# Overview

Modern Treasury offers role-based access controls, which enable you to define multiple roles and assign one or more to each user. Within each role, you can specify granular permissions granting view or edit access to various objects and workflows within the platform. Roles are also used for other workflows such as approvals.

# Roles

Roles are how Modern Treasury segments a user’s ability to access resources or execute specific actions through a roles-based authorization system. A user may belong to many roles within an organization, and they may access all resources and perform all actions allowed by the combined set of roles assigned to the user.

### **Types of Roles**

These default roles are a great place to start as you evaluate the users on the team and how to set the proper rules.

  • **Administrators:** Manage and Edit access for all permissions

  • **Developers:** Manage and Edit access for Developer Settings, Counterparties and Accounts; View Only access for Manage Organization

  • **Finance:** Manage and Edit Access for Counterparties and Accounts; View Only access for Manage Organization; No Access for Developer Settings

You can also add new roles that make sense for your organization.

### **Where to find Roles**

Navigate to the "Settings" section of the dashboard sidebar, and click on the "Roles" page. This is where you can manage your organization's Roles.

# Permissions

There are multiple permission domains that grant granular access to Modern Treasury. In general, you can assign the following levels to each permission:

  1. "Manage and Edit Access" - Users can create or edit resources in this domain.

  2. "View Only Access" - Users can only view the resources.

  3. "No Access" - Users cannot even see the resources.

## Permission Domains

### **Organization Level Permissions**

Organization Level Permissions allow for a user to have insights into the setup for Modern Treasury. With this level, there is visibility into:

  • Organization Settings, which include aspects like the organization’s name, email settings, NSF protection

  • User and Role Management. For users with manage and edit access, they can create, update, and delete users and roles.

  • Approval Rules for payment orders

  • Notification Management

  • Audit Trail Access

We recommend Admins of Modern Treasury have Manage and Edit access to the Organization Level Permissions.

### **Developer Permissions**

Developer Permissions allow for a user to have insights into API Keys and Configuration, Webhooks, Events, and API Logs.

### **Counterparties Permissions**

Counterparty Permissions allow for a user to have access to counterparty detail information as well as submitting invitations to be paid/charged. This does not allow you to add an account for the counterparty.

### **External Accounts Permissions**

External Account Permissions allow for a user to add or edit the external account details of a counterparty. This permission should be assigned to those setting up customers to be paid or charged. Partial view access only displays the last four digits of account numbers.

### **API Keys Permissions**

API Keys Permissions provide allow users to manage, view, and edit API Keys, ensuring that only authorized individuals can make changes and safeguarding your system's security.

These users also require Developer Settings permissions.

### **Ledgers** **Permissions**

Ledgers Permissions allow you to add or edit Ledgers data within Modern Treasury.

### Compliance Permissions

Compliance Permissions allow you to manage, view, and edit Compliance data such as Cases, Decisions, and User Onboardings.

### **Accounts Permissions**

Accounts Permissions allow a user to have access to their organization’s bank accounts. With this permission, a user will be able to view and manage payment orders, account balances, transactions, expected payments, paper items, and returns. You also have the ability to approve payment orders for accounts you have access to.

A role can be granted access to all accounts. The benefit of this setup is that when future accounts are added, the role will also have access. However, if you want to only grant access to certain accounts, that can be configured as well.

A user can create and approve payment orders out of an account **so long** **as** they have “Manage, Review, and Edit” permissions on the specific account associated with the payment order. If they create the payment order, however, they will not be able to approve their own payment order. The only way to override this behavior is described below under “Overriding the Approval Queue.”

# **Special Considerations**

## **Overriding the Approval Queue**

If a user has the “Manage and Edit” permission level on the organization, they are allowed to approve any payment order, even if they create it themselves. Although we typically don’t recommend setting up your roles this way, it can be beneficial if you are a small company or want a particular type of user (i.e., your CEO) to be able to bypass the rules. These actions will still be tracked.

## **Viewing Paper Items and Returns Without an Internal Account**

Modern Treasury may import data about a Return or Paper Item that references a bank account that Modern Treasury is not linked to at the bank. In these cases, a user may view the created Return or Paper Item object if that user has at least the global “View Only” permission on the Accounts domain.

## Viewing Full Audit Trail

Only users who have “Manage and Edit” permissions for the organization will have access to the full audit trail. The audit trail can be found by navigating to Settings > Audit Trail.