Security & compliance
Role-Based Access Control (RBAC) Guide
Use this printable workflow to design, configure, and audit roles inside the LakiPay dashboard. Keeping permissions scoped prevents mistakes and accelerates audits.
Map Your Roles
- List every team that uses LakiPay (finance, support, engineering, executives).
- Group actions into capabilities: view-only, initiate payouts, manage API keys, edit settings, etc.
- Create base roles from those capabilities. Keep them broad enough that you don’t have to micro-manage per user.
- Document who approves new role requests before you start building them in the dashboard.
Configure Roles in LakiPay
- Navigate to Settings → Access Control → Roles.
- Clone the default templates (Viewer, Operator, Admin) or build a role from scratch.
- Toggle capabilities per channel (payments, wallet, disputes, developer settings).
- Save the role, name it clearly (e.g., “Finance – Viewer”), and assign it to users in Users → Team.
Layer Security Policies
- Require MFA for any role that can initiate payouts or modify API keys.
- Pair RBAC with IP Whitelisting so privileged users can only log in from corporate networks.
- Use the Activity Log to confirm that new roles only run the actions you expect.
- Deactivate unused accounts immediately—RBAC controls are only as strong as the identities behind them.
Audit & Review
- Quarterly: export the Users table, confirm each person still needs their current role, and remove stale accounts.
- Monthly: review the role definitions themselves. Retire legacy roles when teams restructure.
- After major incidents or org changes, run an out-of-cycle review focusing on high-privilege roles.
- Capture review notes in your compliance tracker so auditors can see accountability.
Next steps
Couple RBAC with IP Whitelisting and the Security Overview to give auditors a full picture of your controls.