Portal User Roles and Permissions

Purpose: Explains the different user roles in the portal, their responsibilities, and what they can access.

Audience: Internal team members, new hires, and anyone needing to understand portal access levels.

Last Updated: 2026-01-04

Overview

The portal uses a role-based access system where different types of users have different permissions and can see different information. A single user can have multiple roles, allowing them to wear different "hats" depending on what they're doing.

User Roles

Super Admin

Scope: Everything, across all companies and sites

Can Do:

• Access all features and all data
• Manage all users, brokers, and branches
• Change system-wide settings and configurations
• Impersonate any user to see what they see

Who Has This: Platform administrators only

Lender Admin

Scope: Everything within their lending organization

Can Do:

• Create and manage broker partnerships
• Create and manage all portal users in their organization
• Configure underwriting rules (AUS rules)
• Manage email templates
• View all loans and reports for their organization
• Restore deleted applications
• Cannot impersonate users (Super Admin only)

Who Has This: Senior management at the lending company

Account Executive

Scope: Assigned broker relationships

Can Do:

• Manage relationships with specific broker partners
• View loans for their assigned brokers
• Limited user management for their broker relationships

Who Has This: Relationship managers working with broker partners

Broker Admin

Scope: Their entire broker organization

Can Do:

• Create and manage branch locations (subsidiaries)
• Hire and manage Loan Officers and Processors within their broker
• View all loans originated by anyone in their broker organization
• Cannot create other Broker Admins

Who Has This: Owners or executives at broker partner companies

Branch Manager

Scope: Their specific branch/subsidiary

Can Do:

• Manage Loan Officers and Processors in their branch
• View all loans in their branch
• Cannot create branches or other Branch Managers

Who Has This: Branch managers at broker partner locations

Loan Officer

Scope: Only their own borrowers

Can Do:

• Create new borrower applications
• Invite borrowers to start applications
• View and manage loans they originated or are assigned to
• Run credit checks for their borrowers
• Send emails and communicate with their borrowers
• Use the loan calculator to price loans
• Cannot see other Loan Officers' borrowers

Who Has This: Licensed loan originators (both retail and wholesale)

Special Note: Loan Officers must have:

• NMLS license number
• List of licensed states where they can originate loans
• Association with a specific branch or the main company

Processor

Scope: Loans assigned to them

Can Do:

• Process loan applications assigned to them
• Upload and review documents
• Request additional documents from borrowers
• Update loan information
• Track and complete loan conditions
• Cannot create new loan applications
• Cannot see unassigned loans

Who Has This: Loan processing staff who assist Loan Officers

Underwriter

Scope: All loans in the organization (read and review access)

Can Do:

• Review all loan applications
• Approve or deny loan conditions
• Override automated underwriting system (AUS) rule results
• Add internal notes and conditions
• Cannot create new applications
• Cannot send emails to borrowers (read-only on communication)

Who Has This: Underwriting staff who make final loan decisions

Role Hierarchy

The system follows a hierarchical structure where higher roles can manage lower roles:

Super Admin (highest)
    └── Lender Admin
        ├── Account Executive
        └── Broker Admin
            └── Branch Manager
                ├── Loan Officer
                └── Processor (lowest)

Underwriter sits outside this hierarchy with organization-wide read access.

What Each Role Can See

Borrower Lists

User Management Permissions

Who can create and manage other users:

Multiple Roles

A user can have multiple roles in different contexts. Common examples:

Example 1: Loan Officer at Two Branches

• A person works as a Loan Officer at Branch A in California
• Same person also works as a Loan Officer at Branch B in Texas
• They have two separate Loan Officer roles, each with different licensed states
• When viewing borrowers, they see applications from both branches

Example 2: Branch Manager Who Also Originates

• A person is a Branch Manager (manages the branch)
• Same person also has a Loan Officer role (originates their own loans)
• They can manage other Loan Officers AND create their own borrower applications

Example 3: Processor Who Assists Multiple Branches

• A person processes loans for Branch X
• Same person also processes loans for Branch Y
• They have two Processor roles and see assigned borrowers from both branches

Important Notes

Retail vs. Wholesale

Retail Loan Officers:

• Employed directly by the lending company
• Associated with the main organization (not a broker)
• No broker partner affiliation

Wholesale Loan Officers:

• Work for broker partner companies
• Associated with a specific broker and branch
• Submit loans to the lender for underwriting and funding

The system supports both types with different role configurations.

Licensed States

Loan Officers must specify which states they are licensed to originate loans in. This affects:

• Which borrowers they can be assigned to (based on property state)
• Which states appear in the loan calculator
• Compliance and regulatory requirements

Example: A Loan Officer licensed in California, Texas, and Florida can only work with borrowers whose properties are in those three states.

Security Features

OTP (One-Time Password) Requirement:

• Super Admins, Lender Admins, Loan Officers, and Branch Managers must verify their identity with a 6-digit code sent via text message when logging in
• This adds an extra layer of security for sensitive roles
• Processors and other roles may not require OTP (configurable)

Impersonation:

• Only Super Admin and Lender Admin can impersonate borrowers
• Impersonation allows admins to see exactly what a borrower sees to help troubleshoot issues
• All impersonation actions are logged for security and audit purposes

Permission Updates

Real-Time Changes:

• When an admin changes a user's roles or permissions, the changes take effect immediately
• Users do not need to log out and log back in
• The system checks permissions fresh on every action for security

Audit Trail:

• All role changes are logged
• Admins can see who made changes and when
• This ensures accountability and compliance

Common Scenarios

Scenario 1: New Loan Officer Onboarding

1. Lender Admin (or Broker Admin) creates a new Loan Officer user
2. Assigns them to a branch
3. Specifies their licensed states (e.g., CA, TX, FL)
4. Adds their NMLS license number
5. Sets their LO tag (unique identifier)
6. Loan Officer receives welcome email with login credentials
7. Loan Officer can immediately start creating borrower applications

Scenario 2: Broker Partnership Setup

1. Lender Admin creates a new Broker Partner organization
2. Creates a Broker Admin user for that partner
3. Broker Admin logs in and creates branch locations
4. Broker Admin hires Loan Officers and assigns them to branches
5. Loan Officers at that broker can now originate loans that flow to the lender

Scenario 3: Underwriter Review Process

1. Borrower completes application
2. Application appears in Underwriter's review queue
3. Underwriter reviews all documents and AUS rule results
4. Underwriter can override failed AUS rules if justified
5. Underwriter adds conditions for the borrower to complete
6. Processor assists borrower with completing conditions
7. Underwriter gives final approval

Summary Table

Questions?

For questions about roles and permissions, contact your system administrator or refer to internal training materials.