1. Introduction
This document describes the access rights system on the Neurovision platform. It is intended for account owners (owners) – here you will learn how to manage your users’ rights, what permissions are available, and how the role system works.
2. User Hierarchy
The platform uses a two-tier hierarchy:
Platform Administrator
└── Account owner (you)
└── Account usersYou (the owner) are the account creator. You determine which rights and sections are available to your users through the role system.
Users are employees you’ve invited. Their capabilities are determined by the roles you assign.
3. Types of users you can create
Users are divided into regular and advanced depending on whether the “Delegation” permission is enabled in their assigned roles.
| Capability | Regular User | Advanced User |
|---|---|---|
| Access to assigned sections | Yes | Yes |
| Actions within their permissions | Yes | Yes |
| Password change and 2FA setup | Yes | Yes |
| View “Roles” tab | No | Yes |
| Create, edit, and delete roles | No | Yes |
| Assign roles to other users | No | Yes |
| Manage IP list (“Security” tab) | No | Yes |
| Invite new users | No | Yes |
| Import users from CSV | No | Yes |
| Block and unblock users | No | Yes |
| Export user list | No | No (owner and admin only) |
4. Navigation Sections
The visibility of sections in the side menu depends on the user’s role. You control the visibility of sections through special navigation permissions in the role.
| Menu Section | What it contains | Additional Permissions Inside |
|---|---|---|
| Dashboard | Summary panel with key performance indicators | No — available if the section is visible |
| KYC/AML | History and management of KYC sessions | Yes (see section 5) |
| Face Search | Search and comparison by face image | Yes (see section 5) |
| Persons | Database of persons and lists of persons | Yes (see section 5) |
| Sources | Image sources and source groups | Yes (see section 5) |
| Access | Management of API access tokens | Yes (see section 5) |
| Settings | Management of users, roles, and security | Yes (see section 5) |
| Balance | View balance and spending | No — available if the section is visible |
The “Help” and “Documentation” sections are available to all users by default.
5. Permissions by Category
Below is a list of all permissions you can assign to users through roles. When creating a role in the editor, you will see the full permission tree.
User management
| Permission | Description |
|---|---|
| Find all user | View all users in the account |
| Find user by email | Search for a specific user by email address |
| Find user by id | View data for a specific user by ID |
| Find all roles | View the list of roles created in the account |
| See group roles | View roles assigned to the owner |
| Create role | Create a new role with a set of permissions |
| Update role | Change the name, description, or permissions of a role |
| Delete role | Delete an existing role |
| Set role to user | Assign a role to a user |
| Send invitation | Send an invitation to a new user |
| Update user | Change user data |
| Disable user | Block a user (prevent login) |
| Enable user | Unblock a previously blocked user |
| Read group | View account information |
| Update group | Change account settings |
| Giving a subordinate access to part of the owner’s partitions | Turns the user into an extended one (see section 6) |
KYC
| Permission | Description |
|---|---|
| View KYC history menu item | View KYC session history |
| View kyc documents images | Launch and view document verification |
| View selfie images | Launch and view document verification with a facial photo |
| Delete KYC sessions | Delete verification records |
| Changing the KYC session status | Manually change KYC session status |
| View kyc documents ocr | View data extracted from documents |
| View kyc documents checks | View results of automatic document checks |
KYC Schemes
| Permission | Description |
|---|---|
| Get KYC schemas | View all KYC schemas |
| Get KYC schema by ID | View details of a specific schema |
| Create KYC schema | Create a new KYC schema |
| Update KYC schema | Modify an existing schema |
| Delete KYC schema | Delete a KYC schema |
| Enable KYC schema | Activate or deactivate a schema |
| View KYC schemas | View and access the KYC schema editor |
| View unique client | View a list of unique clients |
Session Databases
| Permission | Description |
|---|---|
| Session DB — Read | View session data |
| Session DB — Create | Create a new session database |
| Session DB — Update | Modify data in the session database |
| Session DB — Delete | Delete data from the session database |
In the role editor, these permissions are located within the “Know Your Customer API Services” category.
Face search
| Resolution | Description |
|---|---|
| View search history menu item | View previously performed searches |
| Search a persons by image | Perform a search by a face photograph |
| Faces comparing on images | Create a new face comparison |
| Get list of face compares | View comparison results |
Persons (Persons faces database)
| Permission | Description |
|---|---|
| Get persons in a list | View the person database |
| Create new person in a list | Add a new person |
| Update a person information | Edit person’s data |
| Delete a person from the list | Delete a person from the database |
| Get a person information | View detailed information about a specific person |
| Get info about all lists of persons | View lists (groups) of persons |
| Create a new list of persons | Create a new list of persons |
| Update a list of persons | Edit an existing list |
| Delete a list of persons | Delete a list of persons |
| Create a fusion vector for person | Generate a unified biometric vector based on multiple photos |
| Get persons count in a list | Request the number of persons in a specified list |
Data Sources
| Resolution | Description |
|---|---|
| Get all data sources in a group | View the list of image sources |
| Get all groups of data sources | View groups that combine sources |
| Create a group of data sources | Create a new group |
| Update a group of data sources | Edit an existing group |
| Delete a group of data sources | Delete a group of sources |
| Create a data source in a group | Create a new source in a group |
| Update a data source in a group | Edit source settings |
| Delete a data source in a group | Delete an individual source |
Access Tokens (Security)
| Permission | Description |
|---|---|
| Get all access tokens | View the list of API tokens |
| Create an access token | Generate a new access token |
| Update an access token | Change token settings |
| Delete an access token | Delete a token |
Logs (Logs view and export)
| Resolution | Description |
|---|---|
| Face search logs | View and export Face Search logs |
| KYC logs | View and export KYC operation logs |
Image Visibility (Interface)
Individual permissions control which images the user sees in the interface:
| Resolution | Where it is used |
|---|---|
| View face images | Face search results |
| View kyc documents images | KYC sessions |
| View selfie images | KYC sessions |
| View face crops images | KYC sessions |
| View persons face images | Persons database |
If these permissions are not included in the role, the user will see session/person data, but the images themselves will be hidden.
API Permissions
When creating roles in the editor, you will also see permissions for API operations. These define which API calls are available through user-bound tokens.
Face recognition
| Resolution | API Operation Name |
|---|---|
| Faces detection on images | detect |
| Search a persons by image | faceSearchImage |
| Search a person by vector | faceSearchVector |
| Get face searches | faceSearches |
| Add compare | compareAdd |
| Get compares | compares |
Face features check
| Resolution | API Operation Name |
|---|---|
| Get ethnicity by face (Ethnicity) | featureEthnicity |
| Get gender by face (Gender) | featureGender |
| Get age by face (Age) | featureAge |
| Get face landmarks (Landmarks) | featureLandmarks |
| Get mood by face (Mood) | featureMood |
| Check glasses on face (Glasses) | featureGlasses |
| Check mask on face (Mask) | featureMask |
| Check face is alive (Liveness) | featureAlive |
| Check animal on image (Check animal in image) | featureAnimal |
Know Your Customer API Services
| Resolution | API Operation Name |
|---|---|
| Active liveness (Liveness check) | livenessCreate |
| Process document (Document check) | kycDocument |
| Process document & selfie (Document and selfie) | kycDocumentAndSelfie |
| Process document & selfie with document (Document and selfie with document) | kycDocumentAndSelfieWithDocument |
6. Delegation: Advanced Users
By adding the “Delegation” permission to a role, you create an extended user. This opens up additional capabilities for them:
- Roles Tab in the Settings section — creating, editing, and deleting roles
- Assign roles to other users
- Security Tab — IP list management (whitelist)
- Invite new users to the account
- Import users from CSV
- Blocking and unblocking users
Important: An advanced user can only assign permissions to others that are present in their own roles. Since upon creation, they receive a copy of the owner’s rights (without delegation), their capabilities initially match yours. If you later change their role, their ability to assign rights will change accordingly.
7. Step-by-step instructions
User Invitation
- Go to Settings → Users
- Click the invite button
- Enter your email, first name, and last name
- The system will create a user, assign them a role with a copy of your permissions (excluding delegation), and send an invitation email
- New user will accept the invitation and set a password
- If necessary, change the role of the new user (see “Assigning a Role”)
Import users from CSV
- Go to Settings → Users
- Open the group card
- Click the import from file button
- Upload a CSV file with the columns:
email,firstName,lastName,password - The system will create users and send invitations
Available to the owner and advanced users with invitation permissions.
Creating a role
- Go to Settings → Roles
- Click Create Role
- Step 1 — Basic information: enter a name (3–64 characters) and description (optional)
- Step 2 — Permissions: check the necessary permissions in the tree
- Checking the parent item automatically includes all nested items
- Unchecking a child item unchecks its parent
- Only permissions that you have as the owner are available
- Step 3 — Review: check the selected permissions and confirm
Editing role
- Go to Settings → Roles
- Click the desired role
- Change the name, description, or set of permissions
- Save changes
Role Assignment
- Go to Settings → Users
- Open the user card
- In the **Roles** section, enable or disable the desired roles
- Press Save
Blocking and unblocking a user
- Go to Settings → Users
- Open the user card
- Click Deactivate to block or Activate to unblock
- A blocked user will not be able to log in, but their data will be saved
IP List Management
- Go to Settings → Security
- Add or remove IP addresses from the whitelist
- Users will only be able to log in from allowed IP addresses
The IP list affects all users of the account, including you.
8. Cascading Permission Changes
If the platform administrator changes your permission set, it automatically affects all account users:
- Revoking permission from the owner — the permission is automatically removed from all roles in the account. Users lose this capability.
- Adding permission to the owner — the permission becomes available for assignment in roles, but does not appear in existing roles automatically. You need to manually add it to the desired roles.
9. FAQ
Why doesn’t the user see some sections in the menu? Section visibility depends on the role. Check if the necessary navigation permissions are enabled in the user’s role.
Why can’t a user perform an action even though they see the section? Section visibility and permissions to perform actions within it are different settings. A user may have access to a section but not to a specific operation. Add the necessary permissions to their role.
Can a user be given more permissions than I have? No. When creating a role, only the permissions that you have as the account owner are available. The set of your permissions is determined by the platform administrator.
What happens if a role assigned to users is deleted? Users will lose all permissions of that role. If a user had only one role, they will be able to log in but will not see the work sections.
How can a user change their password or set up 2FA? The user can independently go to the profile settings (user icon in the upper right corner).