Ideas for the Mambu Banking Engine

Granular Admin Permissions

What

Add more granular permissions for Admin-type actions (such as editing custom fields, products, etc)

Why

Large organization may have lots of administrators and may want to limit/reduce access of what some admins can or cannot do

  • Eugene Danilkis
  • Jan 5 2016
  • Attach files
  • Admin
    Ioana Zamfir commented
    27 Sep, 2018 02:31pm

    Hello,

    As we acknowledge the need for separating the idea of a system administrator (that does not need access to client data) from the existing Administrator Role in Mambu, we have now promoted this idea to feature ADN-20. 

    You can check on this feature in MyMambu, where you can review all the features which are internally tagged with a unique id for your organisation.

  • Sy Sussman commented
    18 Sep, 2018 04:59pm

    Use case: we have engineers who would want to see the Admin settings, but not edit them. As they create APIs and Webhooks, sometimes it's useful to know how the administrative settings are set up, if there are differences in our different environments, and if things are set up correctly. For security reasons we would not want to give Edit rights to all of the Administrators, but we would want to give them View-only rights to some or all of the Admin settings.

  • Dotun Akinde commented
    15 May, 2017 10:57am

    The use case for the previous comment is that as we are now in beta and will start to process real loans for real customers, we want to prevent the new10 MAMBU system administrator from accessing any data related to new10’s clients (which is individual, company and securities) and prevent the new10 MAMBU system administrator from seeing any data related to loan accounts or any other loan activity. We still require the MAMBU system administrators to have access to the full administration rights I.e. have access to the following tabs under the Administration” menu option in the top section of the screen:


    - General
    - Users
    - Products
    - Fields
    - Views
    - Webhooks
    - Reports
    - Data

    Currently, once you remove the “Administration” option from a role profile, you will not be able to see most of the tabs listed above.

    The ability to have admin rights without access to any client related or loan account data could be a restricted admin permission which allows a user carry out all administrator tasks no visibility of client or loan account data.

  • Dotun Akinde commented
    15 May, 2017 10:54am

    it will be very helpful to have an administrator permission which cannot see any customer details (clients, groups, loan account, securities etc), but the administrator permission can still do everything else a normal administrator can do. 

    Such an administrator permission will be very beneficial for a live deployment where an organisation decides they do not want anyone with MAMBU administrator privilege to have access to client data.

  • Avatar160.e35e46fe62a53e488ef9451dd1d3432e