User Permissions
Last updated: October 9, 2024
In the Dashboard, control what your users can access with user permissions. This is a set of roles that can be applied to individual or groups of users. If you have multiple entities, you can also decide which entities each user has access to.
This page explains:
The Dashboard has several pre-defined roles, so you can ensure your users have the appropriate permissions across the Dashboard:
- Account owner
- Admin
- Developer
- Disputes manager
- Disputes operator
- Identity and access management (IAM) admin
- Support manager
- Risk manager
- Read only
The Account owner is the overall owner for the account, and has access to all permissions.
Every other role has its own set of permissions, as described in the following table:
| Permission | Admin | Developer | Disputes manager | Disputes operator | IAM admin | Support manager | Risk manager | Read only |
|---|---|---|---|---|---|---|---|---|
Transfer ownership | ||||||||
View and manage users Add, edit, and delete users. | ||||||||
View user activity | ||||||||
View homepage and analytics | ||||||||
View payments View payments list and search for payments. | ||||||||
View balances | ||||||||
Manage payment documents | ||||||||
Manage payments Capture, void, or refund payments. | ||||||||
View disputes View the Unanswered disputes and All disputes lists. | ||||||||
Manage disputes Accept disputes and submit evidence. | ||||||||
View and generate payment reports | ||||||||
View keys | ||||||||
Create keys | ||||||||
Manage keys Update or delete existing keys. | ||||||||
Manage team security Manage team security settings, including single sign-on. | ||||||||
View settlements | ||||||||
View sub-entities View list of own sub-entities only. | ||||||||
Manage sub-entities View, onboard, and edit sub-entities' details. | ||||||||
Download sub-entity files Download files associated with sub-entities. | ||||||||
View and download monthly invoices | ||||||||
Edit decline lists and risk rules | ||||||||
Create Payment Links | ||||||||
View all Payment Links | ||||||||
View Issuing data View all transactions, cards, cardholders, and card products. | ||||||||
Manage Issuing data Create and edit cards and cardholders. | ||||||||
View sensitive Issuing data View card number and CVC2. | ||||||||
Edit Issuing authorization relay settings | ||||||||
View bank accounts details settlements are made to | ||||||||
Personally identifiable information (PII) View customer PII, including name, card number, and email. | ||||||||
View the list of rules View the account rules that have been configured on the account. | ||||||||
Create, edit, or delete rules Configure account rules on the account, including approval flows. | ||||||||
View and manage billing descriptors Configure billing descriptors for the account's processing channels. |
- Go to Settings > User permissions.
- Under the Popular roles section, select View all roles.
- On the Roles page, under Organization roles, select +New role.
- On the Create custom role page, under Settings, enter the Role name and Description.
- Under Permissions, select the relevant permissions for the role.
You must assign at least one permission and can assign as many as needed, except for the following, which aren't available for custom roles:
- Roles management – limited to the Account owner and Admin roles
- Security settings – limited to the Account owner and IAM admin roles
- Account structure management – limited to the Account owner only
- Save the custom role by selecting Create custom role.
The new role is displayed in the Popular roles section.
To view all custom and pre-defined roles set up and currently active for your organization, on the User permissions page, select View all roles.
You can edit permissions assigned to a role at any time. Note that editing a role affects the permissions for all users assigned to that role.
When a role is no longer needed, you can delete it from the Role details page for that role. Note that any user assigned to a role that is deleted is transferred to the Read only role by default.
Anyone with the View users permission can access the User permissions page (under Settings), which provides a record of all users on an account. Depending on your entity access and business needs, you can filter the list to reflect the users whose details you can edit. The Account owner can view and manage all users for all entities on the account.
If your organization leverages single sign-on, user management is delegated to your third-party identity provider (IdP) and isn't available within the Dashboard.
The User permissions page provides an overview of all users, including their roles and user status.
The Last login column reflects the three possible user statuses:
Pending– The user has been invited to your Dashboard but hasn't yet accepted the invite or set up their sign in details. Invites expire after seven days.[Timestamp]– The user has accepted the invite. The date and timestamp show the last time they accessed the Dashboard.Expired– The user didn't accept the invite in time and it expired. To resend it, next to the status, select Resend invite.
To view more information or edit a user's details, select a row. The User profile page is displayed.
You can add as many users to your Dashboard as you require. You must provide each user’s email, name, and role, as well as the entities you want them to have access to.
New user invites expire after seven days. If the new user doesn't activate their account within that timeframe, an Admin needs to resend the invite.
- Go to Settings > User permissions, under the Users section, select +New user.
- On the New user page:
- Under Settings, enter the user's First name, Last name, and Email address.
- Under Access to entities and entity segments, turn on the toggle for specific entities and segments you want the user to have access to.
Alternatively, to give the user access to all existing and future entity segments, select Grant full access. - Under Permissions, from the Role dropdown, select the user's role.
If you select the Admin role, the access granularity is restricted at the legal entity level.
- Select Save user.
Note
You can only assign a user to entities that you have access to. Once added, another Admin can amend the user’s access if required.
- Select Save new user.
A confirmation message appears and the new User profile page is displayed.
Information
The new user's status is Pending. When they activate their account, this is replaced with [Timestamp].
To edit an existing user's role and entity access:
- Go to Settings > User permissions, and select the user.
- In the User profile page, from the Role dropdown, update the user's role.
- Select Save to confirm.
The user's details are updated.
To delete a user to revoke all their access rights and completely remove them:
- Sign in to the Dashboard.
- Select the Settings icon in the top navigation bar and open the User permissions tab.
- Under the Users section, select the user.
- In the User profile window that opens, select Delete user. A confirmation dialog appears.
- To confirm, select Delete user again.
A confirmation message appears and the user is removed from the User permissions overview.