Permission roles
Fintoc's dashboard contains sensitive information and lets your organization move money. Fintoc provides a granular permission system so administrators control exactly which information and actions each user can access.
Fintoc's dashboard holds sensitive information and lets your organization move money. To control who can do what, Fintoc provides a granular permission system built on three concepts: permissions, access levels, and roles. This page explains each concept and lists every permission you can grant.
Permissions
A permission controls a single action on a single resource. A resource is an area or feature of the dashboard, such as API keys, payments, or transfers. Fintoc groups permissions into five categories: Payment initiation, Treasury, Reconciliation, Developers, and Administration.
Access levels
Each resource grants one of four access levels. The levels are cumulative: Manage includes everything in Read.
- None: No access to the resource.
- Read: See the resource's information without making changes.
- Manage: Create, edit, and delete, in addition to everything in Read.
- Authorize: Approve or reject an action that another team member started. Only transfers use this level, through a maker/checker flow.
Roles
A role is a predefined bundle of permissions that matches a common job function. Assign a role to a user as a starting point, then adjust that user's individual permissions when the role does not fit.
Fintoc provides five predefined roles:
- Admin: Every permission, including team management, billing, organization settings, and IP restrictions.
- Developer: Full access to API keys, webhooks, and JSON Web Signature (JWS) public keys, plus read-only access to payments and reconciliation.
- Operations: Manage links and refunds, plus read-only access to payments, payouts, and subscriptions.
- Finance and Accounting: Read-only access to payments, payouts, subscriptions, and reconciliation.
- Support: Read-only access to payments and subscriptions, plus the ability to refund payments.
You cannot grant the Admin role from the dashboard. To assign it to a user, contact your Sales or Customer Success representative, or reach out through the chat.
Permissions by category
The tables below list the resources in each category and the access levels you can grant for each one.
Payment initiation
These resources cover collecting and paying out money:
| Resource | Available access levels |
|---|---|
| Payments | Read |
| Refunds | Manage |
| Payouts | Read |
| Subscriptions | Read |
| Charges | Read |
| Customers | Read |
Treasury
No predefined role includes Treasury permissions; assign them to individual users. Transfers use a maker/checker flow: one user creates a transfer with the Manage level, and another approves or rejects it with the Authorize level.
| Resource | Available access levels |
|---|---|
| Transfers | Read, Manage, Authorize |
| Accounts | Read, Manage |
| CLABEs (standardized Mexican bank account numbers) | Read, Manage |
| Entities | Read, Manage |
Reconciliation
This resource covers reconciliation:
| Resource | Available access levels |
|---|---|
| Links | Read, Manage |
Developers
These resources cover your integration and security tooling:
| Resource | Available access levels |
|---|---|
| API keys | Read, Manage |
| Webhooks | Read, Manage |
| JWS public keys | Read, Manage |
| IP restrictions | Read, Manage |
Administration
These resources cover your organization and its team:
| Resource | Available access levels |
|---|---|
| Team management | Read, Manage |
| Organization settings | Read, Manage |
| Billing | Read, Manage |