Skip to content

Groups & Permissions

Required group: Super Admin

The platform uses a group-based permission system. Every admin user belongs to one or more groups. Their effective permissions are the union of all their groups — so a user in both billing_admin and support can do everything both groups allow.

The Five System Groups

Super Admin

Full access to everything. Cannot be deleted. Assign this group only to principals who need unrestricted platform control.

Permissions: All permissions.


Billing Admin

Access to financial data and billing configuration.

Permissions: View Billing, Edit Billing, Process Refunds, Manage Payouts, View Users

Portal pages: Transactions, Earnings, Billing Settings


Compliance

Access to notary vetting, legal submissions, and complaint handling.

Permissions: View Audit Log, View Users, Compliance Reports, Chief Registrar, Certificate Requests, View Complaints, Close Complaints, Process Approvals

Portal pages: Notary Approvals, Digital Seals, Chief Registrar, Signing Compliance, Certificate Requests, Compliance, Complaints


Support

Access to user-facing support operations and session data.

Permissions: View Users, View Sessions, Manage Sessions, Process Approvals, Manage Documents, Suspension Appeals, 2FA Resets, Waitlist, Failed Operations, View Complaints

Portal pages: Users, All Sessions, Suspension Appeals, 2FA Reset Requests, Waitlist, Failed Operations, Complaints


General

Minimal read-only access — suitable for onboarding or auditors who only need to see user records.

Permissions: View Users

Portal pages: Dashboard, Users


Viewing Group Members

  1. Go to Admin Groups in the sidebar
  2. Click a group card to expand it
  3. Members are listed with their name and email

Adding a User to a Group

  1. Open the group card
  2. Click Add
  3. Select the user from the dropdown — only users not already in that group appear
  4. Confirm — their permissions are recomputed immediately

Super Admin group: Only a Super Admin can add users to the super_admin group. Non-super admins with admin.groups permission cannot escalate another user to super admin.

Removing a User from a Group

  1. Open the group card
  2. Click the remove icon next to the user
  3. Confirm — their permissions are recomputed immediately

You cannot remove yourself from the super_admin group. Another super admin must do this.

How Permissions Are Applied

Permissions are computed at assignment time and stored on the user record. The JWT issued at login carries the computed permission list — so changes take effect on the user's next login. If you need changes to take effect immediately, the user should log out and log back in.

© 2026 Notarise It©. All rights reserved.