Contents x
Permissions
  • 06 Mar 2024
  • 29 Minutes To Read
  • Print
  • Dark
    Light
  • PDF
Contents

Permissions

  • Updated On 06 Mar 2024
  • 29 Minutes To Read
  • Print
  • Dark
    Light
  • PDF
Article Summary

A permission is the authorization given to users that enables them to view a type of information or to perform an action in Mambu. You can either assign individual permissions to users or you can group permissions by creating a role and then assigning that role to a user.

By managing permissions, each user will only have access to the information that is relevant for their required activities in Mambu.

For more information about assigning permissions to either users or roles see Creating a User or Roles.

Please Note

If users have Audit Trail enabled, Mambu will track all the activities performed by all types of users, regardless of what set of permissions they have.

Granular Administration Permissions

In Mambu, a user with the type administrator has access to the Mambu Administration section. This user type has complete control over the Mambu app and can do all possible actions. However, you will often need to create multiple types of administrators, that have their access limited to some areas of the Mambu Administration section.

For example, you might want to create Roles similar to these, for more granularity:

  • A Financial Administrator, in charge with setting the rates, currencies, and so on.
  • An Access Administrator, who manages users, roles, access preferences, and who can set up Federated Authentication.
  • A Technical Setup Administrator, who manages the setup of Event Streaming APIs, Data Imports and Exports, and so on.

In order to enable you to create separate roles for the needs of your organization, our Administration permissions provide a high level of granularity. With granular permissions, you can create robust role-based access control rules and apply the principle of least privilege for your users, only giving permissions as absolutely needed for completing specific tasks.

Standard Behavior for Granular Administrator Permissions

The standard behaviour for granular permissions on the Administration section, applicable both on the UI and on the API endpoints is the following:

  • Create, Read, Update, Delete (CRUD) permissions on more complex entities.
  • Manage permission on simpler entities.

To better understand how the CRUD permissions and the Manage permission standard is applied, let's pick the Branches entity and go through each permission.

Create Entities

The Create permission has implicit View permission mapped. This means that a user with the Create permission also has all the capabilities a user with only View permission has. Please note, this is an implicit View permission, which means it is not signaled in the Permission Tree of the given entity.
This permission also gives you the capability to create a new entity of the given kind, both via the UI and API, provided that you also have API access.

View Entity Details

This permission is applicable to API 2.0 endpoints such as getAll and getById provided that you also have API access. For branches, these would be the following:
GET /branches
GET /branches/{branchID}

This permission is applicable on Mambu UI as follows:
You can see all branches by navigating to Administration > Organization > Branches. You can't edit any fields or create a new branch if you only have View permissions.
You can click on branch and/or ID as applicable, in order to see the details.

Edit Entities

The Edit permission has implicit View permission mapped. This means that a user with the Edit permission also has all the capabilities a user with only the View permission has. Please note, this is an implicit View permission, which means it is not signaled in the permission tree of the given entity.
This permission also gives you the capability to Edit an entity of the given kind, both via the UI and API, provided you also have API access.
Edit entity permissions contains access to actions like:

  • Activate/Deactivate Entity
  • Unlock Entity (applicable for Users)

Delete Entities

This permission has an implicit View permission. This means that with the Delete permission, you also have all the capabilities a user with only View permission has. Please note, this is an implicit View permission, which means it is not signaled in the permission tree of the given entity.
The delete user action is available both for Administrator and other users that will be granted the “Delete Users” permission.

Manage Entity

The Manage entity permission is used with smaller entities that do not need a full CRUD operation set or to cover current lack on granularity with a minimum impact on backwards compatibility.
This permission gives you access to fully manage the entity or feature, while enhancing granularity by not needing an Administrator user type to edit, delete or create new entities.

Permission descriptions

A list of permissions is available in the Mambu UI when you go to create or edit any users or roles.

The list of available permissions visible under the Permissions section in the relevant dialogs, changes depending on whether you have Mambu and/or API options selected under Access Rights.

Please Note

The default selections under Access Rights for users and roles differ.

For users, the Mambu option is selected by default, when creating new users. The API option is only available when editing users, not when creating them.

For roles, the Mambu and API are not selected by default, when creating new roles.

Below you can find a description of each of the permissions available in Mambu by category or set. These permissions function identically for Mambu user accounts and Mambu roles. Each permission includes the name used in the UI and the name used with the API (in parentheses).

Please be Aware

The name displayed in the UI and the name as it appears in the API or database exports can differ. For example, the name for the permission to view historical data in the UI is View Historical Data. The name of the same permission used with the API is VIEW_INTELLIGENCE. We recommend consulting the list below to retrieve the correct name.

General

The General category contains the following permissions:
  • Audit Transactions (AUDIT_TRANSACTIONS): allows you to filter and find transactions. With this permission enabled, you can view the All Deposit Transactions option under the Deposit Transactions menu item, the All Loan Transactions option under the Loan Transactions menu item, and the Activities menu item. You must also have at least View permissions on deposit or loan accounts.
  • Create Index Rate (CREATE_INDEX_RATE): allows you to create index interest rates.
  • View Comments (VIEW_COMMENTS): allows you to view any comments related to clients, users, branches, products, and accounts under the Comments tab which becomes visible.
  • Create Comments (CREATE_COMMENTS): allows you to create new comments.
  • Edit Comments (EDIT_COMMENTS): allows you to edit existing comments.
  • Delete Comments (DELETE_COMMENTS): allows you to delete existing comments.
  • Export to Excel (EXPORT_TO_EXCEL): allows you to export custom views data, and any report under Reporting or Accounting. Only visible if Mambu is selected under Access Rights.
  • Download Backups (DOWNLOAD_BACKUPS): allows you to download backups. Only visible if API is selected under Access Rights.
  • Import Data (IMPORT_DATA): allows you to import data. Only visible if API is selected under Access Rights.

Administration

The Administration category contains the following permissions:
  • Custom Fields:
    • View Custom Fields (VIEW_CUSTOM_FIELD): enables Fields tab under Administration. Allows access to view custom field definitions which have been set up for the tenant. Please note: this permission does not manage whether a user is able to view custom field values for any of the entities.
    • Create Custom Fields (CREATE_CUSTOM_FIELD): allows you to create custom field sets and custom field definitions. See Custom Fields. Please note: this permission does not manage whether a user is able to edit custom field values for any of the entities.
    • Edit Custom Fields (EDIT_CUSTOM_FIELD): allows you to edit custom field sets and custom field definitions. Please note: this permission does not manage whether a user is able to edit custom field values for any of the entities.
    • Delete Custom Fields (DELETE_CUSTOM_FIELD): allows you to delete custom field definitions. Please note: this permission does not manage whether a user is able to delete custom field values for any of the entities.
  • Branches:
    • View Branch Details (VIEW_BRANCH_DETAILS): enables Organization tab under Administration. Allows access to Branch information when clicking the Branch name elsewhere in the system.
    • Create Branches (CREATE_BRANCH): enables access to Administration > Organization > Branches > Create Branch. See Creating Branches.
    • Edit Branches (EDIT_BRANCH): enables access to Administration > Organization > Branches > Edit Branches. Allows you also to activate, deactivate, and unlock branches. See Editing a Branch.
  • Centres:
    • View Centre Details (VIEW_CENTRE_DETAILS): enables Organization tab under Administration. Allows access to Centre information when clicking the Centre name elsewhere in the system.
    • Create Centres (CREATE_CENTRE): enables access to Administration > Organization > Centres > Create Centre. See Creating Centres.
    • Edit Centres (EDIT_CENTRE): enables access to Administration > Organization > Centres > Edit Centres. Allows you to activate, deactivate, and unlock centres.
      • Delete Centres (DELETE_CENTRE): enables access to Administration > Organization > Centres > Delete. Allows you to delete centres.
  • Products:
    • View Loan Product Details (VIEW_LOAN_PRODUCT_DETAILS): enables the Products tab and the Loans subtab. Allows you to view all the loan products created in Mambu.
    • Create Loan Product (CREATE_LOAN_PRODUCT): allows a user to create loan products.
    • Edit Loan Product (EDIT_LOAN_PRODUCT): allows a user to edit and copy loan products.
    • Delete Loan Product (DELETE_LOAN_PRODUCT): allows a user to delete loan products.
    • View Deposit Product Details (VIEW_SAVINGS_PRODUCT_DETAILS): enables the Products tab and the Deposits subtab. Allows you to view all the deposit products created in Mambu.
    • Create Deposit Product (CREATE_SAVINGS_PRODUCT): allows a user to create a deposit product.
    • Edit Deposit Product (EDIT_SAVINGS_PRODUCT): allows a user to edit and copy a deposit product.
    • Delete Deposit Product (DELETE_SAVINGS_PRODUCT): allows a user to delete a deposit product.
    • Create Product Documents (CREATE_PRODUCT_DOCUMENT_TEMPLATES): allows you to create document templates. See Creating a Document. Note, this permission relates only to document templates, there is a separate permission set for documents attached to accounts and other entities.
    • Edit Product Documents (EDIT_PRODUCT_DOCUMENT_TEMPLATES): allows you to edit document templates. See Using the Document Editor. Note, this permission relates only to document templates, there is a separate permission set for documents attached to accounts and other entities.
    • Delete Product Documents (DELETE_PRODUCT_DOCUMENT_TEMPLATES): allows you to delete document templates. Note, this permission relates only to document templates, there is a separate permission set for documents attached to accounts and other entities.
  • Transaction Channels:
    • View Transaction Channels (VIEW_TRANSACTION_CHANNELS): allows you to view the list of transaction channels.
    • Create Transaction Channels (CREATE_TRANSACTION_CHANNELS): allows you to create a new transaction channel.
    • Edit Transaction Channels (EDIT_TRANSACTION_CHANNELS): allows you to modify transaction channels.
    • Delete Transaction Channels (DELETE_TRANSACTION_CHANNELS): allows you to delete transaction channels.
  • Currencies (only visible if API is selected under Access Rights):
    • View Exchange Rates (VIEW_EXCHANGE_RATES): allows you to view exchange rates.
    • Create Exchange Rates (CREATE_EXCHANGER_RATE): allows you to create exchange rates.
  • Manage Holidays (MANAGE_HOLIDAYS): allows you to view, edit, and add to the list of holidays from Administration > General Setup > Holidays. See Holidays.
  • Manage Configuration As Code (only visible if API is selected under Access Rights)
    • View Manage Configuration As Code (GET_MANAGE_CONFIGURATION_AS_CODE): allows a user to make GET requests using the configuration as code endpoints. For more information, see Configuration as Code Overview.
    • Update Manage Configuration As Code (PUT_MANAGE_CONFIGURATION_AS_CODE): allows a user to make PUT requests using the configuration as code endpoints. For more information, see Configuration as Code Overview.
  • Manage Eod Processing (MANAGE_EOD_PROCESSING): allows you to manage EOD Processing from Administration > Financial Setup > EOD Processing. Allows you to acces the Background Process endpoint.
  • Manage Risk Levels (MANAGE_RISK_LEVELS): enables Risk Levels tab under Administration > Financial Setup. See Defining Risk Levels.
  • Manage Apps (MANAGE_APPS): enables the Apps tab under Administration. Allows you to access and manage Mambu apps. Only visible if Mambu is selected under Access Rights.
  • Manage Authorization Holds Setup (MANAGE_AUTHORIZATION_HOLDS_SETUP): enables Authorization Holds Setup tab under Administration > Financial Setup. Allows you to access and setup authorization holds.
  • Manage Index Rates (MANAGE_INDEX_RATES): enables Rates tab under Administration > Financial Setup. Allows you to access and manage rates.
  • Manage Currencies (MANAGE_CURRENCIES): enables Currencies tab under Administration > Financial Setup. Allows you to manage currencies and currency related rates, such as accounting rates or exchange rates.

Access

The Access category contains the following permissions:
  • Users:
    Please Note: For security reasons, we recommend tightly controlling which users have user management permissions. For more information, see Limiting role and user management permission assignment.
    • Create Users (CREATE_USER): allows you to create new users in the system. See Creating User Accounts.
    • Edit Users (EDIT_USER): allows you to edit existing users. Does not allow you to change other users' passwords.
    • View User Details (VIEW_USER_DETAILS): allows you to view the user profile of Mambu users within this menu, including your own. Your profile is also accessible when clicking your name in the top right corner, and then clicking View Your Profile. Other users’ profile is also accessible from Activities or Transactions.
    • Delete Users (DELETE_USER): allows you to delete existing users. See Deactivating, Reactivating and Deleting User Accounts.
  • Roles:
    Please Note: For security reasons, we recommend tightly controlling which users have role management permissions. For more information, see Limiting role and user management permission assignment.
    • Create Roles (CREATE_ROLE): allows you to create new roles in the system. See Creating a new role.
    • Edit Roles (EDIT_ROLE): allows you to edit existing roles. See Editing a role.
    • View Roles (VIEW_ROLE): allows you to view the existing roles.
    • Delete Roles (DELETE_ROLE): allows you to delete existing roles. See Deleting a role.
  • Api Consumers and Keys
    • View Api Consumers and Keys (VIEW_API_CONSUMERS_AND_KEYS): enables the API Consumers tab under Administration. See API Consumers.
    • Create Api Consumers and Keys (CREATE_API_CONSUMERS_AND_KEYS): allows you to create API consumers and keys.
    • Edit Api Consumers and Keys (EDIT_API_CONSUMERS_AND_KEYS): allows you to edit API consumers and keys.
    • Delete Api Consumers and Keys (DELETE_API_CONSUMERS_AND_KEYS): allows you to delete API consumers or API keys. See API Consumers.
  • Manage Federated Authentication (MANAGE_FEDERATED_AUTHENTICATION) (only visible if Mambu is selected under Access Rights): enables you to manage users under Federated Authentication. See Managing Users under Federated Authentication.
  • Manage Access Preferences (MANAGE_ACCESS_PREFERENCES) (only visible if Mambu is selected under Access Rights): allows you to manage access preferences, such as Minimum password length or whether you want to lock users after failed logins. See Access Preferences.
Please Note
Having any permission under the Access permissions category enables the Access tab under Administration and any relevant subtabs you have access to based on the permissions granted.

Communication

The Communications category contains the following permissions:
  • Create Templates (CREATE_COMMUNICATION_TEMPLATES): enables the Templates, SMS, Email, and Webhooks tabs under Administration. Allows you to view and create communication templates for tasks, SMS, emails and webhooks.
  • Edit Templates (EDIT_COMMUNICATION_TEMPLATES): enables the Templates, SMS, Email, and Webhooks tabs under Administration. Allows you to view and create communication templates for tasks, SMS, emails and webhooks.
  • Send Manual SMS (SEND_MANUAL_SMS): Allows you to send ad-hoc, manual SMS messages to clients. See Manual SMS Notifications.
  • Send Manual Email (SEND_MANUAL_EMAIL): Allows you to send ad-hoc, manual emails to clients. See Manual Email Notifications.
  • View Communication History (VIEW_COMMUNICATION_HISTORY): allows you to view the history of all communications (via SMS, Email, Webhooks). See View Communication History.
  • Resend Failed Messages (RESEND_FAILED_MESSAGES): allows you to resend the communication messages that didn’t go through. See Resend Failed Notification Messages.

Clients

The Clients category contains the following permissions:
  • View Client Details (VIEW_CLIENT_DETAILS): allows you to access the list of clients and the individual clients’ overview screen.
  • Create Clients (CREATE_CLIENT): allows you to create new clients. See Creating Individual Clients.
  • Edit Clients (EDIT_CLIENT): allows you to make changes to the client fields, some custom field values, and notifications settings. See Editing a Client.
  • Delete Clients (DELETE_CLIENTS): allows you to delete clients, provided they don’t have open accounts, transactions, or activities. See Deleting a Client.
  • Approve Clients (APPROVE_CLIENT): allows you to change the status of a client from pending approval to approved.
  • Reject Clients (REJECT_CLIENT): allows you to reject unapproved clients.
  • Exit Clients (EXIT_CLIENT): allows you to change the status of a client to Exited.
  • Anonymize Client Data (ANONYMIZE_CLIENT): allows a user to anonymize a client's data. Only available to be assigned to a role.
  • Blacklist Clients (BLACKLIST_CLIENT): allows you to change the status of a client to Blacklisted.
  • Undo Client State Changed (UNDO_CLIENT_STATE_CHANGED): allows you to undo approval or blacklisting of clients.
  • Change Client Type (CHANGE_CLIENT_TYPE): allows you to change the type of the client, if different types of clients exist.
  • Manage Client Association (MANAGE_CLIENT_ASSOCIATION): allows you to perform Branch/Centre/Credit Officer association actions when you create or edit clients. Allows you to perform single reassign or bulk reassign actions from Clients custom view. See Assigning Clients to Credit Officers and Branches.
  • Edit Client Id (EDIT_CLIENT_ID): allows you to manually change the system-generated random client or group ID.
  • Edit Custom Field Values For Blacklisted Clients (EDIT_BLACKLISTED_CLIENT_CFV): allows you to edit custom field values for blacklisted clients.

Groups

The Groups category contains the following permissions:
  • View Group Details (VIEW_GROUP_DETAILS): allows you to access the group or company overview tab and the list of all the existing groups or companies.
  • Create Groups (CREATE_GROUP): allows you to create groups. See Create a New Group.
  • Edit Groups (EDIT_GROUP): allows you to make changes to the group or company members, basic information and custom fields.
  • Delete Groups (DELETE_GROUP): allows you to delete groups provided they don’t have open accounts, transactions, or activities. Only visible if Mambu is selected under Access Rights.
  • Change Group Type (CHANGE_GROUP_TYPE): allows you to change the group type if different group types exist.
  • Manage Group Association (MANAGE_GROUP_ASSOCIATION): allows you to perform Branch/Centre/Credit Officer association actions when you create or edit groups. Allows you to perform single reassign or bulk reassign actions from Groups custom view. See Assign Groups to Credit Officers and Branches.
  • Edit Group Id (EDIT_GROUP_ID): allows you to edit group IDs.

Credit Arrangements

The Credit Arrangements category contains the following permissions:
  • View Credit Arrangement Details (VIEW_LINE_OF_CREDIT_DETAILS): allows you to access the Credit Arrangements overview and related tabs: Schedule, Transactions. See Viewing a Credit Arrangement.
  • Create Credit Arrangements (CREATE_LINES_OF_CREDIT): allows you to create a new credit arrangement for a client. See Creating a New Credit Arrangement and Exposure Limits.
  • Edit Credit Arrangements (EDIT_LINES_OF_CREDIT): allows you to edit an existing credit arrangement. See Editing a Credit Arrangement.
  • Approve Credit Arrangements (APPROVE_LINE_OF_CREDIT): allows you to approve credit arrangements that are in Pending Approval state.
  • Undo Approve Credit Arrangements (UNDO_APPROVE_LINE_OF_CREDIT): allows you to undo approval of a credit arrangement.
  • Withdraw Credit Arrangements (WITHDRAW_LINE_OF_CREDIT): allows you to withdraw a credit arrangement that hasn’t been approved yet.
  • Undo Withdraw Credit Arrangements (UNDO_WITHDRAW_LINE_OF_CREDIT): allows you to undo the withdrawal of a credit arrangement.
  • Reject Credit Arrangements (REJECT_LINE_OF_CREDIT): allows you to reject a credit arrangement that hasn’t been approved yet.
  • Undo Reject Credit Arrangements (UNDO_REJECT_LINE_OF_CREDIT): allows you to undo the rejection of a credit arrangement.
  • Add Accounts to Credit Arrangements (ADD_ACCOUNTS_TO_LINE_OF_CREDIT): allows you to add a new account to an existing credit arrangement. See Adding Accounts to a Credit Arrangement.
  • Remove Accounts from Credit Arrangement (REMOTE_ACCOUNTS_FROM_LINE_OF_CREDIT): allows you to remove an account from a credit arrangement. See Removing Accounts from a Credit Arrangement.
  • Close Credit Arrangements (CLOSE_LINES_OF_CREDIT): allows you to close an existing credit arrangement. See Closing a Credit Arrangement.
  • Delete Credit Arrangements (DELETE_LINES_OF_CREDIT): allows you to delete a credit arrangement. See Deleting a Credit Arrangement.

Loan Accounts

The Loan Accounts category contains the following permissions:
  • View Loan Account Details (VIEW_LOAN_ACCOUNT_DETAILS): allows you to access the list of loan accounts and the accounts’ overview screen.
  • Create Loan Accounts (CREATE_LOAN_ACCOUNT): allows you to create a new loan account. See Creating a New Loan Account.
  • Edit Loan Accounts (EDIT_LOAN_ACCOUNT): allows you to change existing loan accounts, rename and add some custom field definitions, and change account parameters for unapproved loans. See Editing a Loan.
  • Delete Loan Accounts (DELETE_LOAN_ACCOUNT): allows you to delete loan accounts, provided they don’t have transactions or activities.
  • Enter Repayments (ENTER_REPAYMENT): allows you to enter payments. See Processing Loan Repayments.
  • Edit Repayment Schedule (EDIT_REPAYMENT_SCHEDULE): for fixed products that have this setting enabled at product level, it allows you to edit items on the loan schedule. See Editing Repayment Schedule.
  • Approve Accounts (APPROVE_LOANS): allows you to approve loans that are in Pending Approval state. See Approving a Loan Account.
  • Request Loan Approval (REQUEST_LOAN_APPROVAL): submitting for approval loans that are in Partial Application state.
  • Disburse Loans (DIBURSE_LOANS): allows you to disburse loans that are in Approved state. See Disbursing a loan.
  • Withdraw Loan Accounts (WITHDRAW_LOAN_ACCOUNTS): allows you to withdraw a loan account that hasn’t been disbursed yet. See Withdrawing a Loan.
  • Undo Withdraw Loan Accounts (UNDO_WITHDRAW_LOAN_ACCOUNTS): allows you to undo a withdrawal of a loan account. See Undoing a Loan Withdrawal.
  • Set Loan Incomplete (SET_LOAN_INCOMPLETE): allows you to undo submitting a loan for approval by changing the account’s state from Pending Approval to Partial Application. Only visible if Mambu is selected under Access Rights.
  • Reject Loan Accounts (REJECT_LOANS): allows you to reject loan accounts that are in Pending Approval or Partial Application state. See Rejecting a Loan Account.
  • Undo Reject Loan Accounts (UNDO_REJECT_LOANS): allows you to undo a rejection of a loan account. See Undoing a Loan Rejection.
  • Close Repaid Loan Accounts (CLOSE_LOAN_ACCOUNTS): allows you to close accounts that have been fully repaid. See Closing a Loan.
  • Write Off Loan Accounts (WRITE_OFF_LOAN_ACCOUNTS): allows you to write off a loan account that has pending balance. See Writing-off a Loan.
  • Terminate Loan Accounts (TERMINATE_LOAN_ACCOUNTS): allows you to terminate loan accounts. See Terminating a Loan. Only visible if Mambu is selected under Access Rights.
  • Pay Off Loan Accounts (PAY_OFF_LOAN): allows you to completely settle a loan account. See Paying-off a Loan.
  • Undo Close (UNDO_LOAN_ACCOUNT_CLOSURE): allows you to undo non-write off loan closures.
  • Undo Write Off (REVERSE_LOAN_ACCOUNT_WRITE_OFF): allows you to undo the write off of a loan account. See Undoing a Write-off.
  • Refinance Loan Account (REFINANCE_LOAN_ACCOUNT): allows you to refinance a loan. See Rescheduling and Refinancing Loans.
  • Reschedule Loan Account (RESCHEDULE_LOAN_ACCOUNT): allows you to reschedule a loan. See Rescheduling and Refinancing Loans.
  • Apply Accrued Interest (APPLY_ACCRUED_LOAN_INTEREST): allows you to charge the interest accrued to date (if applicable). See Interest Calculation Methods in Loans.
  • Apply Loan Account Fees (APPLY_LOAN_FEES): allows you to charge manual fees to the account. See Applying and Reversing Fees and Penalties.
  • Apply Loan Adjustments (APPLY_LOAN_ADJUSTMENTS): allows you to adjust financial transactions, meaning transactions that involve an amount. Furthermore, this permission is granted implicitly with the Bulk Loan Corrections permission, meaning if you have the Bulk Loan Corrections permission, then you will also have the Apply Loan Adjustments permission by default.
  • Backdate Loan Transactions (BACKDATE_LOAN_TRANSACTIONS): allows you to post transactions with a past date.
  • Set Settlement Accounts (LINK_ACCOUNTS): allows you to set a settlement deposit account for a loan account.
  • Collect Securities (COLLECT_GUARANTIES): when a loan is written off, this permission allows collection of secured amounts from the Mambu savings account. See Collecting Securities. Only visible if Mambu is selected under Access Rights.
  • View Securities Details (VIEW_SECURITIES_DETAILS): enables access to the Security tab for loan accounts. Allows you to view securities.
  • Create Securities (CREATE_SECURITIES): enables access to the Security tab for loan accounts. Allows you to create securities.
  • Edit Securities (EDIT_SECURITIES): enables access to the Security tab for loan accounts. Allows you to edit securities.
  • Delete Securities (DELETE_SECURITIES): enables access to the Security tab for loan accounts. Allows you to remove securities.
  • Lock Loan Accounts (LOCK_LOAN_ACCOUNTS): allows you to set an account to Locked status in which no automated transactions are posted to the account. See Locking Loans.
  • Post Transactions on Locked Accounts (POST_TRANSACTIONS_ON_LOCKED_LOAN_ACCOUNTS): allows you to post repayments and fees into locked accounts.
  • Edit Loan Tranches (EDIT_LOAN_TRANCHES): allows you to modify the tranches of an existing loan account.
  • Edit Penalty Rate (EDIT_PENALTY_RATE): allows you to change the penalty rate of an existing loan account. See Loan Penalties Setup.
  • Set Disbursement Conditions (SET_DISBURSEMENT_CONDITIONS): allows you to define disbursement conditions when entering a loan application and overriding them when disbursing the account.
  • Edit Loan Transactions (EDIT_LOAN_TRANSACTIONS): allows you to edit custom field values on loan transactions that are already posted.
  • Bulk Loan Corrections (BULK_LOAN_CORRECTIONS): allows you to backdate or reverse transactions on loan accounts. See Adjusting Transactions in Bulk.
  • Edit Interest Rate (EDIT_INTEREST_RATE): allows you to edit the interest rate on active loan accounts. See Change Interest Rate.
  • Edit Repayment Method Value (EDIT_REPAYMENT_METHOD_VALUE): allows you to change monthly payment due (or minimum monthly payment due) value shown in the schedule on Revolving loan accounts. See Editing payment due in the schedule
  • Edit Periodic Payment for Active Accounts (EDIT_PERIODIC_PAYMENT_FOR_ACTIVE_ACCOUNT): allows you to change periodic payments for active accounts.
  • Edit Principal Payment for Active Revolving Credit (EDIT_PRINCIPAL_PAYMENT_ACTIVE_REVOLVING_CREDIT): edit principal payment amount on active Revolving Credit loan accounts.
  • Perform Repayments with Custom Amounts Allocation (PERFORM_REPAYMENTS_WITH_CUSTOM_AMOUNTS_ALLOCATION): allows you to make repayments with a custom allocation of the repaid amount. See Enter a Custom Repayment.
  • Manage Loan Association (MANAGE_LOAN_ASSOCIATION): allows you to associate a loan account to a specific branch. See Loan Association.
  • Make Withdrawal Redraw (MAKE_WITHDRAWAL_REDRAW): allows you to withdraw from a redraw balance. See our API Reference.

Deposit Accounts

The Deposit Accounts category contains the following permissions:
  • View Deposit Account Details (VIEW_SAVINGS_ACCOUNT_DETAILS): allows you to access the list of deposit accounts and the accounts’ overview screen.
  • Create Deposit Accounts (CREATE_SAVINGS_ACCOUNT): allows you to create new deposit accounts. See Creating a Deposit Account.
  • Edit Deposit Accounts (EDIT_SAVINGS_ACCOUNT): allows you to edit existing accounts. See Editing Accounts.
  • Delete Deposit Accounts (DELETE_SAVINGS_ACCOUNT): allows you to delete a deposit account with no transactions. See Deleting Accounts.
  • Make Deposit (MAKE_DEPOSIT): allows you to post a deposit transaction. See Enter a Deposit.
  • Make Withdrawal (MAKE_WITHDRAWAL): allows you to post a withdrawal transaction. See Make Withdrawals.
  • Make Early Withdrawals (MAKE_EARLY_WITHDRAWALS): allows you to make a withdrawal before the maturity date is reached. See Early Withdrawals in Fixed Deposits.
  • Approve Deposit Account (APPROVE_SAVINGS): allows you to approve deposit accounts that are in Pending Approval state. See Approving a Deposit Account Application.
  • Activate Maturity (ACTIVATE_MATURITY): allows you to set a maturity date for fixed deposit account or savings plan, if applicable. See Setting up a Maturity Period.
  • Close Deposit Accounts (CLOSE_SAVINGS_ACCOUNTS): allows you to close a deposit account with zero balance. It also allows you to write off overdraft accounts with overdraft balance. See Closing Accounts.
  • Apply Deposit Account Fees (APPLY_SAVINGS_FEES): allows you to charge manual fees to deposit accounts. See Applying Fees.
  • Re-open Deposit Accounts (REOPEN_SAVINGS_ACCOUNT): allows you to reopen closed deposit accounts. See Re-opening a Deposit Account.
  • Apply Deposit Account Adjustments (APPLY_SAVINGS_ADJUSTMENTS): allows you to reverse deposit accounts transactions and to undo approval. This is currently an API only feature.
  • Lock Deposit Account (LOCK_SAVINGS_ACCOUNT): allows you to set an account to Locked status in which no automated transactions are posted to the account. See Locking and Unlocking Accounts.
  • Unlock Deposit Account (UNLOCK_SAVINGS_ACCOUNT): allows you to unlock a deposit account. See Locking and Unlocking Accounts.
  • Undo Write Off (REVERSE_SAVINGS_ACCOUNT_WRITE_OFF): allows you to undo the write off of a deposit account. Only visible if Mambu is selected under Access Rights.
  • Backdate Deposit Transactions (BACKDATE_SAVINGS_TRANSACTIONS): allows you to post transactions with a date in the past. See Backdating Deposits and Withdrawals.
  • Make Intra-clients Transfers (MAKE_TRANSFER): allows you to post transfer transactions from a deposit account to another deposit or loan account belonging to the same client. See Make Transfers.
  • Make Inter-clients Transfers (MAKE_INTER_CLIENTS_TRANSFERS): allows you to post transfer transactions from a deposit account to deposit or loan accounts belonging to different clients. See Make Transfers.
  • Post Transactions on Dormant Accounts POST_TRANSACTIONS_ON_DORMANT_ACCOUNTS: allows you to post transactions on accounts that are dormant, meaning they have been inactive for a number of days defined in the initial setup.
  • Apply Accrued Interest (APPLY_ACCRUED_SAVINGS_INTEREST): allows you to charge the interest accrued to date.
  • Edit Deposit Transactions (EDIT_SAVINGS_TRANSACTIONS): allows you to edit custom field values on deposit transactions that are already posted.
  • Bulk Deposit Corrections (BULK_DEPOSIT_CORRECTIONS): allows you to backdate or reverse transactions on deposit accounts.
  • Undo Maturity (UNDO_MATURITY): allows you to undo the maturity date for fixed deposit and savings plan accounts, if applicable.
  • Block and Seize Funds (BLOCK_AND_SEIZE_FUNDS): allows you to block funds from deposit accounts.
  • Withdraw Blocked Funds (WITHDRAW_BLOCKED_FUNDS): allows you to make transfers and withdrawals of blocked funds. Only available to be assigned to a role.

Cards

The Cards category is only available for roles and contains the following permissions:
  • Create Cards (CREATE_CARDS): allows you to create cards.
  • View Cards (VIEW_CARDS): allows you to view cards.
  • Delete Cards (DELETE_CARDS): allows you to delete cards.
  • Reverse Card Transactions (REVERSE_CARD_WITHDRAWAL_TRANSACTION): allows you to reverse card transactions.
  • View Card Account Balances (CARD_BALANCE_INQUIRY): allows you to view card account balances.

Authorization Holds (via Card Token)

  • Create Authorization Holds (CREATE_AUTHORIZATION_HOLDS): allows you to create authorization holds via card tokens using API v2.
  • Edit Authorization Holds (EDIT_AUTHORIZATION_HOLDS): allows you to edit authorization holds via card tokens using API v2.
  • View Authorization Holds (VIEW_AUTHORIZATION_HOLDS): allows you to view authorization holds via card tokens using API v2.
  • Create Card Transactions (CREATE_CARD_TRANSACTIONS): allows you to create card transactions via API v2.

Holds (via Account Id)

  • Create Holds (CREATE_HOLDS): allows you to create transaction holds on active deposit accounts.
  • Edit Account Holds (EDIT_HOLDS): allows you to edit transaction holds on active deposit accounts.

Documents

The Documents category contains the following permissions:
  • View Documents (VIEW_DOCUMENTS): allows you to view any attachment across Mambu.
  • Create Documents (CREATE_DOCUMENTS): allows you to add and attach new files. See Creating a Document.
  • Edit Documents (EDIT_DOCUMENTS): allows you to edit attached files.
  • Delete Documents (DELETE_DOCUMENTS): allows you to delete attached files.

Tasks

The Tasks category contains the following permissions:

Reporting

The Reporting category contains the following permissions:
  • View Historical Data (VIEW_INTELLIGENCE): allows you to view historical data.
  • View Reports (VIEW_REPORTS): allows you to view dashboard indicators and reports under reporting. See Accessing, Managing and Generating Reports. Only visible if Mambu is selected under Access Rights.
  • Create Reports (CREATE_REPORTS): allows you to add indicator reports. See Create a New Indicator Report. Only visible if Mambu is selected under Access Rights.
  • Edit Reports (EDIT_REPORTS): allows you to edit indicator reports. See Edit Indicator Reports. Only visible if Mambu is selected under Access Rights.
  • Delete Reports (DELETE_REPORTS): allows you to delete indicator reports. See Delete Indicator Reports. Only visible if Mambu is selected under Access Rights.

Accounting

The Accounting category contains the following permissions:
  • Accounting Rates
    • View Accounting Rates (VIEW_ACCOUNTING_RATES): allows you to view accounting rates.
    • Create Accounting Rates (CREATE_ACCOUNTING_RATES): allows you to create accounting rates via the UI or API.
  • Manage Chart of Accounts (MANAGE_ACCOUNTS): allows you to create and edit General Ledger accounts. Only visible if Mambu is selected under Access Rights.
  • Log Journal Entries (LOG_JOURNAL_ENTRIES): allows you to create and post journal entries.
  • View Accounting Reports (VIEW_ACCOUNTING_REPORTS): allows you to view, generate, and print accounting reports. See Accounting Reports.
  • Make Accounting Closures (MAKE_ACCOUNTING_CLOSURE): allows you to make periodical closures. See Accounting Closures. Only visible if Mambu is selected under Access Rights.
  • Delete Accounting Closures (APPLY_ACCOUNTING_ADJUSTMENTS): allows you to edit or delete accounting closures. Only visible if Mambu is selected under Access Rights.
  • Booking Date Loans Journal Entries (BOOKING_DATE_LOANS_GL): allows you to select the journal entry booking date of a given loan transaction.
  • Booking Date Deposits Journal Entries (BOOKING_DATE_SAVINGS_GL): allows you to select the journal entry booking date of a given deposit transaction.
  • Rectify Adjustment After Accounting Closures (RECTIFY_ADJUSTMENT): allows you to rectify and adjust a transaction after an account closure, by allowing a booking date input after the accounting closure.
  • Manage Inter-branch Gl Account Rules (MANAGE_INTERBRANCH_GLACCOUNT_RULES): allows you to make changes to this section. For more details please check this article.

Tellering

The Tellering category is only visible if **Mambu** is selected under **Access Rights** and contains the following permissions:
  • Open Till (OPEN_TILL): permission normally granted to a supervisor or vault teller. Allows opening a till for a regular teller. See Opening a Till.
  • Close Till (CLOSE_TILL): permission normally granted to a supervisor or vault teller. Allows closing a till for a regular teller. See Closing a Till.
  • Add Cash (ADD_CASH): allows you to post repayments or deposits. See Processing Loan Repayments and Entering Deposits.
  • Remove Cash (REMOVE_CASH): allows you to post disbursements or withdrawals. See Disbursing a Loan or Making Withdrawals.
  • Post Transaction without a Till (POST_TRANSACTIONS_WITHOUT_OPENED_TILL): allows you to post repayments, deposits, disbursements, and withdrawals without a till.
  • View Background Tasks (VIEW_BACKGROUND_TASKS): allows teller users to carry out actions that involve background tasks. Not necessary for any other type of user. Actions that require background tasks include managing deposit and loan accounts, updating general ledger (GL) account closures, and generating balance sheet report. See Tellering permissions.

Funds

The Funds permission enables access to the Funding tab for Loans and Investment Deposit Accounts. It allows you to manage funding sources.
  • View Funds Details (VIEW_INVESTOR_FUNDS_DETAILS): allows you to view all loans funded by an investor's account with the breakdown for each, indicating the original invested amounts, the remaining funds to be collected and the interest earned on that account. See Funding Sources - P2P Lending.
  • Create Funds (CREATE_INVESTOR_FUNDS): allows you to create "Funding account"-type deposit products and the related funding deposit accounts for each investor. See Funding Sources - P2P Lending.
  • Edit Funds (EDIT_INVESTOR_FUNDS): allows you to edit "Funding account"-type deposit products and the related funding deposit accounts for each investor.
  • Delete Funds (DELETE_INVESTOR_FUNDS): allows you to delete "Funding account"-type deposit products and the related funding deposit accounts for each investor.
  • Sell Loan Fraction (SELL_LOAN_FRACTION): allows you to sell loan fractions, allowing a loan funder to sell a portion of the loan (or fraction) to a different funder. See Secondary Marketplace for Peer-to-Peer Loans - Selling a Loan Fraction Share.

Events Streaming

The Events Streaming category contains the following permissions:
  • Manage Events Streaming (MANAGE_EVENTS_STREAMING): allows you to view and work with Events Streaming. For more information, see How to Use Event Streaming. Only visible if Mambu is selected under Access Rights.

Mambu Functions

Mambu Functions permissions enables access to Mambu Functions management APIs. Only visible if Mambu Functions feature is enabled.
  • View Mambu Functions (VIEW_MAMBU_FUNCTIONS): allows to list all deployed Mambu Functions as well as get details of a single function and all its related resources.
  • Create Mambu Functions (CREATE_MAMBU_FUNCTIONS): allows you to create new Mambu Functions and their related resources.
  • Edit Mambu Functions (EDIT_MAMBU_FUNCTIONS): allows you to edit existing Mambu Functions and their related resources.
  • Delete Mambu Functions (DELETE_MAMBU_FUNCTIONS): allows you to delete existing Mambu Functions and their related resources

Particular actions that depend on permission combinations

There are certain actions that a user can perform in Mambu without having a specific permission in place for them, they depend upon other permissions or user types.

  • Only administrators can create Views which are available for other users.
  • Users can change their own password but only administrators can change other users' passwords.
  • Only the user who created a task can edit it.
  • In order to view loan and deposit accounts you will need the view client permission in addition to view permissions for the type of account you want to view.
  • To carry out transfer transactions, users need to also have the “Enter Repayments” or “Make Deposit” permission (if the transfer is meant to become a repayment in a loan account or a deposit in a savings account).
  • For rescheduling loans, users also need the “Create Loan” permission.
  • To revert a certain type of transaction, besides the "Apply Loan/Deposit product adjustments", the user requires the permission to post that type of transaction. For example, to revert a repayment, the user must have the "Enter Repayments" permission as well.
  • To change the Loan's Account branch, you need the "Manage Loan Association" permission, which is disabled by default. Without this permission, the branch box from the Create Loan Account form and the Edit Loan Account form will be read-only and you won’t be able to change the branch.
Was this article helpful?
What's Next
Mambu
Documentation
Links
Existing Users
Connect With Us
Support
Copyright © 2023 Mambu B.V. All Rights Reserved