We give our clients the ability to create users through User Access Rights. The assignment of users and their access rights is controlled by an organization's Security Officer(s). Individual accounts can also add users and assign access rights to them, but these accounts do not have access to the full range of user access rights functionality available to Security Officers for institutional accounts.
Institutional accounts can add up to 250 users, including employees and non-employees. Access rights to the different functions in Account Management can be limited for each of those users. In addition, we also offer an authorization feature to institutional accounts wherein multiple users must approve certain Account Management requests, such as funding transactions.
The complete User Access Rights system, including the ability to select Security Officers and use authorizations, is available to the following account structures:
ALL account structures have the ability to add users to an account and assign them access rights to Account Management functions EXCEPT:
User access rights are organized into access groups that correspond to these Account Management menus:
Each access group contains several functions, which themselves correspond to the individual functions in Account Management. When assigning access rights to a user, you can assign access rights to an entire access group and all of its individual functions, or you can assign access rights to the individual functions themselves.
All account users automatically get rights to Security-related functions in Account Management (Password, Secure Login System, Secure Login System Device Sharing, and Voting Subscriptions), and the functions in the Settings > Settings access group (User Information and Change Email Address).
Individual account holders cannot grant Funding rights to new users that they add. Security Officers for institution accounts CAN however grant Funding rights.
Add new users and assign access rights to them on the Settings > Account Settings screen.
A user role is a set of user access rights saved with a unique name. User roles allow Security Officers (and individual account holders) to save a set of user access rights and quickly apply them to users. This is useful if you have multiple users to add to an account. User roles work the same way as user access rights: functions are organized into access groups based on the Account Management menu structure, and you expand each access group to view and assign rights to functions located in second-level menus. You can select a user role only if you have created and saved at least one.
Create user roles on theSettings > Account Settings screen.
The assignment of access rights to users is controlled by an organization's Security Officer. Security Officers are designated employees who can assign access rights and authorize functions. For example, a Security Officer might want to give User A the ability to only trade, while giving User B only the ability to look at account statements. User C might only be able to trade client accounts 1-5, while User D can trade client accounts 6-10. The Security Officer can also add, modify and delete users.
Institutional account holders can add Security Officers to their account during the account application process, if they require additional Security Officers for authorization purposes. To add Security Officers after your account is open, you must send a paper form request to us.
As an added layer of security, you can require that any changes made by one Security Officer be approved by one or two other Security Officers. To change the number of Security Officer approvals required, you must complete and submit a request form.
Security Officers can view account-level access rights on the Access Rights > Configure page in Account Management but cannot change them without a special request to us.
If your organization requires additional security for Account Management functions, you can appoint authorizers to approve requests. Authorizers are users who provide additional layers of security for different Account Management functions such as funding requests.
For more information, see Authorizers.
Organizations can follow these steps to set up a user access rights implementation that includes Security Officers and authorizations.