Each user group has certain permissions. The permissions are separated into "Functions" and "Content" according to the two tabs:
Permissions for functions
The function permissions determine which konfipay functions the members of the user group have access to. The functions are divided into program functions (operational functions such as payment transactions) and administration functions (client management).
Within the program and administration functions, there are groups of functions sorted by topic. For example, you can expand all functions from the "EBICS" group by clicking on the small arrow on the left:
If a box for a function or function group in a user group is empty, then this user group does not have access to this function. If a tick is placed in the box, this user group has access to the function. If there is a dash in the box for a user group, the user group has partial access to this function group.
Certain functions are quite "powerful" and are therefore considered critical. Critical authorizations are marked with an orange warning symbol and an explanation. We recommend checking the assignment of critical permissions to user groups in detail.
Permissions for content (content restrictions)
As an administrator, you can restrict which type of content a user group can see. You can set the user group to not view certain payment types or data on certain bank accounts (blacklist). Alternatively, you can also set that the user group can see data exclusively on certain payment methods or bank accounts (whitelist).
To do this, first click on the "Content" tab on the right when managing the user group. Then click on
Add in the toolbar to create a rule. In the top line, select whether the rule should apply to payment types or bank accounts and whether this content should be visible or not.
Then select the appropriate payment method or bank account for the rule in the second line. If required, you can also select multiple payment methods or bank accounts.
Combine different user groups
To avoid having to create a new user group for each use case, you can also add a user to several user groups at the same time. The permissions and restrictions are then combined so that you can cover many application areas with just a few user groups.
If function permissions of different groups are combined, this works additively - i.e. if a user is in several user groups and only one of their user groups has access to a function, the user also has access to the function.
Content restrictions are also additive - that is, if a user is in several user groups and one of their user groups is subject to a content restriction, the user is also subject to this content restriction.
You can check the permissions and restrictions of an individual user in their permissions matrix at any time to ensure that the permissions are set correctly. Read here how this works exactly.
In this document you will find some application examples that illustrate how different user groups can be combined in konfipay.