Access rights management guide
Introduction
This document describes the access control system on the NeuroVision platform. It is intended for account owners — here you will learn how to manage user permissions, what permissions are available, and how the role system works.
User Hierarchy
The platform uses a two-level hierarchy:
Platform Administrator
└── Account Owner (you)
└── Account UsersYou (owner) — the creator of the account. You define which permissions and sections are available to your users through the role system.
Users — employees invited by you. Their capabilities are determined by the roles you assign.
Types of Users You Can Create
Users are divided into regular and advanced, depending on whether the “Delegation” permission is enabled in their assigned roles.
| Capability | Regular User | Advanced User |
|---|---|---|
| Access to assigned sections | Yes | Yes |
| Actions within their permissions | Yes | Yes |
| Change password and configure 2FA | Yes | Yes |
| View «Roles» tab | No | Yes |
| Create, edit, and delete roles | No | Yes |
| Assign roles to other users | No | Yes |
| Manage IP whitelist («Security» tab) | No | Yes |
| Invite new users | No | Yes |
| Import users from CSV | No | Yes |
| Block and unblock users | No | Yes |
| Export user list | No | No (owner/admin only) |
Navigation Sections
Visibility of sections in the sidebar depends on the user’s role. You control visibility through special navigation permissions within roles.
| Menu Section | Description | Additional Permissions |
|---|---|---|
| Dashboard | Overview with key metrics | No — available if visible |
| KYC/AML | History and management of KYC sessions | Yes (see section 5) |
| Face Search | Face search and comparison | Yes (see section 5) |
| Persons | Persons database and lists | Yes (see section 5) |
| Sources | Image sources and source groups | Yes (see section 5) |
| Access | API access token management | Yes (see section 5) |
| Settings | User, role, and security management | Yes (see section 5) |
| Balance | Balance and usage overview | No — available if visible |
The «Help» and «Documentation» sections are available to all users by default.
Permissions by Category
Below are all permissions that can be assigned via roles. In the role editor, you will see the full permission tree.
User Management
| Permission | Description |
|---|---|
| Find all user | View all users in the account |
| Find user by email | Search for a user by email |
| Find user by id | View user details by ID |
| Find all roles | View all roles in the account |
| See group roles | View roles assigned to the owner |
| Create role | Create a new role |
| Update role | Edit role name, description, or permissions |
| Delete role | Delete a role |
| Set role to user | Assign a role to a user |
| Send invitation | Invite a new user |
| Update user | Modify user data |
| Disable user | Block user (prevent login) |
| Enable user | Unblock user |
| Read group | View account information |
| Update group | Modify account settings |
| Giving a subordinate access to part of the owner’s partitions | Makes the user advanced (see section 6) |
KYC
| Permission | Description |
|---|---|
| View KYC history menu item | View KYC session history |
| View kyc documents images | Run and view document checks |
| View selfie images | Run and view document + selfie checks |
| Delete KYC sessions | Delete verification records |
| Changing the KYC session status | Manually change session status |
| View kyc documents ocr | View extracted OCR data |
| View kyc documents checks | View automatic document verification results |
KYC Schemas
| Permission | Description |
|---|---|
| Get KYC schemas | View all schemas |
| Get KYC schema by ID | View schema details |
| Create KYC schema | Create a new schema |
| Update KYC schema | Modify an existing schema |
| Delete KYC schema | Delete a schema |
| Enable KYC schema | Activate/deactivate a schema |
| View KYC schemas | Access schema editor |
| View unique client | View unique clients list |
Session Databases
| Permission | Description |
|---|---|
| Session DB — Read | View session data |
| Session DB — Create | Create session database |
| Session DB — Update | Update session data |
| Session DB — Delete | Delete session data |
These permissions are located under «Know Your Customer API Services» in the role editor.
Face Search
| Permission | Description |
|---|---|
| View search history menu item | View search history |
| Search a persons by image | Perform face search |
| Faces comparing on images | Create face comparison |
| Get list of face compares | View comparison results |
Persons
| Permission | Description |
|---|---|
| Get persons in a list | View persons database |
| Create new person in a list | Add a new person |
| Update a person information | Edit person data |
| Delete a person from the list | Delete a person |
| Get a person information | View detailed person info |
| Get info about all lists of persons | View all person lists |
| Create a new list of persons | Create a list |
| Update a list of persons | Update a list |
| Delete a list of persons | Delete a list |
| Create a fusion vector for person | Generate biometric vector from multiple images |
| Get persons count in a list | Get number of persons in a list |
Data Sources
| Permission | Description |
|---|---|
| Get all data sources in a group | View sources list |
| Get all groups of data sources | View source groups |
| Create a group of data sources | Create a group |
| Update a group of data sources | Update a group |
| Delete a group of data sources | Delete a group |
| Create a data source in a group | Add a source |
| Update a data source in a group | Update source |
| Delete a data source in a group | Delete source |
Access Tokens (Security)
| Permission | Description |
|---|---|
| Get all access tokens | View API tokens |
| Create an access token | Generate a token |
| Update an access token | Modify token |
| Delete an access token | Delete token |
Logs
| Permission | Description |
|---|---|
| Face search logs | View/export face search logs |
| KYC logs | View/export KYC logs |
Image Visibility (Interface)
| Permission | Applies to |
|---|---|
| View face images | Face search results |
| View kyc documents images | KYC sessions |
| View selfie images | KYC sessions |
| View face crops images | KYC sessions |
| View persons face images | Persons database |
If not enabled, users will see data but not images.
API Permissions
Face Recognition
| Permission | API Operation |
|---|---|
| Faces detection on images | detect |
| Search a persons by image | faceSearchImage |
| Search a person by vector | faceSearchVector |
| Get face searches | faceSearches |
| Add compare | compareAdd |
| Get compares | compares |
Face Features
| Permission | API Operation |
|---|---|
| Get ethnicity by face | featureEthnicity |
| Get gender by face | featureGender |
| Get age by face | featureAge |
| Get face landmarks | featureLandmarks |
| Get mood by face | featureMood |
| Check glasses | featureGlasses |
| Check mask | featureMask |
| Check liveness | featureAlive |
| Check animal | featureAnimal |
KYC API
| Permission | API Operation |
|---|---|
| Active liveness | livenessCreate |
| Process document | kycDocument |
| Process document & selfie | kycDocumentAndSelfie |
| Process document & selfie with document | kycDocumentAndSelfieWithDocument |
Delegation: Advanced Users
Adding the “Delegation” permission makes a user advanced.
Capabilities:
- Role management
- Role assignment
- Security (IP whitelist)
- User invitations
- CSV import
- User blocking/unblocking
Advanced users can only assign permissions they have.
Step-by-Step Instructions
Invite User
- Go to Settings → Users
- Click invite
- Fill details
- User receives email
- Accepts invitation
- Assign role if needed
Import Users
- Settings → Users
- Upload CSV
- Columns:
email,firstName,lastName,password
Create Role
- Settings → Roles
- Create Role
- Fill info
- Select permissions
- Confirm
Assign Role
- Settings → Users
- Open user
- Toggle roles
- Save
Block User
Deactivate / Activate user
IP Whitelist
Settings → Security
Permission Cascade
- Removing permission from owner → removed everywhere
- Adding permission → must be manually assigned
FAQ
Why user doesn’t see menu?
role issue
Why action not allowed?
permission missing
Can user have more rights?
No
Deleting role?
user loses permissions
Password/2FA?
profile settings
