Roles and Permissions

Predefined User Roles

To ensure security and operational integrity, the Roles and Permissions system on the Zerocap platform governs what each user is allowed to see and do. This guide explains how roles are assigned and details the responsibilities of each predefined role.

How Roles Are Assigned

In this version of the platform, role assignment is an automatic process based on two simple rules:

1. The Genesis User receives the Genesis and Admin roles. The user who completes the onboarding process and initializes your organization’s account is automatically assigned the Genesis and Admin roles. This gives them full control from the outset.

2. New Invited Users are Assigned the Viewer Role. Other users will be initialised with the most restricted Viewer role. They will need to have their role updated in order to perform certain functionalities (See below).

The Predefined Roles

Here are the standard roles available on the platform and their key functions:

Genesis

The founding role automatically assigned to the user who creates the organization. This role cannot be manually assigned to other users.

• Has access to all permissions available to your organization, including all admin, funding, and approval capabilities.
• A user must pass KYC before this role is active.

Admin

System administrator with full access. This role is intended for senior team members who manage operations and user access.

• Has access to all permissions available to your organization.
• Can perform all funding actions (deposits, withdrawals).
• Can perform all trading actions.
• Manages all entity and user settings.
• A user must pass KYC before being given this role.

Funding Manager

This role is for team members responsible for managing fund flows, wallets, and bank accounts.

• Can manage funds and wallets.
• Can initiate and manage funding actions (deposits, withdrawals, whitelisting).
• A user must pass KYC before being given this role.

Approver

This role is for team members designated to approve workflow actions such as withdrawals and entity changes.

• Can approve workflows submitted by other team members.
• A user must pass KYC before being given this role.

Trader

This role is for team members who actively manage the organization’s portfolio.

• Can create and edit orders.
• Has full access to the Advanced Trading Portal.
• Can view account balances but cannot initiate withdrawals.
• A user must pass KYC before being given this role.

Auditor

A specific read-only role designed for external or internal auditors.

• Can audit other users’ operations.
• Has restricted read-only access to specific data required for compliance checks, such as transaction histories and audit logs.
• Cannot alter any data or perform any actions.

Viewer

This is the baseline view-only role designed for maximum security.

• Can only view information such as the dashboard, account balances, and transaction/trade history.
• Cannot perform any actions such as trading, withdrawing funds, or changing settings.

A user can have multiple roles tied to them at once.

A list of viewable roles and their permissions are available in the “Roles & Permissions” tab of the Entity Management screen (accessible via the bottom left sidebar).

Changing User Roles

A user will require the Admin role in order to change another entity member’s role. To change a user’s role, an Admin should access the “Members” Tab in the Entity Management page. After entering the tab, they will be able to view a table of entity members. In the ‘Action’ column, click on the … button for the member who’s role should be changed, followed by the “Manage Role” button. You will then be able to select the role(s) to amend for the user.

What's Next for Roles & Permissions?

This initial Roles and Permissions system provides a secure, predefined framework. Based on client feedback, we are actively developing future enhancements.

We welcome any feedback here

Next Step: Secure Approval Workflows