Roles & Permissions
AEX uses a role-based access control (RBAC) system backed by Microsoft Entra ID. Each user is assigned to exactly one role group, which maps to a fixed set of permissions. Permissions are embedded in the user's JWT token and evaluated on every request.
Roles
There are five roles in the system:
| Role | Description |
|---|---|
viewer | Read-only market participant — can view market data, credit, and documentation |
trader | Can place and manage orders on the market |
credit-manager | Manages credit limits and approves credit requests; does not have trading access |
entity-admin | Full entity administration — manages users, invitations, credit, and documentation for their entity |
operator | Platform operator with global scope — can control the market, manage all entities, and promote users |
Roles are hierarchical in practice, but permissions are not inherited — each role has its own explicit set. The operator role is the only one with the Global scope modifier, which lifts entity isolation restrictions across the platform.
Permissions
There are 19 discrete permissions, each named {Domain}.{Action}:
Market Permissions
| Permission | Description |
|---|---|
Market.View | View market data, order book, and price feeds |
Market.Trade | Place, modify, and cancel orders; access Curve Manager and Compliance Dashboard |
Market.Operate | Halt and resume the market; access market operations controls |
Market.Config.View | View market configuration settings |
Market.Config.Manage | Propose changes to market configuration |
Market.Config.Approve | Approve or reject configuration change proposals |
Credit Permissions
| Permission | Description |
|---|---|
Credit.View | View credit limits and utilisation |
Credit.Manage | Create, modify, and delete credit limits |
Credit.Approve | Approve credit limit requests from counterparties |
Credit.Override | Override credit checks (operators only — audited) |
Documentation Permissions
| Permission | Description |
|---|---|
Docs.View | View ISDA documentation status for counterparties |
Docs.Manage | Update ISDA documentation status |
User and Entity Permissions
| Permission | Description |
|---|---|
Users.View | View user accounts within your entity |
Users.Manage | Create and manage user accounts within your entity |
Users.Promote | Change a user's role (operators only — audited) |
Invitations.View | View pending invitations |
Invitations.Send | Send invitations to new users |
Entity.View | View entity details |
Entity.Manage | Create and manage entities (operators with Global scope only — audited) |
Global Scope Modifier
Global is not a permission — it is an Entra App Role assigned exclusively to operators. It lifts entity isolation so that an operator can act on any entity, not just their own. All sensitive operations by operators are recorded in the audit log.
Role to Permission Mapping
The table below shows which permissions each role holds:
| Permission | viewer | trader | credit-manager | entity-admin | operator |
|---|---|---|---|---|---|
Market.View | ✓ | ✓ | ✓ | ✓ | ✓ |
Market.Trade | ✓ | ✓ | ✓ | ||
Market.Operate | ✓ | ||||
Market.Config.View | ✓ | — | |||
Market.Config.Manage | ✓ | ||||
Market.Config.Approve | ✓ | ||||
Credit.View | ✓ | ✓ | ✓ | ✓ | ✓ |
Credit.Manage | ✓ | ✓ | ✓ | ||
Credit.Approve | ✓ | ✓ | ✓ | ||
Credit.Override | ✓ | ||||
Docs.View | ✓ | ✓ | ✓ | ✓ | |
Docs.Manage | ✓ | ✓ | |||
Users.View | ✓ | ✓ | ✓ | ✓ | |
Users.Manage | ✓ | ✓ | |||
Users.Promote | ✓ | ||||
Invitations.View | ✓ | ✓ | |||
Invitations.Send | ✓ | ✓ | |||
Entity.View | ✓ | ✓ | ✓ | ✓ | |
Entity.Manage | ✓ | ||||
Global (scope modifier) | ✓ |
Market.Config.View appears in the entity-admin role in some contexts. Actual permissions for your account are determined by your Entra group assignment — contact your platform administrator if you need to verify your exact permission set.
What Each Permission Unlocks in the UI
Market.Trade
- Place, modify, and cancel orders via the order ticket and order blotter
- Access the Curve Manager pane (Market Maker mode)
- Access the Compliance Dashboard pane (Market Maker mode)
- Use the Curve and Compliance tabs in the bottom panel (Market Maker mode)
Without Market.Trade, the Curve Manager and Compliance Dashboard display an access message instead of their content.
Market.Operate
- Access market operations controls in the Admin panel
- Halt and resume the market
- Access the global Documentation tab (requires
Globalmodifier as well) - Perform engine-level resets and diagnostics (requires
Globalmodifier)
Credit.View / Manage / Approve / Override
- Credit.View — View the Credit tab showing your entity's credit utilisation and counterparty limits
- Credit.Manage — Create, edit, and delete credit limit configurations; submit credit limit requests
- Credit.Approve — Approve or reject credit requests submitted by counterparty entities (must be from a different entity than the requester)
- Credit.Override — Bypass credit checks on order submission; every use is recorded in the audit log
Entity.View / Manage
- Entity.View — View entity details; required to see counterparty information in the credit panel
- Entity.Manage — Create and configure entities in the Entities admin tab (requires
Globalscope — operators only)
Users.View / Manage / Promote
- Users.View — View user accounts and their roles in the Users admin tab
- Users.Manage — Invite, edit, and deactivate users within your entity
- Users.Promote — Change a user's role; every promotion is recorded in the audit log (operators only)
Invitations.View / Send
- Invitations.View — View pending and accepted invitations in the Invitations admin tab
- Invitations.Send — Send new invitations to onboard users to your entity
Docs.View / Manage
- Docs.View — View ISDA documentation status per counterparty in the credit panel
- Docs.Manage — Update documentation status and notes; access the global Documentation admin tab (operators with
Globalonly)
Market.Config.View / Manage / Approve
- Market.Config.View — View current market configuration settings
- Market.Config.Manage — Propose changes to configuration (e.g. market hours, product catalogue) in the Configuration admin tab
- Market.Config.Approve — Approve or reject pending configuration proposals; a different user from the proposer must approve
Admin Panel Access
The Admin tab appears in the bottom panel only when you hold at least one of the following permissions: Entity.View, Users.View, Invitations.View, Market.Config.Manage, or (Market.Operate + Global). The tabs visible within the Admin panel depend on your specific permissions:
| Admin Tab | Required Permissions |
|---|---|
| Entities | Entity.View + Global |
| Users | Users.View |
| Invitations | Invitations.View |
| Documentation | Market.Operate + Global |
| Configuration | Market.Config.Manage |
| Support | Any admin-level permission (same as panel access) |
Audited Permissions
The following permissions trigger an audit log entry on every evaluation:
Market.OperateMarket.Config.ManageMarket.Config.ApproveCredit.OverrideUsers.PromoteEntity.Manage
Audit entries capture the timestamp, user ID, entity ID, permission checked, target entity, and the grant/deny outcome. These satisfy NZISM v3.9 privileged access monitoring requirements.
Next Steps
- Account Setup — How to activate your account and first login
- View Modes — How roles interact with Trader and Market Maker modes
- Curve Manager — Requires
Market.Trade - Compliance Dashboard — Requires
Market.Trade