Understanding User Roles
Aeon uses a flexible role-based permission system with three primary roles:Admin
Full Control
- User management
- Policy changes
- System configuration
- All transaction capabilities
- User management
- Policy changes
- System configuration
- All transaction capabilities
Trader
Transaction Focus
- Approve and sign transactions
- View account balances
- Execute within policy limits
- Limited administrative access
- Approve and sign transactions
- View account balances
- Execute within policy limits
- Limited administrative access
Viewer
Read-Only Access
- View transactions and balances
- Monitor workspace activity
- Export reports
- No transaction capabilities
- View transactions and balances
- Monitor workspace activity
- Export reports
- No transaction capabilities
Changing User Roles
Modify Individual User Role
1
Navigate to User Management
Go to Settings → Users in the Aeon web app
2
Select User
Find the user whose role you want to change
3
Edit User
Click the ⋯ menu → Change User Role
4
Select New Role
Choose the appropriate role: - Admin: For users who need full workspace
control - Trader: For users who need transaction capabilities -
Viewer: For users who only need read access
5
Review Permissions
Review what the new role will allow the user to do
6
Apply Changes
Confirm the role change - it takes effect immediately
7
Notify User
Inform the user about their new role and capabilities
Bulk Role Changes
For changing multiple users at once:1
Select Multiple Users
Use checkboxes to select users for bulk role changes
2
Bulk Actions
Click “Bulk Actions” → “Change Roles”
3
Choose Role
Select the role to apply to all selected users
4
Confirm Changes
Review the list of users and confirm the bulk role change
Role Permissions Matrix
| Permission | Admin | Trader | Viewer |
|---|---|---|---|
| View balances and transactions | ✅ | ✅ | ✅ |
| Export reports and audit logs | ✅ | ✅ | ✅ |
| Execute transactions | ✅ | ✅ | ❌ |
| Approve transactions | ✅ | ✅ | ❌ |
| Create new accounts | ✅ | ❌ | ❌ |
| Add/remove users | ✅ | ❌ | ❌ |
| Modify policies | ✅ | ❌ | ❌ |
| Change user roles | ✅ | ❌ | ❌ |
| System configuration | ✅ | ❌ | ❌ |
Custom Role Configuration
Creating Custom Roles
1
Navigate to Role Management
Go to Settings → Users → Custom Roles
2
Create New Role
Click “Create Custom Role” and provide: - Role name - Description -
Permission set
3
Define Permissions
Select specific permissions: - Account access levels - Transaction limits -
Administrative capabilities - Approval requirements
4
Save Role
Save the custom role for use in your workspace
Assigning Custom Roles
Once created, custom roles can be assigned to users just like standard roles through the user management interface.Role Change Considerations
Security Implications
- Privilege Escalation: Be cautious when granting Admin roles
- Access Removal: Ensure users still have necessary access for their responsibilities
- Policy Compliance: Verify role changes align with your organization’s policies
Best Practices
- Principle of Least Privilege: Grant only the minimum permissions needed
- Regular Reviews: Periodically review user roles and adjust as needed
- Documentation: Maintain records of role changes and justifications
- Approval Process: Implement approval workflows for sensitive role changes
Common Role Change Scenarios
Promotion
Trader → Admin
When a user needs additional responsibilities like user management or policy changes
When a user needs additional responsibilities like user management or policy changes
Role Adjustment
Admin → Trader
When reducing administrative access while maintaining transaction capabilities
When reducing administrative access while maintaining transaction capabilities
Temporary Access
Viewer → Trader
For temporary transaction access during specific projects or coverage periods
For temporary transaction access during specific projects or coverage periods
Offboarding
Any Role → Viewer
When transitioning users out of active roles while maintaining audit access
When transitioning users out of active roles while maintaining audit access
Troubleshooting Role Changes
Common Issues
- Permission Conflicts: If a user belongs to multiple groups with different roles
- Policy Restrictions: Some policies may prevent certain role assignments
- Active Sessions: Users may need to log out and back in to see new permissions
Resolution Steps
- Check group memberships for permission conflicts
- Review workspace policies for role restrictions
- Ask users to refresh their browser or restart the mobile app
- Contact support if issues persist
Role changes are logged in the audit trail for compliance and security
monitoring.