User Roles Configuration
  • 03 May 2023
  • 4 Minutes To Read
  • Dark
    Light
  • PDF

User Roles Configuration

  • Dark
    Light
  • PDF

Article summary

Permissions allow users to view different types of information or to perform actions in Mambu. You can either assign individual permissions to users, or you can group permissions by creating a role and then assigning that role to a user. The user will then have all the permissions that are a part of that role. For more information see Understanding Users, Roles, and Permissions and Roles.

With Configuration as Code (CasC), you may batch configure your user roles configuration via the API using YAML. For general information on CasC, see Configuration as Code Overview.

API operations

CasC for user roles supports three operations.

ActionEndpointDescription
GET/configuration/userroles.yamlGet current user roles configuration.
PUT/configuration/userroles.yamlWrite a new user roles configuration to Mambu.
GET/configuration/userroles/template.yamlGet your user roles configuration template in YAML. This is useful when configuring from scratch. For formatting information for the fields, see General Attributes below for an example.
Please Note

Any existing selections, usages, view and edit rights of roles that are not included in a new configuration submitted to the API are deleted.

Existing roles that are not included in configuration requests are deactivated or disabled.

Please be Aware

Built-in user roles are excluded from configuration because they are created during tenant provisioning and are not fully customisable.

Requests

For general information on CasC requests such as authentication and required headers, see Configuration as Code Overview.

The following section shows sample requests using curl and basic authentication. For all examples, replace TENANT_NAME with your actual tenant name.

GET configuration

curl -X GET 'https://TENANT_NAME.mambu.com/api/configuration/userroles.yaml' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-u user:password

{auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.

Get your user roles configuration template

curl -X GET 'https://TENANT_NAME.mambu.com/api/configuration/userroles/template.yaml' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-H 'Authorization: Basic {auth}'

{auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.

PUT configuration

curl -X PUT 'https://TENANT_NAME.mambu.com/api/configuration/userroles.yaml' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-H 'Content-Type: application/yaml' \
-H 'Authorization: Basic {auth}' \
--data-binary @userroles.yaml

{auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.

“@userroles.yaml” represents the absolute path of the file on your device.

Use “--data-raw” if you want to specify the YAML body inline.

Configuration body example

---
roles:
- name: "Mambu Support"
  id: "613343659"
  administrator: false
  teller: false
  creditOfficer: false
  support: true
  delivery: false
  accessRights:
  - "MAMBU"
  permissions:
  - "AUDIT_TRANSACTIONS"
  - "VIEW_COMMENTS"
  - "VIEW_CENTRE_DETAILS"
  - "VIEW_BRANCH_DETAILS"
  - "VIEW_COMMUNICATION_HISTORY"
  - "VIEW_LOAN_PRODUCT_DETAILS"
  - "VIEW_SAVINGS_PRODUCT_DETAILS"
  - "VIEW_CLIENT_DETAILS"
  - "VIEW_GROUP_DETAILS"
  - "VIEW_LINE_OF_CREDIT_DETAILS"
  - "VIEW_LOAN_ACCOUNT_DETAILS"
  - "VIEW_SECURITIES_DETAILS"
  - "VIEW_SAVINGS_ACCOUNT_DETAILS"
  - "VIEW_DOCUMENTS"
  - "VIEW_TASK"
  - "VIEW_INTELLIGENCE"
  - "VIEW_REPORTS"
  - "VIEW_CHART_OF_ACCOUNTS"
  - "VIEW_JOURNAL_ENTRIES"
  - "VIEW_ACCOUNTING_REPORTS"
  - "VIEW_INVESTOR_FUNDS_DETAILS"
  - "VIEW_USER_DETAILS"
  - "VIEW_ADMINISTRATION_DETAILS"
  - "VIEW_TRANSACTION_CHANNELS"
- name: "roll"
  id: "STD_BA"
  administrator: false
  teller: false
  creditOfficer: true
  support: false
  delivery: false
  accessRights:
  - "APIS"
  permissions:
  - "VIEW_GROUP_DETAILS"
  - "CREATE_GROUP"
  - "EDIT_GROUP"
  - "CHANGE_GROUP_TYPE"
  - "MANAGE_GROUP_ASSOCIATION"
  - "EDIT_GROUP_ID"
  - "VIEW_LOAN_ACCOUNT_DETAILS"
  - "CREATE_LOAN_ACCOUNT"
  - "EDIT_LOAN_ACCOUNT"
  - "APPROVE_LOANS"
  - "DIBURSE_LOANS"
  - "APPLY_LOAN_FEES"
  - "ENTER_REPAYMENT"
  - "EDIT_REPAYMENT_SCHEDULE"
  - "APPLY_LOAN_ADJUSTMENTS"
  - "BACKDATE_LOAN_TRANSACTIONS"
  - "APPLY_ACCRUED_LOAN_INTEREST"
  - "POST_TRANSACTIONS_ON_LOCKED_LOAN_ACCOUNTS"
  - "EDIT_PENALTY_RATE"
  - "REQUEST_LOAN_APPROVAL"
  - "EDIT_LOAN_TRANCHES"
  - "REJECT_LOANS"
  - "WRITE_OFF_LOAN_ACCOUNTS"
  - "REVERSE_LOAN_ACCOUNT_WRITE_OFF"
  - "CLOSE_LOAN_ACCOUNTS"
  - "LOCK_LOAN_ACCOUNTS"
  - "WITHDRAW_LOAN_ACCOUNTS"
  - "DELETE_LOAN_ACCOUNT"
  - "SET_DISBURSEMENT_CONDITIONS"
  - "RESCHEDULE_LOAN_ACCOUNT"
  - "REFINANCE_LOAN_ACCOUNT"
  - "EDIT_LOAN_TRANSACTIONS"
  - "BULK_LOAN_CORRECTIONS"
  - "EDIT_INTEREST_RATE"
  - "UNDO_LOAN_ACCOUNT_CLOSURE"
  - "UNDO_REJECT_LOANS"
  - "UNDO_WITHDRAW_LOAN_ACCOUNTS"
  - "LINK_ACCOUNTS"
  - "EDIT_PRINCIPAL_PAYMENT_ACTIVE_REVOLVING_CREDIT"
  - "PERFORM_REPAYMENTS_WITH_CUSTOM_AMOUNTS_ALLOCATION"
  - "MANAGE_LOAN_ASSOCIATION"
  - "MAKE_WITHDRAWAL_REDRAW"
  - "VIEW_SECURITIES_DETAILS"
  - "CREATE_SECURITIES"
  - "EDIT_SECURITIES"
  - "DELETE_SECURITIES"
  notes: "notes"

General attributes

The order of the user roles in the YAML configuration file will define the order in the Mambu UI as well.

NameTypeDescriptionRequired
name[String]A list of predefined access rights.
administratorBooleanIndicates whether this role is administrative.
creditOfficerBooleanIndicated whether this role will be associated with a credit officer user.
deliveryBooleanIndicates whether this role will give delivery access.
idStringUser-defined ID, globally unique.
nameStringUser-defined name, globally unique.
notesStringUser-defined notes for this particular role.
permissions[String]A list of predefined permissions.
supportBooleanIndicates whether this role will give support access.
tellerBooleanIndicates whether this role will give tellering access.

Replies

If you do not receive a 200 OK status code then fix any validation errors and make another PUT request until you receive a 200 OK status code.

Please Note

If you PUT a valid YAML configuration to the API and you do not receive a 200 OK status code within 60 seconds, you may receive a 504 Gateway Timeout status code. We expect all responses to be below 60 seconds.

If you encounter this issue, please contact us through Mambu Support so we can investigate it.

Validation

Please note

Validation errors report a non-exhaustive list of errors, such as invalid date format or decimal separator not being one of the available types. However fields such as email address or telephone are not validated, and care should be taken to make sure this information is correct.

Validation performed by the API uses the same rules as the UI. Configuration validation checks:

  • Syntax is correct as per YAML standards and the user roles template.
  • Content is correct.
  • References are all properly mapped (and exist in the target system).
  • User roles properties are accurate and correct.

Was this article helpful?

What's Next