User Roles Configuration
Permissions allow users to view different types of information or to perform actions in Mambu. You can either assign individual permissions to users, or you can group permissions by creating a role and then assigning that role to a user. The user will then have all the permissions that are a part of that role. For more information see Understanding Users, Roles, and Permissions and Roles.
With Configuration as Code (CasC), you may batch configure your user roles configuration via the API using YAML. For general information on CasC, see Configuration as Code Overview.
API operations
CasC for user roles supports three operations.
| Action | Endpoint | Description |
|---|---|---|
GET | /configuration/userroles.yaml | Get current user roles configuration. |
PUT | /configuration/userroles.yaml | Write a new user roles configuration to Mambu. |
GET | /configuration/userroles/template.yaml | Get your user roles configuration template in YAML. This is useful when configuring from scratch. For formatting information for the fields, see General Attributes below for an example. |
Any existing selections, usages, view and edit rights of roles that are not included in a new configuration submitted to the API are deleted.
Existing roles that are not included in configuration requests are deactivated or disabled.
Built-in user roles are excluded from configuration because they are created during tenant provisioning and are not fully customisable.
Requests
For general information on CasC requests such as authentication and required headers, see Configuration as Code Overview.
The following section shows sample requests using curl and basic authentication. For all examples, replace TENANT_NAME with your actual tenant name.
GET configuration
curl -X GET 'https://TENANT_NAME.mambu.com/api/configuration/userroles.yaml' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-u user:password
{auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.
Get your user roles configuration template
curl -X GET 'https://TENANT_NAME.mambu.com/api/configuration/userroles/template.yaml' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-H 'Authorization: Basic {auth}'
{auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.
PUT configuration
curl -X PUT 'https://TENANT_NAME.mambu.com/api/configuration/userroles.yaml' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-H 'Content-Type: application/yaml' \
-H 'Authorization: Basic {auth}' \
--data-binary @userroles.yaml
{auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.
“@userroles.yaml” represents the absolute path of the file on your device.
Use “--data-raw” if you want to specify the YAML body inline.
Configuration body example
---
roles:
- name: "Mambu Support"
id: "613343659"
administrator: false
teller: false
creditOfficer: false
support: true
delivery: false
accessRights:
- "MAMBU"
permissions:
- "AUDIT_TRANSACTIONS"
- "VIEW_COMMENTS"
- "VIEW_CENTRE_DETAILS"
- "VIEW_BRANCH_DETAILS"
- "VIEW_COMMUNICATION_HISTORY"
- "VIEW_LOAN_PRODUCT_DETAILS"
- "VIEW_SAVINGS_PRODUCT_DETAILS"
- "VIEW_CLIENT_DETAILS"
- "VIEW_GROUP_DETAILS"
- "VIEW_LINE_OF_CREDIT_DETAILS"
- "VIEW_LOAN_ACCOUNT_DETAILS"
- "VIEW_SECURITIES_DETAILS"
- "VIEW_SAVINGS_ACCOUNT_DETAILS"
- "VIEW_DOCUMENTS"
- "VIEW_TASK"
- "VIEW_INTELLIGENCE"
- "VIEW_REPORTS"
- "VIEW_CHART_OF_ACCOUNTS"
- "VIEW_JOURNAL_ENTRIES"
- "VIEW_ACCOUNTING_REPORTS"
- "VIEW_INVESTOR_FUNDS_DETAILS"
- "VIEW_USER_DETAILS"
- "VIEW_ADMINISTRATION_DETAILS"
- "VIEW_TRANSACTION_CHANNELS"
- name: "roll"
id: "STD_BA"
administrator: false
teller: false
creditOfficer: true
support: false
delivery: false
accessRights:
- "APIS"
permissions:
- "VIEW_GROUP_DETAILS"
- "CREATE_GROUP"
- "EDIT_GROUP"
- "CHANGE_GROUP_TYPE"
- "MANAGE_GROUP_ASSOCIATION"
- "EDIT_GROUP_ID"
- "VIEW_LOAN_ACCOUNT_DETAILS"
- "CREATE_LOAN_ACCOUNT"
- "EDIT_LOAN_ACCOUNT"
- "APPROVE_LOANS"
- "DIBURSE_LOANS"
- "APPLY_LOAN_FEES"
- "ENTER_REPAYMENT"
- "EDIT_REPAYMENT_SCHEDULE"
- "APPLY_LOAN_ADJUSTMENTS"
- "BACKDATE_LOAN_TRANSACTIONS"
- "APPLY_ACCRUED_LOAN_INTEREST"
- "POST_TRANSACTIONS_ON_LOCKED_LOAN_ACCOUNTS"
- "EDIT_PENALTY_RATE"
- "REQUEST_LOAN_APPROVAL"
- "EDIT_LOAN_TRANCHES"
- "REJECT_LOANS"
- "WRITE_OFF_LOAN_ACCOUNTS"
- "REVERSE_LOAN_ACCOUNT_WRITE_OFF"
- "CLOSE_LOAN_ACCOUNTS"
- "LOCK_LOAN_ACCOUNTS"
- "WITHDRAW_LOAN_ACCOUNTS"
- "DELETE_LOAN_ACCOUNT"
- "SET_DISBURSEMENT_CONDITIONS"
- "RESCHEDULE_LOAN_ACCOUNT"
- "REFINANCE_LOAN_ACCOUNT"
- "EDIT_LOAN_TRANSACTIONS"
- "BULK_LOAN_CORRECTIONS"
- "EDIT_INTEREST_RATE"
- "UNDO_LOAN_ACCOUNT_CLOSURE"
- "UNDO_REJECT_LOANS"
- "UNDO_WITHDRAW_LOAN_ACCOUNTS"
- "LINK_ACCOUNTS"
- "EDIT_PRINCIPAL_PAYMENT_ACTIVE_REVOLVING_CREDIT"
- "PERFORM_REPAYMENTS_WITH_CUSTOM_AMOUNTS_ALLOCATION"
- "MANAGE_LOAN_ASSOCIATION"
- "MAKE_WITHDRAWAL_REDRAW"
- "VIEW_SECURITIES_DETAILS"
- "CREATE_SECURITIES"
- "EDIT_SECURITIES"
- "DELETE_SECURITIES"
notes: "notes"
General attributes
The order of the user roles in the YAML configuration file will define the order in the Mambu UI as well.
| Name | Type | Description | Required |
|---|---|---|---|
name | [String] | A list of predefined access rights. | ✘ |
administrator | Boolean | Indicates whether this role is administrative. | ✘ |
creditOfficer | Boolean | Indicated whether this role will be associated with a credit officer user. | ✘ |
delivery | Boolean | Indicates whether this role will give delivery access. | ✘ |
id | String | User-defined ID, globally unique. | ✔ |
name | String | User-defined name, globally unique. | ✔ |
notes | String | User-defined notes for this particular role. | ✘ |
permissions | [String] | A list of predefined permissions. | ✘ |
support | Boolean | Indicates whether this role will give support access. | ✘ |
teller | Boolean | Indicates whether this role will give tellering access. | ✘ |
Replies
Validation
Validation errors report a non-exhaustive list of errors, such as invalid date format or decimal separator not being one of the available types. However fields such as email address or telephone are not validated, and care should be taken to make sure this information is correct.
Validation performed by the API uses the same rules as the UI. Configuration validation checks:
- Syntax is correct as per YAML standards and the user roles template.
- Content is correct.
- References are all properly mapped (and exist in the target system).
- User roles properties are accurate and correct.