Overview
Didit uses a role-based access control (RBAC) system to manage what team members can do in the console. Each member is assigned a role, and each role has a set of permissions that control access to specific features.Default roles
Didit provides five built-in (system) roles that cover common team structures:| Role | Description |
|---|---|
| Owner | Full access to all features including organization management, billing, and role management. Only owners can transfer ownership or delete the organization. |
| Admin | Full management access to verification features, team members, and application settings. Cannot delete the organization or manage roles. |
| Compliance Officer | Focused on reviewing sessions, managing AML/blocklists, viewing audit logs, and handling transactions and business profiles. |
| Developer | Manages workflows, webhooks, API keys, questionnaires, and application configuration. Read-only access to verification sessions. |
| Reader | Read-only access to all console sections. Cannot modify any data. |
Custom roles
Organization owners can create custom roles with specific permission combinations tailored to your team’s needs. To create a custom role:- Go to Settings > Roles
- Click Create Role
- Enter a name, slug, and description
- Select the permissions you want to grant
- Click Create Role
Permission reference
Permissions follow anaction:resource format. The available actions are:
- read — View a resource
- write — Update a resource
- create — Create new instances of a resource
- delete — Remove a resource
- list — List multiple instances of a resource
Resource permissions
| Resource | Available actions | Console section |
|---|---|---|
organization | read, write, delete | Organization settings |
members | read, list, write, delete | Team members |
roles | read, list, write, create, delete | Role management |
applications | read, list, write, create, delete | Application settings |
sessions | read, list, create | Verification sessions |
session-status | write | Update session/feature status |
users | read, list | End-user directory |
businesses | read, list, write | Business profiles (KYB) |
transactions | read, list, create, write | Transaction monitoring |
workflows | read, write, create, delete | Workflow editor |
questionnaires | read, write, create, delete | Questionnaires |
customization | read, write | White-label branding |
lists | read, write, create, delete | Lists (blocklists/allowlists) |
blocklist | read, write, create | Blocklist management |
webhooks | read, write, create, delete | Webhook destinations |
api-keys | read, write | API key management |
analytics | read | Analytics dashboard |
audit-logs | read, list | Audit logs |
subscription | read, write | Billing and usage |
invoices | read, list | Invoice management |
saml | read, write | SSO/SAML configuration |