Understanding User Roles
Aeon uses a flexible role-based permission system with three primary roles:Admin
Full Control
- User management
- Policy changes
- System configuration
- All transaction capabilities
- User management
- Policy changes
- System configuration
- All transaction capabilities
Trader
Transaction Focus
- Approve and sign transactions
- View account balances
- Execute within policy limits
- Limited administrative access
- Approve and sign transactions
- View account balances
- Execute within policy limits
- Limited administrative access
Viewer
Read-Only Access
- View transactions and balances
- Monitor workspace activity
- Export reports
- No transaction capabilities
- View transactions and balances
- Monitor workspace activity
- Export reports
- No transaction capabilities
Changing User Roles
Modify Individual User Role
Select New Role
Choose the appropriate role: - Admin: For users who need full workspace
control - Trader: For users who need transaction capabilities -
Viewer: For users who only need read access
Bulk Role Changes
For changing multiple users at once:Role Permissions Matrix
| Permission | Admin | Trader | Viewer |
|---|---|---|---|
| View balances and transactions | ✅ | ✅ | ✅ |
| Export reports and audit logs | ✅ | ✅ | ✅ |
| Execute transactions | ✅ | ✅ | ❌ |
| Approve transactions | ✅ | ✅ | ❌ |
| Create new accounts | ✅ | ❌ | ❌ |
| Add/remove users | ✅ | ❌ | ❌ |
| Modify policies | ✅ | ❌ | ❌ |
| Change user roles | ✅ | ❌ | ❌ |
| System configuration | ✅ | ❌ | ❌ |
Custom Role Configuration
Creating Custom Roles
Define Permissions
Select specific permissions: - Account access levels - Transaction limits -
Administrative capabilities - Approval requirements
Assigning Custom Roles
Once created, custom roles can be assigned to users just like standard roles through the user management interface.Role Change Considerations
Security Implications
- Privilege Escalation: Be cautious when granting Admin roles
- Access Removal: Ensure users still have necessary access for their responsibilities
- Policy Compliance: Verify role changes align with your organization’s policies
Best Practices
- Principle of Least Privilege: Grant only the minimum permissions needed
- Regular Reviews: Periodically review user roles and adjust as needed
- Documentation: Maintain records of role changes and justifications
- Approval Process: Implement approval workflows for sensitive role changes
Common Role Change Scenarios
Promotion
Trader → Admin
When a user needs additional responsibilities like user management or policy changes
When a user needs additional responsibilities like user management or policy changes
Role Adjustment
Admin → Trader
When reducing administrative access while maintaining transaction capabilities
When reducing administrative access while maintaining transaction capabilities
Temporary Access
Viewer → Trader
For temporary transaction access during specific projects or coverage periods
For temporary transaction access during specific projects or coverage periods
Offboarding
Any Role → Viewer
When transitioning users out of active roles while maintaining audit access
When transitioning users out of active roles while maintaining audit access
Troubleshooting Role Changes
Common Issues
- Permission Conflicts: If a user belongs to multiple groups with different roles
- Policy Restrictions: Some policies may prevent certain role assignments
- Active Sessions: Users may need to log out and back in to see new permissions
Resolution Steps
- Check group memberships for permission conflicts
- Review workspace policies for role restrictions
- Ask users to refresh their browser or restart the mobile app
- Contact support if issues persist
Role changes are logged in the audit trail for compliance and security
monitoring.