Ability to approve a Policy version that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Policy version. This permission is not typically granted to users in a Production environment. |
| Policy Configuration Archive | Ability to archive a Policy version | Required by System Configuration users in lower-level environments to archive a Policy version. This permission is not typically granted to users in a Production environment. |
| Policy Configuration Delete | Ability to delete a Policy version or full record | Required by System Configuration users in lower-level environments to delete a Policy version or full record. This permission is not typically granted to users in a Production environment. |
Portal
| Permission Name | Description | Notes |
|---|---|---|
| Portal Configuration Access | Ability to access the Portal Configuration feature | Required by System Configuration users in lower-level environments to access the Portal Configuration Feature. This permission is not typically granted to users in a Production environment. |
| Portal Configuration Edit | Ability to edit the Portal Configuration feature | Required by System Configuration users in lower-level environments to make changes within the Portal Configuration Feature. This permission is not typically granted to users in a Production environment. |
| Portal User Administration | Ability to update and create portal users and link relevant legal entities they can have access to through portal | Required by System Configuration users in lower-level environments to make updates to the portal user pool, they can create, edit and inactivate users. The can also edit the Legal Entities linked to each user. This permission is not typically granted to users in a Production environment. |
| Portal Administration User Delete | Ability to delete portal users from the portal database | Required by System Configuration users in lower-level environments to remove portal users. This permission is not typically granted to users in a Production environment |
Product Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Product Configuration Access | Ability to access the Product Configuration | Required by System Configuration users in lower-level environments to access the Product Configuration. Generally, only provided to Application Support Teams in a Production environment. |
| Product Configuration Approval | Ability to approve a Product Requirement Set version that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Requirement Set version. This permission is not typically granted to users in a Production environment. |
| Product Configuration Archive | Ability to archive a Requirement Set version | Required by System Configuration users in lower-level environments to archive a Requirement Set version. This permission is not typically granted to users in a Production environment. |
| Product Configuration Delete | Ability to delete a Product Requirement Set version or full record | Required by System Configuration users in lower-level environments to delete a Product Requirement Set version or full record. This permission is not typically granted to users in a Production environment. |
| Product Configuration Edit | Ability to interact with the Product Configuration feature including creating new Product Requirement Sets, editing drafts and submitting drafts for approval | Required by System Configuration users in lower-level environments to create and modify Requirement Sets within Product Configuration. This permission is not typically granted to users in a Production environment. |
Review Journey Scheduling Configuration & Access
| Permission Name | Description | Notes |
|---|---|---|
| Review Journey Scheduling Access | Ability to access the Review Journey Scheduling feature | Required by System Configuration users in lower-level environments. Generally, only provided to Application Support Teams in a Production environment. It is necessary for a user to have this Permission to make use of the other permissions for this Domain via the UI. |
| Review Journey Scheduling Edit | Ability to create and update Scoping rules within Review Journey Scheduling | Required by System Configuration users in lower-level environments. This permission is not typically granted to users in a Production environment. |
| Review Journey Scheduling Delete | Ability to delete existing Review Journey Scheduling Scoping Rule instances and drafts | Required by System Configuration users in lower-level environments. This permission is not typically granted to users in a Production environment. |
| Review Journey Scheduling Approve | Ability to submit and approve a Review Journey Scheduling Scoping rule for publication | Required by System Configuration users in lower-level environments. This permission is not typically granted to users in a Production environment. |
| Review Journey Scheduling Archive | Ability to archive a Review Journey Scheduling Scoping rule version | Required by System Configuration users in lower-level environments. This permission is not typically granted to users in a Production environment. |
| Scheduled Review Access / Journey Access | Ability to view Scheduled Reviews via Review query API and via the Entity Profile Page | Required by operational users to view Scheduled Reviews. Most users will already have Journey Access and will not require additional permissions to view Scheduled Reviews. |
| Scheduled Review Edit | Ability to create or update scheduled reviews via Review command APIs | Required by systems or technical users to manage Scheduled Reviews directly. |
| Scheduled Review Delete | Ability to delete scheduled reviews via Review command APIs | Required by systems or technical users to manage Scheduled Reviews directly. |
Risk Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Risk Configuration Access | Ability to access the Risk Configuration feature | Required by System Configuration users in lower-level environments to access the Policy Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Risk Configuration Edit | Ability to interact with the Risk Configuration feature including creating new risk models, editing risk models, submitting risk models for approval and modifying scoping rules | Required by System Configuration users in lower-level environments to create and modify Risk related content within the Risk Configuration Feature. This permission is not typically granted to users in a Production environment. |
| Risk Configuration Approve | Ability to approve a Risk model version that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Risk model version. This permission is not typically granted to users in a Production environment. |
| Risk Configuration Archive | Ability to archive a Risk model version | Required by System Configuration users in lower-level environments to archive a Risk model version. This permission is not typically granted to users in a Production environment. |
| Risk Configuration Delete | Ability to delete a Risk model version or full record | Required by System Configuration users in lower-level environments to delete a Risk model version or full record. This permission is not typically granted to users in a Production environment. |
Screening Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Screening Configuration Access | Ability to access the Screening Configuration feature | Required by System Configuration users in lower-level environments to access the Screening Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Screening Configuration Edit | Ability to interact with the Screening Configuration feature including modifying the credentials of the screening provider and adjusting list settings | Required by System Configuration users in lower-level environments to modify Screening configuration. This permission is not typically granted to users in a Production environment. |
| Screening Configuration Create | Ability to create a new configuration for a screening provider | Required by System Configuration users in lower-level environments to create Screening configuration. This permission is not typically granted to users in a Production environment. |
| Screening Configuration Delete | Ability to delete an existing configuration for a screening provider | Required by System Configuration users in lower-level environments to create Screening configuration. This permission is not typically granted to users in a Production environment. |
| Screening Configuration Archive | Ability to archive an existing screening scoping rule | Required by System Configuration users in lower-level environments to create Screening Scoping Rules configuration. This permission is not typically granted to users in a Production environment. |
| Screening Configuration Approve | Ability to approve an existing screening scoping rule | Required by System Configuration users in lower-level environments to create Screening Scoping Rules configuration. This permission is not typically granted to users in a Production environment. |
| Screening Create | Ability to create a screening batch | Required by System Configuration users who will be creating screening requests. |
| Screening Access | Ability to access a screening batch | Required by System Configuration users who will be accessing screening results. |
| Screening Edit | Ability to edit a screening batch | Required by System Configuration users who will be editing screening results. |
Shared Data Template Configuration
| Permission Name | Description | Notes |
|---|---|---|
| Shared Data Template Access | Ability to access the Shared Data Template feature. | This is a requisite permission that must be assigned in order for the other Shared Data Template permissions to be usable. |
| Shared Data Template Edit | Ability to edit existing draft versions of Shared Data Templates. | Required by System Configuration users in lower-level environments to edit Shared Data Template draft configuration. This permission is not typically granted to users in a Production environment. |
| Shared Data Template Create | Ability to create new draft versions Shared Data Templates. | Required by System Configuration users in lower-level environments to create Shared Data Template configuration. This permission is not typically granted to users in a Production environment. |
| Shared Data Template Delete | Ability to delete an existing configuration for Shared Data Templates | Required by System Configuration users in lower-level environments to delete Shared Data Template configuration. This permission is not typically granted to users in a Production environment. |
| Shared Data Template Approve | Ability to approve a Risk model version that is submitted for publication | Required by System Configuration users in lower-level environments to approve a Shared Data Template version. This permission is not typically granted to users in a Production environment. |
| Shared Data Template Archive | Ability to archive a Shared Data Template version. | Required by System Configuration users in lower-level environments to archive a Shared Data Template version. This permission is not typically granted to users in a Production environment. |
Webhooks
| Permission Name | Description | Notes |
|---|---|---|
| Access to Webhook | Ability to access the Webhooks UI. | This is a requisite permission that must be assigned in order for the user to access the Webhooks UI. This permission it typically provided to a configuration user in a lower level environment or a Production Support user in Production. |
| Manage Webhook | Ability to create, edit and delete Webhooks | Required by System Configuration users in lower-level environments to create, edit and delete Webhook configuration. This permission is typically granted to specifed technical users in Production in order to set up Webhooks in that environment. |
Operational Permissions
Association
| Permission Name | Description | Notes |
|---|---|---|
| Association Access | Ability to view the Hierarchy graphical representation within the UI | Users with this permission will be able to view an entity's associations with other entities. This will allow them to see an entity's hierarchy and related parties in the relevant screens. |
| Association Edit | Ability to add or edit an entity association | Users with this permission will have the ability to create and edit a draft association only. In order to verify/approve the associations, they need "Association Verification" permission. |
| Association Delete | Ability to delete an entity association | Users with this permission will have the ability to delete a draft association or to mark a verified association for deletion. In order to verify/approve the associations, they need "Association Verification" permission. |
| Association Edit & Delete | Ability to interact with (add/edit/remove) the association graphical representation within the UI. | Users with this permission will have the ability to create, edit and delete a draft association or to mark a verified association for deletion - ultimately, they will have the ability to interact with the related parties grid in the Related Parties task. To verify/approve the associations, they need "Association Verification" permission. Previously this permission was labelled as "Association Edit" |
| Association Edit & Partial Delete | Ability to interact with (add/edit/remove) the association graphical representation within the UI, without the ability to remove ALL associations between a source and target entity. | This permission is identical to Association Edit & Delete in terms of API permissions, however in the UI it does not include the ability to remove all associations between a source and target entity. |
| Association Edit & Link Only | Ability to add entity associations but only link to existing entities, restricting the ability to create new entities as part of the process. | Users granted with this permission AND not granted with "Association Edit", "Association Edit & Delete" or "Association Edit & Partial Delete", will have the ability to create new associations but will not see the 'Create New' option within the modal and therefore can only link to existing entities returned by the Search. |
| Association Verification | Ability to overwrite a verified record's hierarchy from a newer draft's version | Users with this permission will have the ability to set a draft association to be verified. When the feature is available, it will also allow them to manage any conflict between draft and verified associations and resolve these before verifying associations in a journey. |
Audit
| Permission Name | Description | Notes |
|---|---|---|
| Audit Access & Search | Ability to access and search from the Audit Trail feature (both Entity and Journey level) | Typically assigned to operational users who are entitled to review the Audit history of an entity or journey |
Comments
| Permission Name | Description | Notes |
|---|---|---|
| Access to Comments | Ability to access Comments (launch the Comments shelf) | This permission allows users to access the comments shelf wherever it is contained in the system (e.g. from within a Journey). This permission is typically provided to operational users who are responsible for working on Clients and are permitted to view Comments. |
| Create a Comment Thread | Ability to create a new Comment thread (create a new comment) | This permission allows users to create new Comments from any of the contexts where the Comments shelf is contained. This permission is typically provided to operational users who are responsible for working on Clients, are permitted to view Comments and are expected to leave Comments related to the Client. |
| Delete Any Comment | Ability to delete any Comment or Reply to a Comment (made by any user) | This permission allows users to Delete any Comment or Reply to a Comment within Fenergo SaaS. This permission is typically reserved to trusted users who are permitted to remove Comments or Replies that were created by other Users. |
| Delete Your Own Comments | Ability to delete Comments or Replies that you created | This permission allows users to Delete any Comment or Reply to a Comment within Fenergo SaaS. This permission is typically provided to all users who are responsible for working on Clients, are permitted to view Comments and are expected to leave Comments related to the Client so that they can remove a comment created in error. |
| Reply to a Comment Thread | Ability to Reply to a Comment thread | This permission allows users to Reply to any Comment thread from any of the contexts where the Comments shelf is contained. This permission is typically provided to operational users who are responsible for working on Clients, are permitted to view Comments and are expected to Reply to Comments related to the Client. |
Conflict Resolution
| Permission Name | Description | Notes |
|---|---|---|
| Conflict Resolution Access | Ability to access the conflict resolution task | Users with this entity permission will be able to open the conflict resolution task that is in a journey. |
| Conflict Resolution Edit | Ability to access, review & select the coorect data to resolve the conflicts inside the task | Users with this permission will be able to use the radio buttons in the data conflict task to select which data they want to take into the entity draft. Users will need to have the conflict resolution access permission to use this one. |
| Product Conflict Resolution Access | Ability to access the Products tab in the Conflict Resolution task | Users with this product permission will be able to view the detail in the Products tab within the Conflict Resolution task that is in a journey. |
| Product Conflict Resolution Edit | Ability to select the correct data and resolve the product conflicts inside the Products tab of the task | Users with this permission will be able to use the radio buttons in the Products tab of the Conflict Resolution task to select which data they want to take into the product draft and to resolve the product conflict detected. Users will need the Product Conflict Resolution Access permission to use this permission. |
Dashboards
| Permission Name | Description | Notes |
|---|---|---|
| Task Dashboard Access | Ability to access the Task Dashboard in the UI | Users with this permission will be able to view and interact with the Task Dashboard. This permission is typically provided to all operational users involved with CLM activities within the system. |
| Team Management Dashboard Access | Ability to access the Team Management Dashboard in the UI | Users with this permission will be able to view and interact with the Team Management Dashboard. This permission is typically provided to operational users with workload management and tracking responsibilities. |
| Data Protection Dashboard Access | Ability to Access the Data Protection Dashboard | This permission allows users to access the Data Protection dashboard which is used to review and action entities that have been identified in the system through an Entity Check. This permission is typically provided to operational users who are responsible for Offboarding entities in the system. |
Digital ID&V
| Permission Name | Description | Notes |
|---|---|---|
| Digital ID&V Access | Ability to open the Fenergo Native Digital ID&V task or view the Digital ID&V panel when working with Associations | Users with this permission can access and view the results of the Fenergo Native Digital ID&V task and view the digital ID&V panel when interacting with associations. |
| Digital ID&V Approve Or Reject | Ability to approve or reject an ID&V result | Users with this permission can select the Approve or Reject button in the Fenergo Native ID&V task and provide commentary to support their decision. |
| Digital ID&V Create | Ability to initiate the Digital ID&V request from Fenergo SaaS to Jumio | Users with this permission will be initiate a Digital ID&V request to Jumio and will be able to complete the Digital ID&V steps on Fenergo SaaS. |
Document Management
| Permission Name | Description | Notes |
|---|---|---|
| Document Management Access | Ability to access the document task and view documents | Users with this permission will be able to see all document requirements and linked documents for any entity they have access to. They will also be able to view a document's metadata and open the document viewer to see the document itself. |
| Document Management Create | Ability to upload documents, add metadata, and submit a request for approval/waive/deferral | Users with this permission will be able to upload a document and populate any document metadata as part of the upload process. Additionally they will be able to update the document requirement status to Pending, Approval, Waive Requested or Deferral Requested. |
| Document Management Edit | Ability to edit document metadata | Users with this permission will be able to edit the metadata of an existing document. |
| Document Management Delete | Ability to delete documents | Users with this permission will be able to delete a document which has previously been uploaded. |
| Document Management Approve | Ability to approve or reject document requirements | Users with this permission will be able to Approve or Reject any documents requirements with a status of Pending Approval, or Reject any documents with a status of Waive Requested or Deferral Requested. |
| Document Management Defer or Waive | Ability to defer or waive document requirements | Users with this permission will be able to Approve any document requirements with a status of Waive Requested or Deferral Requested. In order to Reject document requirements with these statuses, the user must have the Document Management Approve status. |
| Document Management Send for Signature | Ability to request signature for document requirements | Users with this permission will be able request eSignature for any document requirement. This permission should not be used when eSignature is not enabled for a client's tenant. |
Entity Data
| Permission Name | Description | Notes |
|---|---|---|
| Entity Data Access & Search | Ability to search and access entity records | Required for all operational users who are involved with CLM activities within the system. |
| Entity Data Edit | Ability to create and edit entity draft records | Required for operational users who will be starting new journeys or editing entity data in a journey. |
| Entity Data Approve | Ability to approve or reject entity drafts to create new verified entities | Required for operational users who are involved in approving or rejecting the entity draft records at the end of a journey. |
| Change Entity Draft Access Layers | Ability to modify the Access Layers of an entity, as seen in the Journey Hub under the 'Change Entity Draft Access Layer' option | Required for users who are authorized to modify Access Layers on an entity. Note, an Entity can only have it's Access Layers modified from an in-progress Journey from interacting with the 'three dots' action button |
Entity Group Management
| Permission Name | Description | Notes |
|---|---|---|
| Entity Group Management Access & Search | Ability to search and access entity group records | Required for all operational users who are involved with managing and interacting with entity groups within the system. |
| Entity Group Management Edit | Ability to create and edit entity group records | Required for operational users who will be creating new Groups responsible for editing groups. |
External Data
| Permission Name | Description | Notes |
|---|---|---|
| External Data Access | Ability to view the External Data results from the External Data Provider | Users with this permission will be able to view the search results within the External Data task and be able to select an entity they wish to request the full profile for. |
| External Data Approve | Ability to initiate the Import of entities/data from the External Data Provider to Fenergo SaaS | Users with this permission will be able to Import records from the External Data provider to Fenergo SaaS. |
ID&V
| Permission Name | Description | Notes |
|---|---|---|
| ID&V Access | Ability to view the section containing ID&V fields within the UI | Required for all operational users who are involved with ID&V related CLM activities within the system. |
| ID&V Edit | Ability to edit the fields within the ID&V section in the UI | Required for all operational users who are involved with ID&V related CLM activities within the system. |
| ID&V Delete | Ability to delete values from the ID&V section in the UI | Required for all operational users who are involved with ID&V related CLM activities within the system. |
Integration Flows
| Permission Name | Description | Notes |
|---|---|---|
| Flow Task Retry | Ability to rerun a failed Flow Execution from the Flow Journey Task | Required by users who are authorized to retry a Flow Execution from within a Journey. |
| Flow Task Close | Ability to close Flow Journey Task | Required by users who are authorized to manually close a Journey in the event that the execution fails. Normally the Flow task would automatically closed by the execution completing successfully. In some scenarios it may be necessary to manually bypass a failing integration. Consider assigning to an elevated users. |
| Flow Execution Read | Ability to view the Flow tab in Integration Hub | This permission allows users to review Flow Executions in Integration Hub. Users who don't have this permission will not see the Flows tab. |
| Flow Execution Details Read | Ability to view Flow Execution Details from Integration Hub or Flow Studio | This permission allows users to access the Execution Details page to review attempts, Step Logs, and Flow Logs. |
| Flow API Trigger | Ability to initiate an API Flow | This permission is required to trigger an API Flow either via the 'Execute' button in FlowStudio -> Flow -> Executions tab, or directly via the API. Note - this does not affect Flows triggered via the Custom Auth API Endpoint. |
| Persisted Storage Access | Ability to access Persisted Storage tab and list files | This permission is required to view the list of files stored on disk. |
| Persisted Storage Get Record | Ability to view the contents of a NotSensitive file. | This permission is required to view contents of files marks as 'NotSensitive'. |
| Persisted Storage Get Sensitive Record | Ability to view the contents of a Sensitive file. | This permission is required to view contents of files marks as 'Sensitive'. Sensitive files contain sensitive data, consider assigning this to an elevated user who should have access to sensitive data. |
| Persisted Storage Delete Record | Ability to delete a file in Storage. | This permission is required to delete a file from the Persisted Flows tab in Flow Studio. |
Journey
| Permission Name | Description | Notes |
|---|---|---|
| Journey Access | Ability to access an instance of a journey, to be able to view the Journey Hub and interact with the tasks that make it up | Required for all operational users who are involved with CLM activities within the system. |
| Journey Cancel | Ability to cancel a journey, as seen in the Journey Hub as the 'Cancel Journey' option from interacting with the 'three dots' action button | Required for users who are authorized to cancel a Journey. |
| Journey Edit | Ability to Complete tasks | This is separate to permissions for process screening or update client data. For those, we are updating data within the relevant domain. This permission allows us to update the task itself (i.e., to change the task status). |
| Journey Create | Ability to access the New Request screen to create a Journey and the ability to interact with the Launch Journey button in the UI | Provisioned to all operational users requiring the ability to initiate Journeys on entities in the system. |
| Completed Task Access | Ability to access a completed task within a Journey regardless of the Team the task is assigned to | Provisioned to operational users requiring access to review previously completed tasks that are assigned to a Team that the user is not a member of. This permission is typically provided to Audit, QC, QA Teams. |
| Journey Reassign Task Owner & Team | Ability to reassign the Team and Owner of a Task within the Journey Hub | Provisioned to operational users requiring the ability to reassign the assigned Team and Owner of tasks within a journey. In some circumstances an organization may wish to restrict this permission only to trusted users. Note, a user requires access to the team that the task is assigned to in order to reassign the task. Previously, this permission was labelled as "Task Reassign". |
| Journey Reassign Read Only Task | Ability to reassign the Team and Owner of a Task within the Journey Hub while having read only access to the Task. | Provisioned to operational users requiring the ability to reassign the assigned Team and Owner of tasks within a journey but can only view the task in a read-only format. In some circumstances an organization may wish to restrict this permission only to trusted users. Note, a user requires access to the team that the task is assigned to in order to reassign the task. Previously, this permission was labelled as "Task Reassign". |
| Journey Reassign Task Owner Only | Ability to reassign the Owner of a Task within the Journey Hub | Provisioned to operational users who are required to only have the ability to assign or reassign the Owner of tasks within a journey. In some circumstances an organization may wish to restrict this permission only to trusted users. Note, a user requires access to the team that the task is assigned to in order to reassign the task. |
| Journey Reassign Task Owner, No Task Access | Ability to reassign the Owner of a Task within the Journey Hub, without having the ability to click into that task and see the data | Provisioned to operational users who are required to only have the ability to assign or reassign the Owner of tasks within a journey but do not have permission to view the Entity Data being captured within that Task in the Journey. |
| Journey Reopen Task | Ability to reopen a completed task within an active journey | Provisioned to operational users requiring the ability to reopen completed tasks within a journey. In some circumstances an organization may wish to restrict this permission only to trusted users. |
| Change Journey Access Layers | Ability to modify the Access Layers of a journey, as seen in the Journey Hub under the 'Change Journey Access Layer' option from interacting with the 'three dots' action button | Required for users who are authorized to modify Access Layers on an in-progress Journey. Note, a Journey can only have it's Access Layers modified when it is in -progress Journey. |
| Journey Pause Task | Ability to Pause a Task in the Journey Hub | This permission allows users to pause and unpause a Task that is in progress and has SLA configuration against it. This permission is typically provided to operational users who are responsible for working on Clients, and that require the ability to pause a Task to prevent the SLA being breached. |
| Journey Pause Stage | Ability to Pause a Stage in the Journey Hub | This permission allows users to pause and unpause a stage that is in progress and has SLA configuration against it. This permission is typically provided to operational users who are responsible for working on Clients, and that require the ability to pause a Stage to prevent the SLA being breached. |
| Journey Pause Instance | Ability to Pause a Journey in the Journey Hub | This permission allows users to pause and unpause a Journey that is in progress and has SLA configuration against it. This permission is typically provided to operational users who are responsible for working on Clients, and that require the ability to pause a Journey to prevent the SLA being breached. |
Lookup
| Permission Name | Description | Notes |
|---|---|---|
| Lookup Access | Ability to return Lookup values in the system | Provisioned to all operational users requiring List of Value dropdowns to be returned in the UI. Provisioned to all configuration users requiring List of Value dropdowns to be returned in the UI for the purpose of configuration. Generally provided to all system users unless an organization has a specific user class that is not required to see any entity data within the application (e.g. Application Support Teams). |
Policy Search and Journey
| Permission Name | Description | Notes |
|---|---|---|
| Policy Search and Requirement Scope | Ability to view and interact with the policy requirements in scope for a journey | Provisioned to all operational users requiring policy driven attributes to be returned in the UI. Generally provided to all system users unless an organization has a specific user class that is not required to see any entity data within the application (e.g., Application Support Teams). |
Product
| Permission Name | Description | Notes |
|---|---|---|
| Product Access & Search | Ability to search and access product records | Required for all operational users who are involved with CLM (Client Lifecycle Management) activities within the system. |
| Product Approve | Ability to approve or reject product drafts and to create new verified entities. | Required for operational users who are involved in approving or rejecting product records at the end of a journey. |
| Product Edit | Ability to create and edit product draft records | Required for operational users who will be editing a product in a journey. |
| Product Offboarding | Ability to select an active product for offboard, or an offboarded product for re-onboard, and creates a new draft record. | Required for operational users who will be marking products as end of life within a journey, or returning a product from offboarded status within a journey. |
| Product Requirement Scope | Ability to view and interact with the requirements in scope. | Required for operational users who are interacting with products in a journey and will not have configuration permissions. |
Proposed Changes
| Permission Name | Description | Notes |
|---|---|---|
| Proposed Changes Access | Ability to access the Proposed Changes task | Provisioned to operational users required to interact with the Proposed Changes task in the journey. Generally provided to all operational users. |
| Proposed Changes Edit | Ability to make changes by selecting desired data to proceed with during the Proposed Changes task | Provisioned to operational users trusted to apply data decisions within the Proposed Changes task in the journey. |
Reporting
| Permission Name | Description | Notes |
|---|---|---|
| Reporting Access | Allows users to access Advanced Reporting and Legacy Reporting. For advanced reporting, they can see saved queries and the SQL behind them. For legacy reporting, they can run all OOTB reports. | This permission covers all functionality available in legacy reporting. This permission is typically provided to users who wish to interact with the Reporting feature from the UI. A user with this permission can generate all the available canned reports and access the Advanced Reporting feature. |
| Reporting Edit | Ability to create, edit, preview and save queries in the Advanced Reporting feature | This permission is typically provided to users trusted to interact with the Advanced Reporting feature from the UI. A user with this permission can make changes to any existing saved query. This permission does not allow users to execute reports. |
| Reporting Delete | Ability to delete saved queries in the Advanced Reporting feature | This permission is typically provided to users trusted to interact with the Advanced Reporting feature from the UI. A user with this permission can delete any existing saved query. |
| Reporting Execute | Ability to execute (run) saved queries and download reports in the Advanced Reporting feature | This permission is typically provided to users trusted to interact with the Advanced Reporting feature from the UI. A user with this permission can also preview reports before they are run. |
Risk
| Permission Name | Description | Notes |
|---|---|---|
| Risk Calculator Access | Ability to access and interact with the Risk Calculator feature | This permission is typically provided to users who wish to interact with the Risk Calculator from the UI. This permission is also required by services for engaging the Risk Calculate Endpoint. |
Screening
| Permission Name | Description | Notes |
|---|---|---|
| Screening Access | Ability to view screening data results within a screening task | Provisioned to all operational users requiring the ability to resolve screening results and set outcomes. Note: A user also requires the appropriate Journey Permissions to interact with screening tasks within a journey. |
| Screening Edit | Ability to set match resolution status, edit comments, and set materiality assessment fields within screening tasks | Provisioned to all operational users requiring the ability to resolve screening results and set outcomes. Note: A user also requires the appropriate Journey Permissions to interact with screening tasks within a journey. |
| Screening Create | Ability to create a new screening batch request | This permission is only applicable to the /api/batch endpoints and is not part of the front end user experience. Screening requests are automatically created by a system task as part of a journey. |
| Screening Delete | Ability to delete an existing screening batch | This permission is only applicable to the /api/batch endpoints and is not part of the front end user experience. |
| Screening Approve | Ability to approve or reject screening escalation tasks | The purpose of this permission is to offer a higher level of Approval for adjudicating and approving Screening decisions. This permission is not leveraged in baseline configuration. |
Transaction Monitoring
| Permission Name | Description | Notes |
|---|---|---|
| Alert Configuration Access | Ability to access the Alert Configuration Feature. | Required by administrator to access the alert metadata. |
| Alert Configuration Edit | Ability to edit the Alert Configuration Feature. | Required by administrator to update the alert metadata. |
| Alert Configuration Approve | Ability to approve an Alert Configuration. | Required by system configuration to approve updates to the alert metadata. |
| Alert Dashboard Access | Ability to access the Alert Dashboard page. | This permission will allow a user to see the Alert dashboard. |
| Alert Dashboard Configuration Edit | Ability to edit the Alert Dashboard columns- pending. | |
| Alert Access | Ability to access the alert. | This will allow a TM analyst to click through to an alert and see the details and transactions. |
| Whitelist Access | Ability to access the entity whitelist. | This will give a user access to the Entity Whitelist. |
| Whitelist Edit | Ability to edit an entity whitelist entry. | This will allow a user to add to or update the Entity Whitelist. |
| Whitelist Delete | Ability to delete an entity whitelist entry. | This will allow a user to remove a whitelist record. |
| Whitelist Approve | Ability to approve an entity whitelist entry. | This is required by users who should approve a whitelist added for an entity. |
| Entity Profile Transaction view | Ability to view transaction details for an entity. | This will allow a user to see all the transaction for an entity. |
| Transactions Api Access | Ability to use transactions api. | This allows a user to use the transaction API. |
| TM Risk Configuration Edit | Ability to edit risk configuration. | Required by system configuration to update the TM risk configuration. |
| TM Risk Configuration Access | Ability to access risk configuration. | Required by system configuration to access the TM risk configuration. |
| TM Risk Configuration Approve | Ability to approve risk configuration. | Required by administrator to approve the risk configuration, not typically granted to users in Production environment. |