HELOCS Help Center
Requests
Support
In this article
OverviewRole TiersRole DirectoryImportant Notes for Administrators
Home
Admin / Advanced Articles

Portal Roles and Access Permissions

Edited

Overview

The portal uses a role-based access control (RBAC) system. Every user is assigned a single role that determines which features they can access and which loan files or accounts fall within their scope. Roles are organized into tiers from platform-wide administration down to individual loan contributors so that each team member sees only what they need to do their job.


This article describes each available role and provides a full permissions matrix so administrators can quickly determine the right role for each new team member.


Role Tiers

Roles are grouped into four tiers based on the breadth of access they provide:

Tier

Roles & Scope

Platform

Corporate Admin Full access across the entire platform, all companies, branches, and applications.

Company

Company Manager, Company AE Scoped to one or more companies and their associated users and data.

Branch

Branch Manager, Branch AE Scoped to one or more branches within a company.

Individual

Loan Officer, LO AE, Processor, Underwriter, AUS Manager Scoped to assigned loans or specific system functions.

Role Directory

The following section describes each role in detail including who it is intended for, what scope of access it grants, and key capabilities.

Platform Tier

PLATFORM   Corporate Admin

The highest-privilege role in the portal. Corporate Admins have unrestricted access to every feature, company, branch, application, and system setting. This role should be reserved for platform administrators only.

  • Manages all companies and branches across the entire platform

  • Can create, edit, archive, and restore any application

  • Manages email automations and platform-level settings

  • Views platform-wide usage reporting

  • Only role with permission to create new companies

Company Tier

COMPANY   Company Manager

Manages all operations within a specific company. Has broad access to applications, team members, and branch settings within their assigned company, but cannot create new companies or access platform-level administration.

  • Manages users within their company

  • Views and edits all applications originating from their company

  • Can create and edit branches within their company

  • Cannot manage email automations or view platform usage data

COMPANY   Company AE (Account Executive)

An account executive assigned to one or more companies. Operates similarly to a Company Manager within the scope of their assigned companies, but has no user management capabilities.

  • Views and edits applications from their assigned companies

  • Can create and edit branches within assigned companies

  • Cannot manage users or access platform-level administration

Branch Tier

BRANCH   Branch Manager

Manages all operations within a specific branch. Has full visibility into applications and team members in their branch, and can edit branch settings.

  • Manages users within their branch

  • Views and edits all applications originating from their branch

  • Can edit branch details

  • Cannot create or edit companies

BRANCH   Branch AE (Account Executive)

An account executive assigned to one or more branches. Operates within the scope of their assigned branches, with access to applications from those branches.

  • Views and edits applications from their assigned branches

  • Can edit branch settings for assigned branches

  • Cannot manage users or access company-level settings

Individual Tier

INDIVIDUAL   Loan Officer

A licensed mortgage professional responsible for originating and managing specific loan applications. Access is limited to applications assigned directly to them.

  • Can start new applications

  • Views, edits, and manages only their directly assigned applications

  • Can assign or reassign team members on their applications

  • Can edit the borrower offer on assigned applications

  • Cannot manage users, branches, or company settings

INDIVIDUAL   LO AE (Loan Officer Account Executive)

An account executive who supports a group of Loan Officers. Has access to all applications from their assigned LOs, plus the ability to edit AUS reports a capability not available to most other roles.

  • Views and edits applications from all assigned Loan Officers

  • Can view and edit AUS reports on assigned applications

  • Can assign LOs and Processors to applications

  • Cannot manage users or company/branch settings

INDIVIDUAL   Processor

Responsible for processing and preparing loan files for underwriting. Has access to the applications assigned to them and can submit documents and review conditions, but cannot originate new applications.

  • Views and edits assigned applications

  • Reviews conditions and submits documents

  • Views application notes and communication logs

  • Cannot start new applications or manage users

  • Cannot edit AUS reports or borrower offers

INDIVIDUAL   Underwriter

A read-only role focused on reviewing loan files and AUS data. Underwriters can view application details, notes, documents, and conditions, but cannot modify any loan data or take action on a file.

  • View-only access to application notes, documents, and conditions

  • Can view AUS rules and AUS reports

  • Cannot edit applications, start new loans, or manage users

  • Cannot assign team members or archive applications

INDIVIDUAL   AUS Manager

A specialized role focused exclusively on managing the Automated Underwriting System (AUS) rules engine. AUS Managers have no access to individual loan applications — their scope is limited to system-level AUS configuration.

  • Can view and manage AUS rules across the platform

  • Cannot access individual loan applications

  • Cannot manage users, companies, or branches

  • Cannot view application documents, notes, or conditions

Important Notes for Administrators

Assigning the Right Role

Always assign the least-privileged role that allows the team member to do their job. For example, a Processor who only needs to work their assigned files should not be given a Company Manager role.

Roles Cannot Be Combined

Each user in the portal has exactly one role. There is no way to combine permissions from multiple roles into a single account. If a team member needs broader access, their role must be changed.

Scoped Access Is Configured at the User Level

For roles with scoped access (Company AE, Branch AE, LO AE), the specific companies, branches, or Loan Officers a user can access are configured individually when the user account is set up or edited.

AUS Manager Has No Application Access

The AUS Manager role is a system administration role only. Users with this role cannot view, edit, or interact with any loan application. If an AUS Manager also needs application access, a separate account with the appropriate role must be created.

Underwriter Is a Read-Only Role

Underwriters cannot make changes to loan files. If an underwriter needs to take action on a file, they must coordinate with the assigned Loan Officer or Processor.

Hitch Equity