Permission Controls in Avallone help you ensure that users only have access to the features and actions they need for their role.
Permission Controls are managed through Permission Groups within the settings: each group contains a set of permissions (sometimes referred to as “feature access”) and a list of users who are members of the group.
This supports common security and compliance principles such as least privilege (only grant the minimum permissions needed).
Key concepts
1) Platform users
Platform users are the individuals who log in to Avallone and use the platform.
2) Permission groups
A Permission Group is a collection of users with assigned access rights and privileges to specific resources or functionalities within Avallone.
In simple terms:
- Permission Groups define what someone can do in Avallone.
- They can be used to restrict users to view only, request only, approve only, or other role-based access patterns.
If you plan to limit access to specific companies/officers, you typically use Access Groups in addition to Permission Groups.
What permission controls can restrict
Avallone is built for granular permission control. Depending on your setup, you can limit access to features such as (examples):
- Sharing
- Company overview and data
- KYC Responder
- KYC Collector
- User and settings administration
Standard permission groups (available by default)
Avallone comes with standard permission groups that many customers can use as-is, and adjust when needed.
KYC Managers
The KYC Managers group is typically the primary “full access” business user group.
It gives users access to view, create, handle, and share data, and access to the products (e.g., KYC Responder and KYC Collector) that your tenant has enabled.
Security Management
The Security Management group is a high-privilege admin group.
It provides access to permission controls and allows users to create new permission groups or adjust existing groups.
Users in this group can also add/remove users from permission groups.
Because this group is powerful, membership should be kept small.
User Management
The User Management group allows users to:
- Invite new users to the platform
- Add users to relevant permission groups
- Access certain tenant settings
Product Management
The Product Management group allows users to configure parts of the platform setup, such as:
- Updating the company model by adding custom fields
- Other product configuration tasks that depend on your enabled modules
Default API Permission Group
The Default API Permission Group is intended for API users and API-related permissions.
How it works in practice
Users get access through group membership
A user’s effective permissions are determined by the Permission Groups they belong to.
Typical setup patterns:
- A small number of admins in Security Management
- Operational admins in User Management
- Business users in KYC Managers (and/or additional tailored groups)
Tailored permission groups (common use cases)
Some customers create additional permission groups to match internal roles, for example:
- “View only” users who can inspect data but not edit it
- “Responder access” users who can share and upload company information but cannot create officers
- “Limited Collector access” users who can create requests but not review/approve outcomes
How to set it up
Step 1: Map roles to what users need to do
List the different user roles in your organization and identify what each role should be able to do in Avallone.
Example questions:
- Should this role only view data, or also edit it?
- Should this role be able to share packages externally?
- Should this role be able to create new companies/officers?
- Should this role administer users and settings?
Step 2: Start with standard groups where possible
Use the standard groups as a baseline. For many customers, they cover most needs with minimal changes.
Step 3: Create tailored groups for exceptions
When a standard group is too broad (or too restrictive), create a new Permission Group that matches the role.
Step 4: Assign users to groups
In Settings → Permissions:
- Add users to the appropriate Permission Groups
- Review memberships periodically (especially for admin groups)
Step 5: Test with representative users
Before rolling out broadly and testing, reach out to your Customer Success Manager or support to add the features to the group(s)
- Test each role with a real user account
- Validate the most important workflows (Responder, Collector, sharing, approvals, etc.)
Best practices
- Follow the principle of least privilege: start restrictive and expand only as needed.
- Keep membership in Security Management limited to a small number of trusted admins.
- Separate “user admin” and “security admin” responsibilities where possible.
- Review permissions regularly (especially after organizational changes).
Support
If you want help designing permission groups for your organization (or if you need a tailored setup for a specific workflow), contact Avallone support at support@avallone.io. Please find the document attached below which outlines how Avallone caters for your use cases here.