Account Management v2
User access management in RiskOS™ (v2): the new account architecture with use-case scoping and per-environment roles.
User access management (UAM) lets administrators control who can access an account and what they can do — whether you manage your own account or client accounts as a Channel Partner. Every account has its own users, roles, and environment configurations, so a well-designed access model ensures each team member has the permissions they need and nothing more.
Applies to:
Channel Partners, their client accounts, and direct customers. The v2 model — custom roles, roles assigned per environment, and access scoped to use cases — works the same way in each environment.
Users, Use Cases, Roles, Permissions
User access management is built on a few related concepts:
graph TD
U["User"]
U --> UC["Use Case"]
UC --> R["Role"]
R --> E["Environment"]
E --> SB["Sandbox"]
E --> PR["Production"]
R --> P["Permissions"]
- A user is a person with a name, email, and optional phone number.
- Each user is assigned to one or more use cases — the business scenarios (for example, KYC, fraud detection) the user works with.
- For each use case, the user is assigned one or more roles. Roles can be system-defined (built into RiskOS™) or custom (created by your organization).
- You can toggle each role independently for Sandbox and Production environments. A user can have broad access in Sandbox for testing and restricted access in Production.
- Each role grants permissions across eight categories, each set to No Access, View Only, or Full Access.
Sandbox and Production environments
RiskOS™ maintains completely separate user and role configurations for Sandbox and Production:
| Aspect | Behavior |
|---|---|
| User lists | The Users page shows a different list depending on whether you select Sandbox or Production. |
| Role assignments | A user can have different roles in each environment. For example, full workflow access in Sandbox but view-only in Production. |
| Independence | Changes to Sandbox roles do not affect Production roles, and vice versa. |
Important:
Always verify which environment you are viewing before making user or role changes. The environment selector at the top of the Users page controls which list you see.
Permission categories
Roles grant access through eight permission categories. You can set each category to one of three levels:
| Permission Category | No Access | View Only | Full Access |
|---|---|---|---|
| Roles | Cannot see roles | Can view roles | Can create, edit, and delete roles |
| Users | Cannot see users | Can view users | Can create, edit, and delete users |
| Batch Jobs | Cannot see batch jobs | Can view batch jobs | Can create and manage batch jobs |
| Documentation | No access to docs | Can view documentation | Full documentation access |
| PII Access | No PII visibility | Can view PII data | Full PII access |
| Reports | Cannot see reports | Can view reports | Can create, edit, and delete reports |
| Custom File Uploads | Cannot upload files | Can view uploads | Can upload and manage files |
| Workflows | Cannot see workflows | Can view workflows | Can create, edit, test, and deploy workflows |
System Defined Roles
RiskOS™ provides system-defined roles as pre-built starting points for common permission sets. System-defined roles:
- Cover common access patterns out of the box.
- Cannot be edited or deleted.
- Cannot be inspected in an edit view — to understand what one grants, compare user behavior against the permission categories above.
Use system-defined roles as baselines before creating custom roles. For the full list of role types and how they appear in the Roles tab, see Roles & Permissions.
Custom Roles
When a system-defined role does not fit your needs, create a custom role with permissions tailored to a specific job function. Custom roles:
- Are created by your organization.
- Let you set each of the eight permission categories independently (No Access, View Only, or Full Access).
- Can be edited and deleted.
To create, edit, or delete a custom role, see Roles & Permissions.
Add and Manage Users
Add users to an account, then assign each one the use cases and roles they need — separately for Sandbox and Production.
- Add a user — enter the user's details, select their use cases, and assign roles per environment. See Manage Users.
- Edit or delete a user — update a user's details or roles, or remove their access. See Manage Users.
- Assign roles per environment — give a user different roles in Sandbox and Production. See Assign Roles.
In this section
| Task | Article | Estimated time |
|---|---|---|
| Create, edit, or delete a user account | Manage Users | 5–10 minutes per user |
| View permission categories, create or delete custom roles | Roles & Permissions | 5–15 minutes per role |
| Assign or change a user's roles per environment | Assign Roles | 5 minutes per user |
| Review access governance guidelines and audit checklists | Access Governance Best Practices | 15–30 minutes (initial review) |
Updated about 1 month ago

