Account Management v2

User access management in RiskOS™ (v2): the new account architecture with use-case scoping and per-environment roles.

User access management (UAM) lets administrators control who can access an account and what they can do — whether you manage your own account or client accounts as a Channel Partner. Every account has its own users, roles, and environment configurations, so a well-designed access model ensures each team member has the permissions they need and nothing more.

📘

Applies to:

Channel Partners, their client accounts, and direct customers. The v2 model — custom roles, roles assigned per environment, and access scoped to use cases — works the same way in each environment.


Users, Use Cases, Roles, Permissions

User access management is built on a few related concepts:

graph TD
    U["User"]
    U --> UC["Use Case"]
    UC --> R["Role"]
    R --> E["Environment"]
    E --> SB["Sandbox"]
    E --> PR["Production"]
    R --> P["Permissions"]
  1. A user is a person with a name, email, and optional phone number.
  2. Each user is assigned to one or more use cases — the business scenarios (for example, KYC, fraud detection) the user works with.
  3. For each use case, the user is assigned one or more roles. Roles can be system-defined (built into RiskOS™) or custom (created by your organization).
  4. You can toggle each role independently for Sandbox and Production environments. A user can have broad access in Sandbox for testing and restricted access in Production.
  5. Each role grants permissions across eight categories, each set to No Access, View Only, or Full Access.

Sandbox and Production environments

RiskOS™ maintains completely separate user and role configurations for Sandbox and Production:

AspectBehavior
User listsThe Users page shows a different list depending on whether you select Sandbox or Production.
Role assignmentsA user can have different roles in each environment. For example, full workflow access in Sandbox but view-only in Production.
IndependenceChanges to Sandbox roles do not affect Production roles, and vice versa.
⚠️

Important:

Always verify which environment you are viewing before making user or role changes. The environment selector at the top of the Users page controls which list you see.

Permission categories

Roles grant access through eight permission categories. You can set each category to one of three levels:

Permission CategoryNo AccessView OnlyFull Access
RolesCannot see rolesCan view rolesCan create, edit, and delete roles
UsersCannot see usersCan view usersCan create, edit, and delete users
Batch JobsCannot see batch jobsCan view batch jobsCan create and manage batch jobs
DocumentationNo access to docsCan view documentationFull documentation access
PII AccessNo PII visibilityCan view PII dataFull PII access
ReportsCannot see reportsCan view reportsCan create, edit, and delete reports
Custom File UploadsCannot upload filesCan view uploadsCan upload and manage files
WorkflowsCannot see workflowsCan view workflowsCan create, edit, test, and deploy workflows

System Defined Roles

RiskOS™ provides system-defined roles as pre-built starting points for common permission sets. System-defined roles:

  • Cover common access patterns out of the box.
  • Cannot be edited or deleted.
  • Cannot be inspected in an edit view — to understand what one grants, compare user behavior against the permission categories above.

Use system-defined roles as baselines before creating custom roles. For the full list of role types and how they appear in the Roles tab, see Roles & Permissions.


Custom Roles

When a system-defined role does not fit your needs, create a custom role with permissions tailored to a specific job function. Custom roles:

  • Are created by your organization.
  • Let you set each of the eight permission categories independently (No Access, View Only, or Full Access).
  • Can be edited and deleted.

To create, edit, or delete a custom role, see Roles & Permissions.


Add and Manage Users

Add users to an account, then assign each one the use cases and roles they need — separately for Sandbox and Production.

  • Add a user — enter the user's details, select their use cases, and assign roles per environment. See Manage Users.
  • Edit or delete a user — update a user's details or roles, or remove their access. See Manage Users.
  • Assign roles per environment — give a user different roles in Sandbox and Production. See Assign Roles.

In this section

TaskArticleEstimated time
Create, edit, or delete a user accountManage Users5–10 minutes per user
View permission categories, create or delete custom rolesRoles & Permissions5–15 minutes per role
Assign or change a user's roles per environmentAssign Roles5 minutes per user
Review access governance guidelines and audit checklistsAccess Governance Best Practices15–30 minutes (initial review)

Did this page help you?