Appearance
Groups & Permissions
Required group: Super Admin
The platform uses a group-based permission system. Every admin user belongs to one or more groups. Their effective permissions are the union of all their groups — so a user in both billing_admin and support can do everything both groups allow.
The Five System Groups
Super Admin
Full access to everything. Cannot be deleted. Assign this group only to principals who need unrestricted platform control.
Permissions: All permissions.
Billing Admin
Access to financial data and billing configuration.
Permissions: View Billing, Edit Billing, Process Refunds, Manage Payouts, View Users
Portal pages: Transactions, Earnings, Billing Settings
Compliance
Access to notary vetting, legal submissions, and complaint handling.
Permissions: View Audit Log, View Users, Compliance Reports, Chief Registrar, Certificate Requests, View Complaints, Close Complaints, Process Approvals
Portal pages: Notary Approvals, Digital Seals, Chief Registrar, Signing Compliance, Certificate Requests, Compliance, Complaints
Support
Access to user-facing support operations and session data.
Permissions: View Users, View Sessions, Manage Sessions, Process Approvals, Manage Documents, Suspension Appeals, 2FA Resets, Waitlist, Failed Operations, View Complaints
Portal pages: Users, All Sessions, Suspension Appeals, 2FA Reset Requests, Waitlist, Failed Operations, Complaints
General
Minimal read-only access — suitable for onboarding or auditors who only need to see user records.
Permissions: View Users
Portal pages: Dashboard, Users
Viewing Group Members
- Go to Admin Groups in the sidebar
- Click a group card to expand it
- Members are listed with their name and email
Adding a User to a Group
- Open the group card
- Click Add
- Select the user from the dropdown — only users not already in that group appear
- Confirm — their permissions are recomputed immediately
Super Admin group: Only a Super Admin can add users to the
super_admingroup. Non-super admins withadmin.groupspermission cannot escalate another user to super admin.
Removing a User from a Group
- Open the group card
- Click the remove icon next to the user
- Confirm — their permissions are recomputed immediately
You cannot remove yourself from the
super_admingroup. Another super admin must do this.
How Permissions Are Applied
Permissions are computed at assignment time and stored on the user record. The JWT issued at login carries the computed permission list — so changes take effect on the user's next login. If you need changes to take effect immediately, the user should log out and log back in.