Dashboard access can be managed via two mechanisms - group sections and group permissions.

Sections

Sections are a high-level way to classify groups and their access level and help manage notifications.

A group can belong to one of two sections - either User section or Admin section.

  • User section groups can access the end-user facing apps such as the web or mobile app. Blocked from accessing the Admin Dashboard.

  • Admin section groups can access the admin facing Admin Dashboard.

Groups also have more granular permissions that further control their access and abilities - for example, the support group is an admin-section group, but has reduced admin permissions compared to the main admin group.

Group permissions

Rehive offers two sets of permissions on a group - admin and user.

  • Admin permissions dictate what actions a user can take and what information they can access in the admin API and through the Dashboard. Admin permissions give users the ability to do actions on other users.

  • User permissions dictate what actions a user can take and what info they can access on their own user.

The admin group has all admin and user permissions by default. Any group created through the Dashboard has all user permissions by default.

Available permissions

All permissions have 4 possible actions that can be performed on a resource. A resource is any defined object in Rehive such as a transaction, account, user etc.

View - is allowed to view this resource

Add* - is allowed to add/create this resource.

Change* - is allowed to edit this resource.

Delete** - is allowed to delete this resource.

*Add and change are not available for all resources.

**Delete is disabled or limited for several resources, but some have an archive option.

Admin permissions are available for the following resources:

Resource

Description

Access control rule

Can view, add, change or delete access control rules on the project.

Account definition

Can view, add, change or delete* account definitions on the project.

Account

Can view, add, change or delete* all user accounts and standalone accounts on the project.

Address

Can view, add, change or delete all addresses on all users.

Bank account

Can view, add, change or delete all external user bank accounts added to a user, on all users.

Currency

Can view, add, change or delete* currencies on the project.

Company

Can view, change or delete values on the company object, such as company info, company settings, and company bank accounts.

Crypto account

Can view, add, change or delete all external user crypto accounts added to a user, on all users.

Device

Can view, add, change or delete all external devices added to a user, on all users. Devices on a user are used for push notifications.

Document

Can view, add, change or delete all external user documents uploaded to a user, on all users.

Email

Can view, add, change or delete** email addresses on all users.

Group

Can view, add, change or delete* groups on the project. Cannot delete admin or service groups. Can also edit all group resources such as tiers, fees, limits, subtype controls, users and permissions for the group.

Legal term

Can view, add, change or delete legal terms for the project. Legal terms refer to privacy policies, terms and conditions etc. which end-users need to accept.

MFA

Can view, add, change or delete access to creating multi-factor authenticators on all users.

MFA rule

Can view, add, change or delete rules that can be applied to challenge users for MFA.

Mobile

Can view, add, change or delete** all mobile numbers added to a user, on all users.

Notification

Can view or change platform notifications on the project.

Request

Can view request logs on the project.

Service

Can view, add, change or delete an extension on the project. Can only delete extensions they added.

Token

Can view, add, change or delete API tokens for any user.

Transaction

Can view, add, change or delete* any transaction on the project. Also allowed to create transaction collections. Also allowed to create transaction messages.

Transaction subtypes

Can view, add, change or delete* any subtype on the project.

User

Can view, add, change or delete* any user on the project.

Webhook

Can view, add, change or delete all webhooks on the project.

*Delete not available, only archive.

**Primary one cannot be deleted.

User permissions are available for the following resources:

Resource

Description

Account definition

Can view account definitions.

Account

Can view, add or change user accounts and standalone accounts. Users can only add an account if it is available to the group via an account definition.

Address

Can view, add, change or delete addresses on themselves.

Bank account

Can view, add, change or delete external user bank accounts added to themselves.

Currency

Can view currencies on the project.

Company

Can view values on the company object, such as company info and company bank accounts.

Crypto account

Can view, add, change or delete external user crypto accounts added to themselves.

Device

Can view, add, change or delete external devices on themselves. Devices on a user are used for push notifications.

Document

Can view or add external user documents uploaded to themselves.

Email

Can view, add or delete** email addresses on themselves.

Group

Can view the group they are in.

Legal term

Can view or change (accept/decline) legal terms that apply to their group.

MFA

Can view, add, change or delete MFA on themselves.

Mobile

Can view or add or delete** mobile numbers on themselves.

Token

Can view, add, change or delete tokens on themselves.

Transaction

Can view or add transactions on themselves. Also allowed to create transaction collections. Also allowed to create user transaction messages.

Transaction subtypes

Can view subtypes on the project.

User

Can view or change their own user info.

*Delete not available, only archive.

**Primary one cannot be deleted.

Admin permission limitations

Only users in the protected admin group can access admin endpoints/functionality in Extensions. Users not in the protected admin group will not be able to view or change Extensions in the Admin Dashboard.

Did this answer your question?