Role-based Access Control
Contour adopts Role Based Access Control (RBAC). Access to the system is provisioned through
- A user (i.e. an account) will only have access to the system if they are assigned with at least one (1) Active role in the system. Otherwise, the user won't have access to the system.
- A user's (i.e. an account) accesses to the system are determined by the Active roles that they are assigned with.
- A user can be assigned with multiple roles, which will give the user accesses under all those roles. E.g. a user can be assigned with
Checkerrole. Then, this user have both draft and verify access for a transaction.
- A user can also be assigned a mix of administrator as well as business roles. For example, a user can be assigned with an Identity Administrator, Node Administrator, as well as a
Makerrole. Then, this user will be able to administrate the node, an identity, as well as draft transactions in the identity.
Contour system-defined roles for administrators
Every node has one Node Administrator role. For Self Managed members, this role will performed by staff of the member company. For Contour Cloud members, the Contour Operations staff will adminster the node.
Every identity in the node has a corresponding Identity Administrator role. This role will be performed by staff of the member company.
|Node admin||System Administrators, for IT Administrators to set up the Contour system.||Refer here||Functions assigned are fixed, cannot be edited.|
|Identity admin||User Administrators, for managers/leads to manage user access based on business needs.||Refer here||Functions assigned are fixed, cannot be edited.|
Built-In business roles for Contour Cloud members
On Contour Cloud, these common roles will be already setup and available in each identity.
Your identity administrators remain in full control to update or deactivate these roles.
|checker||Verify transaction drafted by Maker||
|approver||Approve Transaction verified by Checker||