User Management
Your User Management, Explained
How to invite people to your account, assign them roles, and control exactly what they can see and do. The access-control layer of the platform.
Last updated
Welcome
User Management is where you define who can access the platform, what they are allowed to do, and how much of your financial life they can see.
Most real-world access models come down to three building blocks: members, roles, and invitations. Once those three are configured cleanly, shared access becomes much easier to manage safely.
Good user management is not just about adding people. It is about making sure each person has exactly the access they need and nothing more.
Inviting a new member
Inviting a new member is the first step in granting access. Before sending the invite, decide which role they should receive on day one.
- Email address - Where the invitation will be sent.
- Name - How the member should appear inside the account.
- Role - The permission set they will receive once they accept.
- Optional message - Additional context included with the invitation.
Choose the role intentionally before sending the invite. The assigned permissions take effect as soon as the invite is accepted.
Suspending, removing, and reactivating members
Not every access change should be permanent. The platform supports different responses depending on whether access is pausing or ending.
- Suspend - Temporarily disable access while preserving the account, role, and history.
- Reactivate - Restore access for a previously suspended member.
- Remove - Permanently revoke access when the member should no longer be part of the account at all.
If you are unsure whether someone will need access again, suspend first. Removal is better for final offboarding, while suspension gives you flexibility.
Roles
Roles define what members can see and do. They are the core permission model behind shared access.
- Owner - The highest level of authority, including account-level control and the ability to manage the broadest permissions.
- Tenant Admin - Broad administrative access for day-to-day account management.
- Viewer - Read-only access intended for visibility without operational control.
- Custom roles - Tailored permission sets designed around specific responsibilities or stakeholders.
A well-designed role system keeps shared access simple. Instead of thinking about each person one permission at a time, you assign them a role built for their job.
How to read a role definition
A role definition is really a grouped permission map. It tells you which areas of the platform a member can view, edit, manage, or administer.
- Document permissions - Control access to viewing, uploading, organizing, or removing files.
- Entity permissions - Control whether the member can create or modify ownership structures.
- Holdings and transaction permissions - Control access to account activity, holdings data, and edits.
- Connected account permissions - Control whether the member can manage institution or wallet connections.
- User management permissions - Control whether the member can invite people, modify roles, or manage other users.
- Settings permissions - Control account-level configuration access.
The practical question is simple: if this member makes a mistake or sees something they should not see, what is the blast radius? Design roles around that question.
Creating a custom role
Custom roles are useful when default access patterns are too broad or too narrow for a real person in your workflow.
- CPA or tax preparer - Usually needs documents, transactions, holdings, and report access, but not editing authority across the platform.
- Financial advisor - Often needs broad visibility into financial data and reports without operational write access.
- Spouse or family member - Often needs high-level visibility without full transaction or document access.
- Operator or bookkeeper - Often needs document and transaction management without control over entities, ownership structures, or strategic settings.
The goal is not to create many roles. The goal is to create a few clear roles that match real responsibilities cleanly.
Common workflows
Onboard a new CPA
Create or assign a read-oriented role that gives the CPA what they need for reporting and tax prep without broad write access, then suspend access when the season ends if appropriate.
Give a spouse or family member visibility
Use a read-only or high-level custom role when someone needs transparency without operational control.
Add an advisor temporarily
Assign a broad read role for diligence or review, then reduce, suspend, or remove access once the relationship changes.
Run an annual access review
Review every member, role, and last-needed use case. Remove stale access and tighten permissions that no longer make sense.
Offboard safely
Suspend first when necessary, check for operational fallout, then remove once you are confident the transition is complete.
Security considerations
- Follow least privilege - Give each person only the permissions they actually need.
- Avoid shared logins - Separate accounts preserve accountability and make access rotation manageable.
- Review sensitive changes - Pay attention to high-impact actions such as role escalations, entity edits, or document removal.
- Rotate access promptly - When a relationship ends or changes, update access immediately rather than waiting for a convenient time.
The safest long-term setup is not the most restrictive one. It is the one where every permission still has a clear reason for existing.