User roles
Grant your team members access to your Sumsub account.
Roles help you restrict access to certain Dashboard functionality. You can create as many roles as you need. Each role has a set of permissions; each permission regulates the behavior of how your team members can use the Dashboard.
With Sumsub, you receive the following default roles:
- Admin. Has full access to all functionality and statistics. Can set up rules and customize verification processes.
- Compliance Officer. Can review applicant profiles, approve and decline applicants, and upload additional documents.
- Developer. Can set up rules and customize verification processes.
Create roles
To create a new role:
- In the Dashboard, go to the Roles page and click Add new role.
- Provide the role name and optional description.
- [Optional] From the Start from a copy of drop-down list, select an existing role from which you want to inherit permissions.
- Configure access limitations.
- Configure IP addresses from which your team members can access the Dashboard.
- From the Source keys from client drop-down list, select a source key to distinguish among applicants coming from different partners.
- On the right, select permissions that you want to grant to the role. Make sure to thoroughly examine each permission and its description before selecting it.
- Save your changes.
Permissions
The following table explains permissions that help you manage access granted to your team members to a certain Dashboard functionality.
Permission |
Description |
---|---|
Moderate Permissions to moderate applicant statuses, manage personal data and check results, blocklist applicants, and so on. |
|
Moderate Applicants |
The ability to manage statuses of all applicants. |
Use moderation buttons |
The purpose of moderation buttons is to streamline the applicant moderation process, particularly when it comes to rejecting applicants. Users can simply click on a button corresponding to the reason for rejection, and the system will automatically generate a rejection comment in the language used by the applicant. NOTE: If the user does not have this permission, they will need to manually specify the reason for rejection. |
Change applicant's personal data |
The ability to modify applicant's personal information and upload new documents via the Dashboard. |
Manage check results |
The ability to change check results in the Summary section (e.g. cross-validation or face match results). |
Manage applicant notes |
The ability to view and edit internal comments about the applicant. Notes are visible in the Dashboard but never shown to the applicant. |
Create applicants |
This permission restricts the ability for users to create applicants, including creation of applicants via permalinks. This permission also hides unilinks and permalinks created by other users. |
Reset applicants |
The ability to reset applicants. |
Change applicant's level |
The ability to change the applicant level. |
Manage applicant tags |
The ability to assign and remove tags from the applicant profile. |
Blocklist applicants |
The ability to blocklist applicants. In case the same document is uploaded to another applicant, it will be rejected. |
Deactivate applicants |
The ability to deactivate and re-activate applicants. |
View Permissions to view different types of information, such as the personal data of the applicant, check results, cost of checks, and so on. |
|
See list of applicants |
The ability to see the list of all applicants, filter this list, and perform search of applicants by the keyword or ID. NOTE: If this permission is not set, the user is able to find an applicant by exact match with the applicant ID or external ID only. |
Download bulk applicant report |
The ability to download a CSV file with the lists of applicants. NOTE: The permissions See list of applicants and See applicant's personal data have to be granted as well in order to get access to the list of applicants and download a bulk report. |
See applicant's personal data |
The ability to see the personal data of applicants. |
See applicant’s images in personal data |
The ability to see images in the personal data of applicants. |
See check results |
The ability to see the results of different checks (e.g. watchlist screening and face comparison). |
See statistics and analytics |
Access to Statistics and Analytics tabs. |
See costs of checks |
The ability to see cost of checks: Payment method verification, Identity verification, and others. |
Manage Permissions to manage user roles and Dashboard settings. |
|
Manage dashboard users |
The ability to set up dashboard roles and permissions including SSO groups and reset passwords for Dashboard users. |
Manage company settings |
The ability to manage company settings, e.g. change the primary email, regulations, configure webhooks, etc. |
Manage workflows |
This permission grants the user the ability to manage applicant workflows, including operations, such as creating, editing, publishing, and unpublishing workflows. |
Customizable Lists Permissions to see and manage client lists. |
|
See customizable lists |
The ability to see customizable lists. |
Manage customizable lists |
The ability to to create, delete and modify customizable lists and its values. |
KYT Permissions to see and manage KYT rules, settings, and transactions. |
|
Manage KYT settings |
The ability to manage KYT settings (e.g. set default currency, thresholds, etc.). |
See KYT transactions |
The ability to see KYT transactions. |
Manage KYT transactions - Decisions |
The ability to make decisions on transactions — approve/reject/confirm/delete. |
Manage KYT transactions - Review |
The ability to perform actions on transaction review — assign/add notes and tags. |
Manage KYT rules |
The ability to manage KYT rules (e.g. install, edit, etc.). |
See KYT Network |
The ability to see the network of the customers transacting with each other. |
Case Management Permissions to see and manage cases. |
|
See AML cases |
The ability to see AML cases. |
Manage AML cases |
The ability to manage AML cases (e.g. assign, review, etc.). |
See case management |
|
Manage Case Management Settings |
The ability to manage queue settings and create custom queues. |
Note
- Permissions cannot be directly assigned to team members. You need to create a role with a certain set of permissions, and then assign this role to a team member.
- If you do not see some of the listed permissions, it means you do not use the associated Sumsub products or solutions. Contact our sales team or reach out to your account manager to obtain a new product.
Manage roles
You can manage roles in any of the following ways:
- Edit roles. Lets you edit an existing role in case you want to change certain parameters. For example, you may want to change permissions that you have assigned previously or change the name of the role, and so on.
- Remove roles. Lets you permanently remove the role in case you no longer need it. Mind that you cannot remove the role if at least one team member is currently logged in under this role.
Updated 7 days ago