Skip to content
English - United States
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Organization Authority, Roles & ARPs — FAQs

This article explains how ChainIT determines who can do what inside an organization, how roles and permissions are enforced, and why Role and Group Assignment Authority is required before tasks can be assigned or completed.

What determines authority inside a ChainIT organization?

Authority in ChainIT is established through a clear, verifiable structure that combines:

  • Verified organization identity (KYB)

  • Verified individuals (ChainIT ID)

  • Defined roles and groups

  • Authority Resolution Pactveras (ARPs) that formally attest to those roles

Roles by themselves are not enough. Authority must be explicitly attested, tokenized, and enforced.

Authority Resolution Pactveras (ARPs) are immutable records that show who is authorized to act on behalf of an organization, for what purpose, and at what point in time. They help enforce organizational authority across agreements, tasks, and value transfers.

What is Role and Group Assignment Authority?

Role and Group Assignment Authority is the attestation that confirms how your organization’s internal permissions are set up. It clearly defines:

  • Which users hold which roles

  • What actions each role is authorized to perform

  • How tasks can be assigned and executed

  • The authoritative baseline used to enforce permissions across the platform

Once completed, a tokenized authority record is stored immutably in the organization’s Corporate Documents Ledger and becomes the system’s single source of truth for permissions.

Why do I have to complete Role and Group Assignment Authority before assigning or completing tasks?

In ChainIT, tasks are more than just workflow steps — they are authority-sensitive actions. Examples include:

  • Signing agreements

  • Completing KYB tasks or add-ons

  • Releasing funds or assets

  • Uploading or attesting to governance documents

  • Assigning responsibility to others

Until Role and Group Assignment Authority is completed:

  • ChainIT cannot prove who is authorized to act

  • Tasks cannot be safely assigned or executed

  • Backend role assignment is not permitted

This protects both your organization and your counterparties by ensuring all actions are defensible and auditable.

What roles exist today, and what do they allow?

During onboarding, organizations define operational roles that are enforced through Role and Group Assignment Authority. Common roles include:

Organization Admin

- Manages users, roles, and organization settings

- Does not automatically gain signing or value-release authority

Pactvera Admin

- Manages agreement folders and templates

- Assigns incoming agreement tasks

- Cannot send, sign, or release value

Pactvera Sender

- Creates and sends agreements

- Cannot sign agreements or release value

Pactvera Signer

- Signs agreements on behalf of the organization

- Must be legally authorized

TCA Releaser

- Authorizes release of funds or assets

- Separate from signing authority

KYB Verifier

- Completes KYB tasks and add-ons

- Shares verified organization data

Having admin access does not override role-specific authority. Each role is intentionally scoped to support security, compliance, and clarity.

Why am I blocked from assigning a task?

If you’re blocked from assigning a task, common reasons include:

- Role and Group Assignment Authority has not been completed

- The intended assignee does not hold the required role

- Authority was updated and needs to be re-attested

- The task requires a different type of authority (for example, financial or signing authority)

In these cases, ChainIT is intentionally preventing an action that cannot be verified or enforced later, helping you avoid disputes and compliance gaps.

Why am I blocked from completing a task I was assigned?

ChainIT validates authority at the moment a task is executed, not just when it was assigned. You may be blocked if:

  • Roles were changed

  • Authority was updated or re-attested

  • You no longer hold the required role

When this happens, execution is blocked and the task is marked as **“Needs Reassignment – Authority Changed.”** This ensures every completed action is backed by valid, current authority.

Can ChainIT override this or fix it on the backend?

No. ChainIT is intentionally designed to be non-custodial:

  • Individuals own their digital identities

  • Organizations are governed only through completed authority attestations

  • ChainIT cannot manually assign authority, roles, or control

  • All authority must be established through explicit consent and attestation

This approach helps preserve trust, independence, and a clear audit trail.

What happens when roles or groups change?

When roles or groups are updated:

  • A new Role and Group Assignment Authority attestation is required

  • Authorized officers re-confirm the updated structure

  • The new authority record becomes active

  • Previous authority records are preserved for audit history

This way, you always have a clear, time-stamped record of how authority has evolved.

Why does this feel stricter than other platforms?

ChainIT is built for enforceable, organization-to-organization actions, not assumptions about access. Most platforms:

  • Assume authority

  • Allow silent role changes

  • Cannot prove who was authorized at a specific point in time

ChainIT takes a different approach. It:

  • Requires authority to be proven

  • Enforces it at runtime

  • Preserves a defensible chain of responsibility

This stricter model is designed to give you higher confidence, stronger compliance, and clearer protection when it matters most.