Skip to content

Role-based Access Control

Contour adopts Role Based Access Control (RBAC). Access to the system is provisioned through Roles.

  • A user (i.e. an account) will only have access to the system if they are assigned with at least one (1) Active role in the system. Otherwise, the user won't have access to the system.
  • A user's (i.e. an account) accesses to the system are determined by the Active roles that they are assigned with.
  • A user can be assigned with multiple roles, which will give the user accesses under all those roles. E.g. a user can be assigned with Maker and Checker role. Then, this user have both draft and verify access for a transaction.

The Roles in the system are managed by your company Contour system administrators. They are in full control to create, update or deactivate roles to suit the company and business needs, with reference to Role Administration Guides.

Contour Cloud Built-In Roles

On Contour Cloud, five (5) common roles have been built-in and ready for customers.

While your company Contour system administrators remain in full control to create/update/deactivate these roles.

Role Name Description Accesses Known Limitation (if any)
superadmin System Administrators, for IT Administrators to set up the Contour system.
  • Create/Edit/Deactivate Role
  • Create/Edit/Deactivate User
  • (Bank only) Authorize Client
  • Enable/Disable MFA
  • Enable/Disable SSO
  • Access/Download Security Audit Trail reports
  1. This role and access level are fixed, cannot be edited.
  2. A user with superadmin role cannot be assigned with other roles, e.g. maker/checker/approver
admin User Administrators, for managers/leads to manage user access based on business needs.
  • Create/Edit/Deactivate Role
  • Create/Edit/Deactivate User
  • (Bank only) Authorize Client
  • Assigned with maker/checker/approver roles and with ability to perform LC execution
    maker Draft transaction
    • View Transactions
    • Draft new Transaction
    • Update Transaction rejected by checker/approver
    checker Verify transaction drafted by Maker
    • View Transactions
    • Verify/Reject Transaction drafted by Maker
    approver Approve Transaction verified by Checker
    • View Transactions
    • Approve/Reject Transaction verified by Checker

    Self-managed Nodes

    For self-managed nodes, only the System Administrators role is created by default.

    While during the node installation, you can define more roles to be bootstrapped, with reference to Deployment Guide

    Role Description Accesses
    superadmin System Administrators, for IT Administrators to set up the Contour system.
    • Create/Edit/Deactivate Role
    • Create/Edit/Deactivate User
    • (Bank only) Authorize Client
    • Enable/Disable MFA
    • Enable/Disable SSO
    • Access/Download Security Audit Trail reports