User Roles & Permissions for Financial Security

Running a business means wearing a lot of hats-and when it comes to your company’s finances, you want to make sure the right people have the right access, without opening the door to risk. That’s where Holdings’ robust user roles and permissions come in. Whether you’re a solopreneur scaling up, a seasoned business owner, or somewhere in between, understanding how to assign roles is key to keeping your money safe, your data secure, and your team humming along efficiently.

Let’s break down exactly how Holdings’ roles and permissions work, why they matter for your business banking, and how you can use them to build a financial system that’s both secure and flexible.

Why User Roles & Permissions Matter for Modern Business Banking

Think of your Holdings account as the digital vault for your business-packed with sensitive information, payment data, and the keys to your financial future. But just like you wouldn’t hand out keys to your storefront or office to everyone, you shouldn’t give blanket access to your online banking or accounting platform.

User roles and permissions are your first line of defense against:

• Data breaches and unauthorized access

• Credential stuffing attacks (where bad actors use stolen passwords from other sites to try to break in)

• Phishing attempts targeting your team

• Accidental errors from well-meaning employees clicking the wrong button

By giving each team member only the access they need, you reduce risk, increase accountability, and make it easier to audit who did what, when. This is especially important as your business grows and you add more people to your financial operations.

The Four Key Roles in Holdings

Holdings keeps things simple but powerful, offering four distinct roles-each with a clear purpose and set of permissions. Here’s how they stack up:

Let’s dive into what each role can (and can’t) do.

SuperAdmin: The Captain of the Ship

The SuperAdmin is the account owner-the person with the keys to the kingdom. There can only be one SuperAdmin per Holdings account, ensuring clear ownership and ultimate responsibility.

SuperAdmin Permissions:

• Full control over all account functions: If it can be done in Holdings, the SuperAdmin can do it.

• View balances and company details: See every deposit account, credit card, and financial resource linked to the business.

• Make money movements: Initiate ACH transfers, wires, or move funds internally between accounts.

• Manage external accounts: Link, update, or remove outside bank accounts.

• Add team members and edit their permissions: Invite new users, assign or change roles, and remove access.

• Export transaction data and manage integrations: Download transaction history, connect to accounting tools like QuickBooks, and manage API integrations.

• Transfer SuperAdmin status: Pass the torch to another Admin when needed.

Best For: The business owner or primary decision-maker who needs full visibility and control over all aspects of the organization’s finances.

Admin: Trusted Right-Hand for Financial Operations

Admins are your go-to team members for handling the day-to-day financial heavy lifting. They have almost all the powers of a SuperAdmin, minus the ability to transfer account ownership.

Admin Permissions:

• View all balances and company details

• Make money movements (ACH, wire, internal)

• Manage external accounts (link, update, unlink)

• Add or remove team members and edit their permissions (except for SuperAdmin)

• Export transaction data and manage integrations

Best For: Senior managers, finance leads, or trusted employees who need to keep the business running smoothly but don’t need full account ownership.

Member: Eyes on the Data, Hands Off the Money

Members are your “look, don’t touch” users. They get the visibility they need to do their jobs-like tracking budgets or reviewing analytics-without the ability to move money or change settings.

Member Permissions:

• View balances and company details

• See linked accounts (read-only)

• View the team directory (who’s who, but not able to edit)

• Export transaction data for reporting

Best For: Employees who need access to financial information for their roles-think marketing managers reviewing campaign budgets, or project leads checking spend-but shouldn’t be able to make payments or change account settings.

Bookkeeper: The Watchful Eye for Reporting

Bookkeepers are granted read-only access, perfect for reconciling accounts, preparing for tax season, or generating reports-without the risk of accidental (or intentional) changes.

Bookkeeper Permissions:

• View balances and company details

• See linked accounts (read-only)

• View team members (read-only)

• Export transaction data for bookkeeping or tax prep

Best For: External accountants, bookkeepers, or anyone responsible for maintaining accurate financial records but who shouldn’t have the ability to move money or edit account settings.

How Holdings Roles & Permissions Keep Your Business Safe

Access control isn’t just about convenience-it’s a critical part of your business’s security posture. Here’s how Holdings’ approach helps you sleep easier at night:

• Minimize risk of data breaches: By limiting who can access sensitive data or initiate payments, you shrink your attack surface and make it harder for bad actors to do damage.

• Combat credential stuffing: Even if a team member’s password is compromised, limited permissions mean a hacker can’t drain your accounts or export sensitive information.

• Enable easy audits: With clear logs of who did what, when, you can quickly audit actions for compliance, catch mistakes, and spot suspicious activity.

• Protect against accidental errors: Sometimes the biggest risk is a simple mistake-like a new hire clicking the wrong button. With role-based permissions, you can ensure only the right people have access to critical features.

Assigning Roles: Best Practices for SMBs

Choosing who gets which role isn’t just a technical decision-it’s a business strategy. Here’s how to get it right:

• Grant permissions based on real responsibilities: Only give Admin access to those who truly need it. For most employees, Member or Bookkeeper roles will provide all the visibility required.

• Review roles regularly: As your business evolves, so do your team’s responsibilities. Set a quarterly reminder to audit roles and permissions, ensuring no one has more access than they need.

• Limit SuperAdmin transfers: Only transfer SuperAdmin status when absolutely necessary-like a change in ownership or leadership. This keeps your account security tight and your chain of command clear.

• Monitor activity logs: Holdings provides activity tracking so you can see who’s doing what. Use this feature to spot unusual behavior or potential security issues2.

Real-World Scenario: How a Growing Business Uses Holdings Roles

Let’s say you run a fast-growing marketing agency:

• You (the founder) are the SuperAdmin. You oversee all accounts, approve big payments, and manage integrations with your accounting software.

• Your operations manager is an Admin. They handle daily money movements, onboard new team members, and manage external bank accounts.

• Your marketing lead is a Member. They need to view campaign budgets and export transaction data for reporting, but can’t touch the money.

• Your external CPA is a Bookkeeper. They log in during tax season to reconcile accounts and export transaction data, but can’t make changes or move funds.

This structure gives everyone exactly what they need-no more, no less-making your financial operations both efficient and secure.

Managing Team Members: Adding, Removing, and Transferring Roles

Adding a Team Member:

• Head to the Team section in your Holdings dashboard.

• Invite a new user by entering their email address and choosing the appropriate role.

• The new user receives an invitation to set up their login credentials-ensuring secure onboarding.

Removing a Team Member:

• Go to the Team section, select the user, and click “Remove Team Member.”

• Once removed, that email address can’t be reused unless you send a new invitation from scratch-a security measure to prevent unauthorized re-access.

Transferring SuperAdmin Status:

• Only one SuperAdmin is allowed per account.

• To transfer, select your profile, click “Transfer SuperAdmin Status,” and choose a new Admin to promote.

• Confirm the transfer and make sure the new SuperAdmin is fully briefed on their responsibilities.

Frequently Asked Questions About Holdings Roles & Permissions

Can I customize permissions beyond the default roles?
Holdings’ four roles are designed to cover the most common business scenarios, keeping things simple and secure. For custom needs, reach out to our customer service team-we’re always listening to feedback!

What happens if someone leaves the company?
Remove their access immediately via the Team section. This prevents former employees from accessing sensitive data or making changes after they’ve left.

How does Holdings protect against common online banking threats?
Role-based access control, two-factor authentication, and regular audits all work together to guard against data breaches, credential stuffing, and phishing attempts.

Holdings vs. Traditional Banks: Why Our Permissions System Stands Out

At Holdings, we believe banking should reward you for being a good customer-not punish you with fees or make you jump through hoops to get support. Here’s how our approach to roles and permissions gives you an edge:

• Zero fees and maximum perks: No hidden charges for adding users or managing permissions.

• High APY rates: Your money earns up to 3.0% APY while you stay in control.

• Integrated accounting and bookkeeping: Assign the right roles and let your team handle the books without risking accidental payments or data leaks.

• All-in-one platform: No more juggling disconnected systems-manage banking, payments, and team access from one dashboard.

Key Takeaways: Building a Secure, Efficient Team with Holdings

• Assign roles based on actual job duties, not just titles.

• Use Admin sparingly; most users only need Member or Bookkeeper access.

• Review and audit permissions regularly-especially after team changes.

• Take advantage of Holdings’ activity logs for peace of mind.

• Enjoy seamless collaboration, zero-fee banking, and high-yield APY-all with the security your business deserves.

Ready to streamline your business banking and protect your financial data?
Holdings’ user roles and permissions make it easy to grow your team, work smarter, and keep your money safe. Because your business hustle deserves banking that works just as hard as you do.

This guide is your starting point for mastering roles and permissions in Holdings. If you have specific questions or unique scenarios, our friendly support team is here to help-no jargon, no runaround, just real answers for real business owners.