Permission roles

Fintoc's dashboard contains sensitive information and lets your organization move money. Fintoc provides a granular permission system so administrators control exactly which information and actions each user can access.

Fintoc's dashboard holds sensitive information and lets your organization move money. To control who can do what, Fintoc provides a granular permission system built on three concepts: permissions, access levels, and roles. This page explains each concept and lists every permission you can grant.

Permissions

A permission controls a single action on a single resource. A resource is an area or feature of the dashboard, such as API keys, payments, or transfers. Fintoc groups permissions into five categories: Payment initiation, Treasury, Reconciliation, Developers, and Administration.

Access levels

Each resource grants one of four access levels. The levels are cumulative: Manage includes everything in Read.

  • None: No access to the resource.
  • Read: See the resource's information without making changes.
  • Manage: Create, edit, and delete, in addition to everything in Read.
  • Authorize: Approve or reject an action that another team member started. Only transfers use this level, through a maker/checker flow.

Roles

A role is a predefined bundle of permissions that matches a common job function. Assign a role to a user as a starting point, then adjust that user's individual permissions when the role does not fit.

Fintoc provides five predefined roles:

  • Admin: Every permission, including team management, billing, organization settings, and IP restrictions.
  • Developer: Full access to API keys, webhooks, and JSON Web Signature (JWS) public keys, plus read-only access to payments and reconciliation.
  • Operations: Manage links and refunds, plus read-only access to payments, payouts, and subscriptions.
  • Finance and Accounting: Read-only access to payments, payouts, subscriptions, and reconciliation.
  • Support: Read-only access to payments and subscriptions, plus the ability to refund payments.

You cannot grant the Admin role from the dashboard. To assign it to a user, contact your Sales or Customer Success representative, or reach out through the chat.

Permissions by category

The tables below list the resources in each category and the access levels you can grant for each one.

Payment initiation

These resources cover collecting and paying out money:

ResourceAvailable access levels
PaymentsRead
RefundsManage
PayoutsRead
SubscriptionsRead
ChargesRead
CustomersRead

Treasury

No predefined role includes Treasury permissions; assign them to individual users. Transfers use a maker/checker flow: one user creates a transfer with the Manage level, and another approves or rejects it with the Authorize level.

ResourceAvailable access levels
TransfersRead, Manage, Authorize
AccountsRead, Manage
CLABEs (standardized Mexican bank account numbers)Read, Manage
EntitiesRead, Manage

Reconciliation

This resource covers reconciliation:

ResourceAvailable access levels
LinksRead, Manage

Developers

These resources cover your integration and security tooling:

ResourceAvailable access levels
API keysRead, Manage
WebhooksRead, Manage
JWS public keysRead, Manage
IP restrictionsRead, Manage

Administration

These resources cover your organization and its team:

ResourceAvailable access levels
Team managementRead, Manage
Organization settingsRead, Manage
BillingRead, Manage