Skip to main content
Access in Palladium AI is governed by a simple but powerful role system. Every user who belongs to a team is called a member of that team, and every member carries exactly one role that determines which actions they can take and which data they can reach. Roles are scoped to individual teams, so the same person can hold different levels of authority depending on which cooperative or branch they are operating in.

The Membership Model

When a user is invited to a team, they are added as a member with an assigned role. That membership record ties the user to the team and controls everything they can do within it. The same user account can hold independent memberships — with independent roles — across multiple teams simultaneously. This means:
  • An individual who manages one SACCO and sits on the committee of another can be an admin in the first team and a member in the second.
  • Changing a user’s role in one team has absolutely no effect on their role or access in any other team.
  • Removing a user from a team revokes their access to that team without affecting their memberships elsewhere.

Roles and Permissions

Palladium AI defines three roles. Each role is a strict superset of the one above it — admin can do everything a member can, and platform_owner can do everything an admin can.
RoleApply for LoansView All RecordsApprove/Reject LoansInvite MembersManage API Catalog
member✓ (team scope)
admin✓ (team scope)
platform_owner✓ (all teams)
member — The default role for anyone joining a team. Members can submit loan applications on their own behalf and view all financial records within the team, including other members’ savings and loan data. They cannot take any administrative actions. admin — Designed for branch managers and cooperative officers. Admins have all member capabilities plus the ability to approve or reject loan applications, invite new members to the team, and adjust team settings. Their data access remains scoped to their own team. platform_owner — A platform-wide superuser role. Platform owners have unrestricted access across every team on the platform and are the only role that can manage the API catalog. Assign this role only to central IT staff or platform administrators.
Assign the admin role to branch managers so they can independently manage their team without involving platform owners. This keeps day-to-day operations decentralised while preserving central oversight at the platform level.

Changing a Member’s Role

Admins can change any team member’s role directly from the Members page. To update a role:
  1. Navigate to your team’s Members page at /dashboard/[teamId]/members.
  2. Locate the member whose role you want to change.
  3. Open their options menu and select Change role.
  4. Choose the new role and confirm.
The change takes effect immediately. The affected user’s permissions update on their next action — they do not need to sign out and back in.

Removing a Member

Removing a member from a team revokes their access to that team entirely. They will no longer be able to sign in and reach any of the team’s pages or data. However, removing a member does not delete their financial records. All savings deposits and loan applications they submitted remain in the team’s records and continue to contribute to team-level metrics such as Portfolio Balance and total savings. This policy ensures your cooperative maintains a complete and auditable financial history even when members leave or are offboarded.