Skip to main content

Managing roles and permissions

We offer Identity and Access Management (IAM) control to allow you to manage user accounts by assigning roles.

When inviting new users (for example your team members) to join your organisation, you specify what roles to assign to them based on what tasks they are responsible for.

This is relevant to you if you are the Dashboard administrator. You can administer who has access to your accounts and organisations in the Signicat Dashboard and what permissions they have.

About roles and permissions

Roles are groups of permissions that you can assign to users or API/machine clients (we refer to these entities collectively as principals).

Permissions allow principals to perform specific actions on Signicat resources, such as the ability to access an API, view invoices or invite other users. To make permissions available to principals, you grant roles to the principals.

We divide roles into the following basic types:

A role contains one or more permissions, which offer a granular way of specifying rights. There can be multiple roles with the same permissions.

Organisation and Account Admin

An Organisation Admin has all the permissions for the organisation, and all the accounts belonging to that organisation.

An Account Admin has all the permissions for a given account but not for the overlying organisation.

Some roles apply to a particular product or service, whereas the Organisation Admin role has access to all products in the Signicat Dashboard.

Grant access

You give access to use resources by assigning specific roles to your users and API/machine clients (collectively referred to as principals). You can also control the scope by deciding whether to assign a role at the organisation or account level.

You can assign or remove roles to a principal in the Signicat Dashboard. To grant access to an existing principal, do the following:

  1. In the Signicat Dashboard, navigate to Access Management > Permissions.
  2. Select Grant access in the top right.
  3. In the "Grant access" form, configure:
  4. Click Save to apply the changes.
Note

Users must log in again to view and use a new role.

Which roles to assign

You control users access to resources with roles. In the following table, you can find some recommendations for common scenarios.

* Lowest level where you can grant the role.

Usage guidelines

You can view, search and sort roles in the Dashboard > Access Management > Roles.

To view the details and definition of a role, do the following.

  1. Go to Access Management > Roles.
  2. Here, select the role name, for example "Account Admin".
  3. In the "Account Admin" page, you can view the following fields:
    • Name: The name of the role
    • Id: Identifier of the role
    • Description: Additional information explaining the role function.
    • Category: The class a role belongs to.
    • Permissions: A list of all permissions associated with the role.

Remove access

To remove access for a principal:

  1. Go to Access Management > Permissions.
  2. Hover over the row of the principal you want to remove access for and click Edit.
  3. In the "Edit access" overview, click Remove access. On the confirmation dialog, approve the changes to remove all the roles assigned to the principal.
  4. To only remove access for specific roles, select the bin icon next to a role in the Roles section. Then, Save at the bottom of the "Edit access" overview.

Advanced information

Roles hierarchy

Assigning a role to a user for a specific account or organisation impacts the way a user can access resources at the account or organisation level.

Imagine you have configured the following in the Dashboard:

Example configuration
  • Organisation 1
    • Account A
    • Account B
  • Organisation 2
    • Account C

Scenario 1

If a user is assigned role X on Organisation 1, they will also receive the same role for any sub-level, such as Account A and Account B. The user will not receive any role on Organisation 2 or Account C.

Scenario 2

If a user is assigned role X on Account A, they will not receive the same role for Organisation 1 and Account B.

Granting access at the account level limits user access to the resources of the account.

Tutorial video

How to invite users and set permissions

This tutorial video shows you how to invite users, set roles and set permissions in the Signicat Dashboard.

Last updated:
On this page