Permissions are pre-defined within the Fenergo SaaS application and represent a series of functional capabilities across the various features within the application.
Permissions determine what a user can do within the system. They cover administrative, operational and configuration based user activities.
From an Operational user's POV, permissions control what the user can access, create, cancel, etc. For example, a user may have permission to initiate journey, access client entity data, and trigger screening. Permissions also govern what the Configuration user is allowed to do within the system whether including operations such as create, edit, and approve with respect to configuration sets. For example, a user may have permission to create Policy drafts, edit the requirements within it, and then approve any changes to policies.
Permissions are organized by Domain and are pre-defined per specific API capabilities within the system. Permissions are broken up into the following categories:
- Access - the ability to access a feature
- Edit - the ability to edit within a feature
- Create - the ability to create an instance of an object related to feature
- Cancel - the ability to cancel an activity within a feature
- Delete - the ability to delete within a feature
- Approve - the ability to approve within a feature
- Archive - the ability to archive within a feature
Permissions are added to Teams. While the individual permissions are pre-configured and cannot be changed, Teams are configurable and the the combinations of permissions contained within team are fully configurable.
This document also includes information on configuration permissions that are pre-defined within the system, but are typically only provisioned to System Configuration or Application Support Teams.
Permissions
Associations
| Permission Name | Description | Notes |
|---|
| Association Access | Ability to access and view existing Associated Parties for a given Entity | Required by all users that need to view the Entity's Associations (Related Parties tab). |
| Association Edit & Create | Ability to edit and create Associated Parties for a given Entity | Required by users that need to add or edit the Entity's Associations (Related Parties tab). |
| Association Edit & Link Only | Ability to edit and link existing Associated Parties for a given Entity | Required by users that need to add Associations to an Entity, but who are restricted from creating new Entities as part of the link process. |
| Association Delete | Ability to delete Associated Parties for a given Entity | Required by users that need to delete a Related Party from an Entity's Associations (Related Parties tab). |
Audit
| Permission Name | Description | Notes |
|---|
| Audit Access | Ability to view and access Audit logs within the application | Required by Compliance, Audit and any Administration users that require access to the system audit log and audit of individual entities and their journeys |
Change Management
| Permission Name | Description | Notes |
|---|
| Proposed Changes Access | Ability to access and view Proposed Changes for a given Entity | Required by users that need to view an Entity's Proposed Changes (Proposed Changes task). |
| Proposed Changes Edit | Ability to action (accept or reject) Proposed Changes | Required by users that need to action (accept or reject) Proposed Changes within the Proposed Changes task. |
| Proposed Changes Approve | Ability to approve actioned Proposed Changes | Required by users that need to Approve actioned Proposed Changes within the Proposed Changes task when Maker-Checker is active. |
Configuration Exchange
| Permission Name | Description | Notes |
|---|
| Credit Policy Configuration Access | Ability to access the configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to access the Credit Policy Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Credit Policy Configuration Edit | Ability to create new and edit existing configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to create and modify configuration within the Credit Policy Configuration Feature. This permission is not typically granted to users in a Production environment. |
| Credit Policy Configuration Approve | Ability to approve configurations within Credit Policy feature | Required by System Configuration users in lower-level environments to approve configuration within the Credit Policy Configuration Feature. This permission is not typically granted to users in a Production environment. |
Data Protection
| Permission Name | Description | Notes |
|---|
| Data Deletion Access | Ability to access the Data Deletion feature | Required by administrators that need to access the Data Deletion feature. |
| Data Deletion Edit | Ability to submit a data deletion request | Required by administrators that need to submit a data deletion request. |
| Data Deletion Approve | Ability to approve a data deletion request | Required by administrators that need to approve a data deletion request. |
Document Management
| Permission Name | Description | Notes |
|---|
| Document Management Access | Ability to view documents associated to an entity | Required by all users that need to access the Documents tab for a given entity. |
| Document Management Create | Ability to upload new documents and associate them to an entity | Required by users that need to upload new documents to a given entity's Documents tab. |
| Document Management Edit | Ability to edit existing documents associated to an entity | Required by users that need to edit existing documents in a given entity's Documents tab. |
| Document Management Delete | Ability to delete existing documents associated to an entity | Required by users that need to delete documents from a given entity's Documents tab. |
| Document Management Approve | Ability to approve documents associated to an entity | Required by users that need to approve documents in a given entity's Documents tab when document Maker-Checker is active. |
| Document Management – Archive | Ability to archive documents associated to an entity | Required by users that need to archive documents in a given entity's Documents tab. |
| Document Management – Unarchive | Ability to unarchive documents associated to an entity | Required by users that need to unarchive documents in a given entity's Documents tab. |
| Document Management – Archive (Legacy) | Ability to archive and unarchive documents associated to an entity | Legacy permission retained for backward compatibility. Grants the ability to both archive and unarchive documents. This permission will be evaluated for removal at a later stage. |
| Document Management Link | Ability to link or reuse existing documents without requiring document management create permissions | Required by users that need to link or reuse existing documents without the need for document management create permissions. |
| IDP RAG Resource Access | Ability to access the IDP Managed Knowledge Base | Required by users that need to access the IDP Managed Knowledge Base. |
| IDP RAG Resource Edit | Ability to add new Knowledge Base entries or edit existing entries | Required by users that need to add or edit Knowledge Base entries. |
Entity
| Permission Name | Description | Notes |
|---|
| Entity Access & Search | Ability to access and search for Entities within the application | Required by all users that need to search for and access Entity records within Fenergo SaaS. |
| Entity Create | Ability to create new Entities within the application | Required by users that need to create new Entity records. |
| Entity Edit | Ability to edit existing Entities within the application | Required by users that need to edit existing Entity records. |
| Entity Cancel | Ability to cancel existing Entities within the application | Required by users that need to cancel existing Entity records. |
| Sensitive Data Access | Ability to access sensitive fields within the application | Required by users that need to access fields that are designated as sensitive within Policy configuration. Sensitive data fields are masked for users without this permission. |
| Legal Entity Group Management Access & Search | Ability to search and access Legal Entity Group records | Required by users that need to view and search for Legal Entity Group records. |
| Legal Entity Group Management Edit | Ability to create and edit Legal Entity Group records | Required by users that need to create or edit Legal Entity Group records. |
ETL
| Permission Name | Description | Notes |
|---|
| ETL Access | Ability to access the ETL feature | Required by users that need to access the ETL configuration and management features. |
| ETL Edit | Ability to edit ETL configurations | Required by users that need to create or modify ETL configurations. |
| ETL Approve | Ability to approve ETL configurations | Required by users that need to approve ETL configurations. |
Journeys
| Permission Name | Description | Notes |
|---|
| Journey Access | Ability to view all Journeys assigned to their team in Journey Hub | Required by all users that need to access and work on Journeys assigned to their team through Journey Hub. |
| Journey Initiate | Ability to initiate Journeys | Required by users that need to initiate new Journeys. Depending on the system configuration, this may only be applicable for certain journey types. |
| Journey Cancel | Ability to cancel in-flight Journeys | Required by users that need to cancel in-flight Journeys. |
| Journey Reassign Task Owner | Ability to reassign the Task owner (team) on an in-flight Journey task | Required by users that need to reassign a Journey task to a different team. Note: this permission allows the user to reassign task to any team, including teams that they are not part of. |
| Journey Reassign Task Owner, No Task Access | Ability to reassign the Task owner (team) on an in-flight Journey task where the team no longer exists or is inactive | Required by users that need to reassign a Journey task that is assigned to a team that no longer exists or is inactive, to an active team. Note: this permission allows the user to reassign the task to any active team, including teams they are not part of. |
| Journey SLA Pause | Ability to pause SLA on Journey tasks | Required by users that need to pause the SLA timer on Journey tasks. |
| Journey Configuration Access | Ability to access Journey configurations | Required by System Configuration users in lower-level environments to access the Journey Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Journey Configuration Edit | Ability to edit Journey configurations | Required by System Configuration users in lower-level environments to create and modify Journey configurations. This permission is not typically granted to users in a Production environment. |
| Journey Configuration Approve | Ability to approve Journey configurations | Required by System Configuration users in lower-level environments to approve Journey configurations. This permission is not typically granted to users in a Production environment. |
Narratives
| Permission Name | Description | Notes |
|---|
| Narratives Access | Ability to access the Narratives feature | Required by users that need to view or interact with the Narratives tab on the Entity Profile Page. |
| Compliance Narratives Access | Ability to access and view compliance narratives | Required by users that need to view compliance narratives on the Narratives tab. |
| Compliance Narratives Edit | Ability to create or edit compliance narratives | Required by users that need to add or modify compliance narratives. |
| Business Narratives Access | Ability to access and view business narratives | Required by users that need to view business narratives on the Narratives tab. |
| Business Narratives Edit | Ability to create or edit business narratives | Required by users that need to add or modify business narratives. |
Notifications
| Permission Name | Description | Notes |
|---|
| Notification Access | Ability to access the Notification Centre | Required by all users that need to access their Notification Centre within Fenergo SaaS. |
Policy
| Permission Name | Description | Notes |
|---|
| Policy Access | Ability to access Policy configurations | Required by System Configuration users in lower-level environments to access the Policy Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Policy Edit | Ability to edit Policy configurations | Required by System Configuration users in lower-level environments to create and modify Policy configurations. This permission is not typically granted to users in a Production environment. |
| Policy Approve | Ability to approve Policy configurations | Required by System Configuration users in lower-level environments to approve Policy configurations. This permission is not typically granted to users in a Production environment. |
Products
| Permission Name | Description | Notes |
|---|
| Product Access & Search | Ability to search for and access Product records | Required by users that need to view or search for Product records within Fenergo SaaS. |
| Product Requirement Scope | Ability to view product-scoped requirements within Journey tasks | Required by users that need to see product-specific data requirements within Journey tasks. |
Reference Data
| Permission Name | Description | Notes |
|---|
| Reference Data Editor Access | Ability to access the Reference Data feature | Required by System Configuration users in lower-level environments to access the Reference Data Feature. Typically, this is only provided to Application Support Teams in a Production environment, however in some cases this may be provisioned to business users to stay informed on the reference data being used across Production. Note: A user requires the 'Lookup Access' Permission to interact with the Reference Data feature. |
| Reference Data Editor Edit | Ability to interact with the Reference Data feature including creating new reference data lists, creating new drafts, editing drafts, deleting values from a draft and submitting drafts for approval | Required by System Configuration users in lower-level environments to create and modify Reference Data lists within the Reference Data Feature. This permission is not typically granted to users in a Production environment. Note: A user requires the 'Lookup Access' Permission to interact with the Reference Data feature. |
| Reference Data Editor Approve | Ability to approve Reference Data changes | Required by System Configuration users in lower-level environments to approve Reference Data changes within the Reference Data Feature. This permission is not typically granted to users in a Production environment. |
| Lookup Access | Ability to interact with Reference Data Lookups | Required by all users that need to interact with Reference Data lookups within the application. |
Reporting
| Permission Name | Description | Notes |
|---|
| Reporting Access | Ability to access the Reporting feature | Required by users that need to access the Reporting / Advanced Dashboards feature within Fenergo SaaS. |
| Reporting Edit | Ability to create and edit reports | Required by users that need to create or modify reports within the Reporting feature. |
| Reporting Delete | Ability to delete reports | Required by users that need to delete reports within the Reporting feature. |
| Reporting Approve | Ability to approve reports | Required by users that need to approve reports within the Reporting feature. |
Risk
| Permission Name | Description | Notes |
|---|
| Risk Access | Ability to access Risk configurations | Required by System Configuration users in lower-level environments to access the Risk Configuration Feature. Generally, only provided to Application Support Teams in a Production environment. |
| Risk Edit | Ability to edit Risk configurations | Required by System Configuration users in lower-level environments to create and modify Risk configurations. This permission is not typically granted to users in a Production environment. |
| Risk Approve | Ability to approve Risk configurations | Required by System Configuration users in lower-level environments to approve Risk configurations. This permission is not typically granted to users in a Production environment. |
Screening
| Permission Name | Description | Notes |
|---|
| Screening Access | Ability to access the Screening feature | Required by users that need to access the Screening feature within Fenergo SaaS. |
| Screening Edit | Ability to edit and interact with Screening results | Required by users that need to review or action Screening results. |
| Screening Delete | Ability to delete an existing screening batch | |
| Screening Approve | Ability to approve or reject screening escalation tasks | |
Transaction Monitoring
| Permission Name | Description | Notes |
|---|
| Alert Dashboard Access | Ability to access the Alert Dashboard page. | This permission will allow a user to see the Alert dashboard. |
| Alert Dashboard Configuration Edit | Ability to edit the Alert Dashboard columns- pending. | |
| Alert Access | Ability to access the alert. | This will allow a TM analyst to click through to an alert and see the details and transactions. |
| Create Alert | Ability to create manual alerts from the UI. | Required to display the Create Alert button on the Entity Alerts and Entity Transactions tabs. |
| Whitelist Access | Ability to access the entity whitelist. | This will give a user access to the Entity Whitelist. |
| Whitelist Edit | Ability to edit an entity whitelist entry. | This will allow a user to add to or update the Entity Whitelist. |
| Whitelist Delete | Ability to delete an entity whitelist entry. | This will allow a user to remove a whitelist record. |
| Whitelist Approve | Ability to approve an entity whitelist entry. | This is required by users who should approve a whitelist added for an entity. |
| Entity Profile Transaction view | Ability to view transaction details for an entity. | This will allow a user to see all the transaction for an entity. |
| Transactions Api Access | Ability to use transactions api. | This allows a user to use the transaction API. |
| TM Risk Configuration Edit | Ability to edit risk configuration. | Required by system configuration to update the TM risk configuration. |
| TM Risk Configuration Access | Ability to access risk configuration. | Required by system configuration to access the TM risk configuration. |
| TM Risk Configuration Approve | Ability to approve risk configuration. | Required by administrator to approve the risk configuration, not typically granted to users in Production environment. |
User Administration
| Permission Name | Description | Notes |
|---|
| User Administration Access | Ability to access the User Administration feature | Required by administrators that need to access the User Administration feature to manage user accounts within Fenergo SaaS. |
| User Administration Edit | Ability to create and edit user accounts | Required by administrators that need to create new user accounts or modify existing accounts within the User Administration feature. |
| User Administration Delete | Ability to delete user accounts | Required by administrators that need to delete user accounts within the User Administration feature. |