User Management: Role-Based Access & Approval Workflows

Q: How many approval tiers does CorporateConnect support?

Up to four tiers: initiator, reviewer, approver and releaser. Tiers activate based on configurable rules: dollar threshold, transaction type, payment corridor, and counterparty status. The audit log records each tier action with user, timestamp, IP and device.

Q: What happens when we offboard a user?

Admins deactivate the user with one click. All session tokens revoke immediately. Open workflows requiring the user reroute to the backup approver defined in the role config. The offboarded user is flagged in the audit log for retention review, and any transactions initiated by them remain traceable.

Q: Are approval workflows aligned to FFIEC guidance?

Yes. CorporateConnect implements segregation of duties and independent approval aligned to FFIEC IT Examination Handbook guidance on authentication and access control. Dual-authorization thresholds are configurable, and the audit log supports external examination review.

CorporateConnect user management gives treasury administrators the full control plane: assign roles, scope to entities and accounts, cap dollar limits, chain up to four approval tiers per transaction type, and offboard users with a single click. Every action logged, every permission change dual-authorized, every session trackable.

Built to the access-control rigor a national examiner expects. Aligned to FFIEC IT Examination Handbook guidance on segregation of duties and authentication.

CorporateConnect user management console showing role matrix, entity scoping, dollar limits and four-tier approval workflow configuration

Access Control Essentials

Roles: unlimited, with inheritance and override.
Approval tiers: up to four — initiator, reviewer, approver, releaser.
Scoping dimensions: entity, account, payment type, dollar band.
Onboarding: admin invite → enrollment email → MFA activation.
Offboarding: one-click deactivation, instant session revocation.
Audit: immutable log with 7-year retention.

Roles & Permission Sets

Zero-click snippet: roles are named permission bundles such as Initiator, Reviewer, Approver, Admin and Read-Only; users can hold multiple roles, and the platform composes effective permissions as the union of role-granted capabilities constrained by scope.

A common production setup maps to the real treasury org: "AP Analyst" initiates vendor payments and ACH; "AP Manager" reviews them; "Treasurer" approves them up to a threshold; "CFO" approves above that threshold; "Admin" manages users (no payment authority); "Read-Only Auditor" sees everything but can do nothing. Every role publishes to every user without a personalized rebuild.

Entity & Account Scoping

Zero-click snippet: role assignments scope to unlimited entities, accounts and payment types, ensuring a user sees and acts only on their assigned subset.

Entity scoping is powerful for holding companies. A subsidiary AP manager sees only that subsidiary’s data. A parent-level treasurer sees all entities. An entity-specific controller sees that entity for reconciliation but cannot initiate payments. The combinatorial matrix of (role × entity × account × payment type × dollar band) produces the effective permission set, evaluated at every API call.

Approval Chains Up to Four Tiers

Zero-click snippet: approval chains link initiator, reviewer, approver and releaser roles; tiers activate dynamically based on dollar threshold, payment type, corridor and counterparty.

A $5,000 domestic ACH might require only initiator and approver. A $500,000 international wire fires the full four-tier chain. Rules are deterministic — every transaction at a given dollar band produces a predictable approval path, auditable after the fact. Dual authorization on permission changes means no single admin can unilaterally grant themselves elevated privileges.

Capability	Initiator	Reviewer	Approver	Admin	Read-Only
View balances	Yes	Yes	Yes	Yes	Yes
Initiate wire	Yes	No	No	No	No
Initiate ACH batch	Yes	No	No	No	No
Review pending	No	Yes	Yes	No	No
Approve transaction	No	No	Yes	No	No
Release transaction	No	No	Yes	No	No
Add/remove users	No	No	No	Yes (dual-auth)	No
Change limits	No	No	No	Yes (dual-auth)	No
Download reports	Yes	Yes	Yes	Yes	Yes
Export audit log	No	No	No	Yes	Yes
Typical assignee	AP Clerk	AP Manager	Treasurer / CFO	IT / Ops Lead	Auditor

Onboarding a New User

Admin creates the user profile, selects roles and entity scope, sets dollar limits. An enrollment email goes to the user’s work address with a one-time activation code. User clicks, sets a password, registers MFA (soft token or FIDO2 hardware key), and is live within 10 minutes. Dual-authorization required on user creation.

Offboarding a Departing User

Admin deactivates. All active sessions are revoked within 90 seconds. Any workflows pending the user’s action reroute to the configured backup approver. The user profile is retained for audit but cannot authenticate. The audit log records the offboarding event with initiating admin and timestamp. Aligned with OCC expectations on privileged access lifecycle.

Periodic Access Review

Quarterly, the platform surfaces a user-role attestation report. Admin confirms every active user still requires their current role. Any unattested user is auto-moved to Read-Only after the review window. Report exports cleanly for the external examination file.

How many approval tiers does CorporateConnect support?

Up to four tiers: initiator, reviewer, approver, releaser. Tiers activate based on dollar threshold, transaction type, payment corridor and counterparty status. The audit log records each action.

Can roles be scoped to specific entities or accounts?

Yes. Roles scope to unlimited entities, accounts and payment types. AP clerks can be limited to vendor payments under a dollar band for one entity while treasurers authorize wires across all entities.

What happens when we offboard a user?

Admin deactivates with one click. All session tokens revoke immediately. Open workflows reroute to the backup approver. The offboarded user is flagged in the audit log.

Does the audit log capture access attempts?

Yes. Every login, failed login, permission change, role assignment, approval and rejection writes an immutable row: user, timestamp, IP, device, action, target, before/after state. Retention 7 years by default.

Are approval workflows aligned to FFIEC guidance?

Yes. Segregation of duties and independent approval are aligned to FFIEC IT Examination Handbook guidance on authentication and access control.

Account Summary

Consolidated multi-entity balance dashboard with permission-scoped drill-down.

Transaction Reporting

60-field commercial feed recording initiator, approver and releaser on every row.

Custom Reports

Drag-and-drop builder with role-shared and company-wide saved layouts.

Data Export

BAI2, CSV and ISO 20022 to QuickBooks, SAP, Oracle, NetSuite, Sage Intacct, Workday.

Design Your Access Matrix in One Workshop

A CorporateConnect advisor will map your org chart to roles, set entity scopes, and configure dollar bands and approval chains in a 60-minute workshop. Reviewed by Jonathan R. Hayes, VP Commercial Treasury Solutions, CTP.

Contact a Relationship Manager