Roles & Access Model
Platform access is governed by role-based access control (RBAC). Each role grants the minimum permissions needed to perform its function.
| Role | Responsibilities |
|---|---|
| End user | The individual customer. Interacts with the platform through the mobile application only. No access to internal systems. |
| Customer support agent | Responds to user enquiries, initiates disputes, and performs identity-verified account actions on a user's behalf. Cannot access raw KYC documents or sensitive card data. |
| Compliance analyst | Reviews KYC cases, investigates transaction monitoring alerts, and files regulatory reports. Has read-access to PII within scope of an open case. |
| Risk analyst | Monitors behavioural alerts, tunes rules, and manages user risk tiers within policy. |
| Operations engineer | Monitors platform health, triages incidents, and coordinates with partner operations teams. |
| Engineer | Builds and operates services. Production access is read-only by default; write access is granted just-in-time with approval and audit. |
| Finance operator | Manages reconciliation, settlements, fees, and financial reporting. |
| Administrator | A small, restricted group with elevated configuration rights. All administrator actions are logged and reviewed. |