Documentation
OnboardingAPI v1ChangelogAPI Status
Start typing to search…

Manage User Roles

To manage your users and the information they can access, you can use the roles feature. Lemonway comes with default roles that you can edit, and you can always create your own custom roles. You can assign roles to users when you 👉 create a new Lemonway user.

📘

Note

If you do not see the Roles option, then you don’t have the permission to create or edit roles. Request access from your account administrator. Tools and administration access give users permission to make significant changes within your dashboard. Access should only be given to trusted users who need extensive access to your organisation.

You can not give the permissions you do not have. For example, if you do not have permission to create new users, you can’t give it to another role.

Create a role

From the Dashboard:

  1. Click Configuration. A menu unfolds.
  2. Click Roles
  3. Click Create a new role +. A pop-up appears.
  4. Select its name.
  5. Click Create +. You can now see the role in the Roles list.
  6. Click the pencil icon.✏️
  7. Click the grey arrow to open the list of permissions.
  8. Select the features and data this role will be able to use.
  9. Click Save.

Edit a role

From the Dashboard:

  1. Click Configuration. A menu unfolds.
  2. Click Roles.
  3. Click the pencil icon on the line of the role you wish to edit. ✏️
  4. Click the grey arrow to open the list of permissions.
  5. Select the features and data this role will be able to use.
  6. If you wish to remove permission, click the cross next to the feature name.
  7. Click Save.

Understanding Permissions

Depending on the roles you assign to a user, the permissions will be different and thus, the features and data a user will be able to use will be different.

❗️

Permissions are not the same as functionnalities

Permissions are not functionnalities. A permission enables you to have access to some pages or functionnalities. If you have the permission for a page, you can only have a read-only access or you can have access to all the functionnalities as well. For instance, for some pages, there are two permissions: the access one and the action one to edit or do something.

List of Permissions

All of the available permissions on the dashboard are the following:

Dashboard (READ)

Grants access to the Dashboard page with the ability to see the Turnover History and the Latest Transactions.

This permission has the following child permissions:

  • Turnover of the day (READ)

    Displays a summary of the turnover of the current day.

  • Incomings of the day (READ)

    Displays a summary of all Incoming transactions of the current day.

  • Outgoings of the day (READ)

    Displays a summary of all Outgoing transactions of the current day.

  • Wallet SC Balance (READ)

    Displays the balance of the SC (Society) Wallet on the Dashboard page.
Accounts & Wallets (READ)

Grants access to the Account pages and Wallet pages.

This permission has the following child permissions:

  • Wallet Statement (READ)

    Shows the “Wallet Statement” page of the dashboard which gives a summary overview of all the statements of all the wallets. Allows downloading of wallet report files. Also allows the “Wallet Statement” tab on the Wallet Details page.

  • Create Wallet (READ)

    Allows a user to create new wallets and accounts on their dashboard.
Wallet Details (READ/WRITE)

Grants access to the Overview tab in each wallet’s detail page, and allows blocking/unblocking or editing wallet status directly.

This permission has the following child permissions:

Documents (READ)

Grants access to the Documents tab on the individual Wallet details.

This permission has the following child permission:

  • Add/Edit Document (WRITE)

    Grants the ability to upload new documents, and change the status of documents.
Transactions (READ)

Enables the Transactions tab within each wallet’s detail page for viewing all transactions related to the specific wallet.

This permission has the following child permission:

  • Send Payment to Another Wallet (WRITE)

    Enables creating internal transfers between wallets within the Transactions section.
Payment Methods and Bank Accounts (READ)

Enables the Payment Methods tab within each wallet’s detail page for viewing all payment methods associated to the specific wallet.

This permission has the following child permissions:

Bank Accounts (READ)

Lets users view the Bank Accounts tab in the Wallet Detail page which shows all of the bank accounts a specific wallet has.

This permission has the following child permissions:

  • Add Bank Account (WRITE)

    Enables the “Add Bank Account” button to add a new bank account to a wallet on the Bank Accounts tab in Wallet Details.

  • Request Wire Transfer (WRITE)

    Enables the “Wire Transfer (Request)” button on the Bank Account tab, it allows the user to initiate Pay-Outs from any normal wallet.

  • Edit Bank Account Status (WRITE)

    Enables the status edit icon and the disable (“X”) function on bank accounts in Wallet Details.
SDD Mandates (READ)

Unlocks the SDD Mandates tab within Payment Methods on the Wallet Details page.

This permission has the following child permissions:

  • Request SDD (WRITE)

    Enables the button in the SDD Mandates tab that allows users to request a SEPA Direct Debit.

  • Add SDD Mandate (WRITE)

    Enables the “Add SDD mandate” button on the SDD Mandates tab within Wallet Details.

  • Enable SDD Mandate (WRITE)

    Enables the yellow tick icon to activate an SDD mandate in the SDD Mandates tab under Payment Methods.

  • Disable SDD Mandate (WRITE)

    Enables the “X” button to deactivate an SDD mandate in the SDD Mandates sub‑tab within Payment Methods.

  • Saved Cards (READ/WRITE)

    Enables the Saved Cards tab under Payment Methods and allows adding/disabling stored card methods.

  • Add Payment Form (WRITE)

    Enables the “Add Payment Form” button under Payment Forms on the Wallet Details page.

  • Edit Wallet Information (WRITE)

    Allows modifying wallet profile data (contact, address, display name, status) in the Wallet Information tab of Wallet Details.

  • Logs (READ)

    Enables the “Log” tab on the Wallet Details page so users can view wallet activity logs.
Reports (READ)

Grants access to the Reports page of the dashboard, where users can access a report on Pay-Ins, Pay-Outs, Commissions and Chargebacks for a chosen time period.

Transactions (READ)

Access to all Transactions pages—including All, In / Out, P2P, Transaction Requests and transaction detail views.

This permission has the following child permissions:

  • Payment Certificate (WRITE)

    Shows the button on transaction details for completed pay-out transactions, which allows you to download the payment certificate of the transaction (non-SC wallets).

  • Proof of Payment (WRITE)

    Shows the button that allows you to get the Proof of Payment on transaction details after pay-in credits complete (non‑SC wallets).

  • Validate Pre-authorizations (WRITE)

    Enables validation of credit card pre‑authorizations for non‑SC wallet transactions.

  • Refund (WRITE)

    Allows initiating refunds for pay-in transactions on non‑SC wallets.

  • Cancel Outgoing Transaction (WRITE)

    Enables cancellation of pending outgoing transactions from any wallet before completion.

  • Cancel Incoming Transaction (WRITE)

    Allows users to cancel or reject incoming transactions before they credit the wallet.

  • Cancel Incoming Transaction by Check (WRITE)

    Enables cancellation of incoming payments that were initiated via check.

  • Cancel Direct Debit Incoming Transaction (WRITE)

    Allows cancellation of pending SDD (Direct Debit) incoming transactions.

  • Validate Wire Transfer Request (WRITE)

    Grants ability to approve or cancel pay‑out transfer requests from non‑SC wallets.

  • Send Payment Between Wallets (WRITE)

    Enables creating internal transfers between wallets on the Transaction details page.
Configuration (READ)

Enables access to the Configuration tab on the dashboard menu, will only be visible once one of the sub-permissions is granted.

This permission has the following child permissions:

IP Address Whitelist (READ)

Enables access to the IP Address Whitelist page for reviewing the IPs allowed to access this dashboard.

This permission has the following child permission:

  • Add Whitelisted IP Address (WRITE)

    Enables the Add IP Address button on the IP Address Whitelist page to manage allowed IPs.
Users

Access to the Users configuration page and the Users & Invites tabs. Only invites and users you created or invited are visible.

This permission has the following child permission:

  • Create Users (WRITE)

    Enables the “Invite User” button on the Users page. Also allows resending pending user invitations.

  • Edit Users (WRITE)

    Allows editing, and deleting of existing users.

  • Roles (READ)

    Gives access to the Roles configuration page, and allows creation of new roles based on the permissions the user holds.

  • Two-factor authentication (READ/WRITE)

    Grants access to the 2FA configuration page, and allows enabling or revoking 2FA for the user’s own dashboard access.

  • Edit Branding (WRITE)

    Enables a user’s ability to make changes on the Branding Tab - it enables the ability to change the logos, colors, and other branding elements used on Lemonway’s end-user products.
Developers (READ)

Enables access to the Developers tab on the dashboard menu, will only be visible once one of the sub-permissions is granted.

This permission has the following child permissions:

  • API Keys (READ/WRITE)

    Grants access to the API Keys page and allows users to generate new API keys.

  • API Documentation (READ)

    Enables the “API Documentation” option in the “Developers” menu, this link sends the user to the Lemonway documentation.
Notifications (READ)

Enables access to the Notifications page.

This permission has the following child permissions:

  • Notification Logs (READ)

    Enables viewing and resending system messages and notifications.
Notification Settings (READ)

Grants access to the Notifications Settings tab, which shows all of the current settings for all of the notifications.

This permission has the following child permission:

  • Edit Notification Settings (WRITE)

    Allows user to edit the notification rules and settings.
My Wallet (SC) (READ)

Enables access to “My Wallet (SC)” in the menu, to the Overview tab on the My Wallet (SC) page and the My Wallet Statements. These are all the pages relevant to your organization's wallet and transactions.

This permission has the following child permissions:

Bank Accounts (My Wallet - SC) (READ)

Enables access to the Bank Accounts tab on the My Wallet (SC) page to view all linked bank accounts.

This permission has the following child permission:

  • Require Wire Transfer (My Wallet - SC) (WRITE)

    Enables the “Wire Transfer (Request)” button on the Bank Account tab, it allows the user to initiate Pay-Outs from the SC Wallet.
Transactions (My Wallet - SC) (READ)

Enables the Transactions tab on the My Wallet (SC) page for SC‑specific transaction history.

This permission has the following child permissions:

  • Send Payments to Another Wallet (My Wallet - SC) (WRITE)

    Enables creating internal transfers between the SC Wallet and another wallet within the Transactions tab of the My Wallet (SC) page.

  • Cancel Outgoing Transaction (My Wallet - SC) (WRITE)

    Enables the ability to cancel outgoing transactions from the SC Wallet.

  • Refund (My Wallet - SC) (WRITE)

    Allows initiating refunds for pay-in transactions on the SC Wallet.

  • Proof of Payment (My Wallet - SC) (WRITE)

    Enables downloading proof of payment receipts for pay-in into the SC Wallet.

  • Validate pre-authorizations (My Wallet - SC) (WRITE)

    Enables validation of pre‑authorizations for SC Wallet transactions.

  • Validate Wire Transfer (My Wallet - SC) (WRITE)

    Grants ability to approve or cancel pay‑out transfer requests from the SC Wallet.

  • Payment Certificate (My Wallet - SC) (WRITE)

    Enables downloading payment certificates for outgoing transactions from the SC Wallet.

  • Cancel Incoming Transactions (My Wallet - SC) (WRITE)

    Enables the ability to cancel incoming transactions directed to the SC Wallet.

  • Invoices (READ)

    Enables viewing of the Invoices tab on the My Wallet (SC) page.

  • Commissions & Fees (READ)

    Unlocks the Commissions & Fees tab on the My Wallet (SC) page for viewing service charges.

  • Thresholds (READ)

    Enables access to the Thresholds tab on the My Wallet (SC) page, showing configured limits and caps.

  • Logs (My Wallet - SC) (READ)

    Unlocks access to the Logs tab on the My Wallet (SC) page to review SC‑specific wallet activity.

Default Lemonway Roles

Here are the five roles created by default and their description. If you have a role with the permission that enables you to create roles (Roles), you can add roles and customise permissions.

  • MB-ADMIN (Administrator Role): Full access to all dashboard features.
  • MB-MANAGER (Manager Role): Broad access, excluding sensitive actions like modifying bank accounts, generating API keys, cancelling transactions, or modifying roles.
  • MB-OPERATOR (Operator Role): Can view and interact with most dashboard features, but cannot initiate Money-Outs, add bank accounts, validate pre-authorizations, or issue refunds.
  • READ-ONLY-STANDARD: View-only access to core wallet and transaction data. Cannot perform any actions.
  • MB-WS-ADMIN / MB-WS-MANAGER: API-only roles. No permissions on the dashboard.

You can view the specific permissions associated to each of these roles through the Roles Page on the Dashboard and clicking the view (👁️) button next to any of the roles above.

Updated 22 days ago