Administration
Everything under Administration configures the platform and the people who run it. Each page is gated by a permission, so the section only shows what your role allows.
Users
Invite, edit, activate/deactivate users and assign their roles and direct permissions. Deactivating an account revokes its live sessions immediately (the next request is a 401).
Roles
Roles are named bundles of permissions. A user's effective permissions are the union of their role grants and any direct grants. The seeded Admin role holds every permission; a Partner role holds only the partner-API permissions and anchors partner API keys (see Partner API → Authentication).
Products
Loan products define how loans price and behave: interest rate, repayment method, day-count convention, borrowing fees, transaction fees, rounding, grace periods, and APR caps.
Permissions
The read-only catalog of every permission the app defines, grouped by area. Permissions are code-defined and reseeded automatically, so this is always in sync with what the handlers enforce.
Audit log
Every change to an audited entity is recorded — the table, the action, the before/after snapshot, who did it, and when. Role and permission grants are audited too. The list supports persisted, shareable filters.
There's also a Login attempts page (sign-in successes and failures) alongside the change log.