Payments Data Platform | Modernbanc

Roles and Permissions

Modernbanc has a universal granular permission system across all our models to fit any organization regardless of size.

What are roles?

Access to both the Modernbanc API and UI is regulated through roles. Each API key and workspace membership is linked to a specific role.

Roles are defined by a mix of functionalities (such as accounts, entities), permissions (like create, update), and filters (like where environment_id = 'uuid'). This structure allows for precise access control.

Permission filters within a role can range from broad, covering the entire workspace, to highly specific, targeting individual object fields (for example, environment_id).

Important - permissions are object-based!

Modernbanc permissions are object-based, which means GET workspace permission will only let you view Workspace object rather than everything in the workspace. If you want to access objects within the workspace you’d need a permission for that model e.g GET account or CREATE transaction.

Workspace Defaults

Upon creation, every workspace is equipped with nine predefined roles. Three foundational roles - Admin, Developer, and Viewer - provide comprehensive access across the workspace. The remaining six roles, including Admin - Test, Admin - Live, Viewer - Test, Viewer - Live, Developer - Test, and Developer - Live, offer tailored access based on the environment.

Create Roles

Roles can be created and modified in the UI or API. The simplest way to create a role is to use the UI.

  • Navigate to the Settings tab in the navigation dropdown or by pressing G and then S.
  • Navigate to the Roles tab in the navigation dropdown or by pressing G and then R.
  • Click the Create button in the upper right corner.
Create Role Key Modal
  • Enter a name for the Role.
  • Select the permissions you want by clicking the Add button.
  • For each selected permission, choose the type of access to grant (get, create, update,...).
  • Optionally add filters on permissions to restrict access further. A standard filter is environment_id to restrict access to a specific environment.
  • Click the Create button.