Merchant roles and permissions
Overview
OnlinePay includes a number of roles with associated permissions that can be assigned to users in your organisation. These roles are designed to help you manage your payments and transactions, and to ensure that users have the appropriate level of access to the dashboard, or are restricted from performing certain actions.
Merchant roles
Merchant Admin
This Administrative role is required to establish settings to get you started, including setting up and managing users, blocking rules, and notification services.
Merchant Admin users can create and manage users (including resetting user passwords) in the dashboard by navigating to Administration > Account Setup > Users.
| Section | Components and features (subsection) | Permissions |
|---|---|---|
| Administration — Merchant Account Configuration and Onboarding | Organisations | Read |
| Secure Card Capture | Yes | |
| Token Scope | Yes | |
| Payment Provider Contracts | Read | |
| Point of Interaction | Read | |
| 3D Secure Contracts | Read | |
| Wallets | Create, Read, Disable | |
| Users | Create, Read, Update, Delete, Self read, Self update, Reset password, Create API key | |
| Blocking Rulesets | Create, Read, Update, Delete | |
| Notification Service | Create, Read, Update, Disable | |
| Audit Log | Read | |
| Reporting and Analytics | Orders/Transactions Reports | Access, View, Transaction details, Export CSV, Access receipts |
| Settlements | Read | |
| 3D Secure Authentications | Access, View | |
| Report Scheduler | View | |
| Generated Reports | View |
Merchant Supervisor
This user can use all payment tools (e.g., Virtual Terminal, Payment Links) and perform all payment actions (including refunds).
| Section | Components and features (subsection) | Permissions |
|---|---|---|
| Administration — Merchant Account Configuration and Onboarding | Organisations | Read |
| Payment Provider Contracts | Read | |
| Point of Interaction | Read | |
| 3D Secure Contracts | Read | |
| Wallets | Create, Read | |
| Users | Read, Self read, Self update, Create API key | |
| Blocking Rulesets | Read | |
| Notification Service | Create, Read, Update, Disable | |
| Checkout Themes | Create, View, Read, Update, Delete | |
| Payment Tools | Virtual Terminal | Access, View, Create and initiate payment, Void payment, Capture payment, Refund, Cancel |
| Pay by Link | Access, View PBL list, Create link, Re-enable link, Disable link | |
| Reporting and Analytics | Orders/Transactions Reports | Access, View, Transaction details, Export CSV, Refund, Capture, Void, Access receipts, Void capture |
| Settlements | Read | |
| 3D Secure Authentications | Access, View | |
| Report Scheduler | View | |
| Generated Reports | View |
Merchant Cashier
This role can access all payment tools but cannot process refunds.
| Section | Components and features (subsection) | Permissions |
|---|---|---|
| Administration — Merchant Account Configuration and Onboarding | Organisations | Read |
| Point of Interaction | Read | |
| Users | Self read, Self update, Create API key | |
| Checkout Themes | Create, View, Read, Update, Delete | |
| Payment Tools | Virtual Terminal | Access, View, Create and initiate payment, Void payment |
| Pay by Link | Access, View PBL list, Create link, Re-enable link, Disable link | |
| Reporting and Analytics | Orders/Transactions Reports | Access, View, Transaction details, Export CSV, Void, Access receipts |
| 3D Secure Authentications | Access, View |
Merchant Reviewer
The Merchant Reviewer role is a read-only access role that grants users viewing permissions across the dashboard but without the ability to perform any actions. This role is suitable for users in junior finance or technical roles who need to view the number of transactions, settlements, and authentications, but are not required to generate reports.
| Section | Components and features (subsection) | Permissions |
|---|---|---|
| Administration — Merchant Account Configuration and Onboarding | Organisations | Read |
| Payment Provider Contracts | Read | |
| Point of Interaction | Read | |
| 3D Secure Contracts | Read | |
| Wallets | Read | |
| Users | Read, Self read | |
| Blocking Rulesets | Read | |
| Reporting and Analytics | Orders/ Transactions Reports | Access, View, Transaction details, Export CSV |
| Settlements | Read | |
| 3D Secure Authentications | Access, View |
Merchant User
This role provides read-only access to the dashboard, with the ability to run and export reports. Merchant users can view transactions but are prevented from performing actions. They can view payments, settlements, and reports, and may be a suitable role for a user in a finance or accounting role.
| Section | Components and features (subsection) | Permissions |
|---|---|---|
| Administration — Merchant Account Configuration and Onboarding | Organisations | Read |
| Payment Provider Contracts | Read | |
| Point of Interaction | Read | |
| 3D Secure Contracts | Read | |
| Wallets | Read | |
| Users | Self read, Self update | |
| Blocking Rulesets | Read | |
| Reporting and Analytics | Orders/Transactions Reports | Access, View, Transaction details, Export CSV |
| Settlements | Read | |
| 3D Secure Authentications | Access, View (Only for their organisation. Merchant Users cannot access the 3D Secure Authentications of their sub-organisations.) | |
| Report Scheduler | View | |
| Generated Reports | View |
Merchant External Partner
This role grants access to a user outside of of the merchant company, for example, a web developer or other non-financial role, such as logistics. These users are trusted with access to order and transaction data, but are restricted from performing any payment actions.
| Section | Components and features (subsection) | Permissions |
|---|---|---|
| Administration — Merchant Account Configuration and Onboarding | Users | Create, Self read, Self update |
| Reporting and Analytics | Orders/Transactions Reports | Access, View |
Example role assignment scenarios
The following example scenarios may help you to understand which roles to assign to users in your organisation.
Sole Traders
An admin account is set up with Merchant Admin and Merchant Supervisor, which may suit the sole trader, as all features can be accessed under these roles. The sole trader could also grant another person (for example, an accountant) access to a Merchant User role, which provides read access to transactions only.
A small company with fewer than five employees
An admin account is set up with Merchant Admin and Merchant Supervisor roles, with all features accessible to these roles. The Merchant Admin user may choose to provide Merchant Cashier role to staff members who can view transactions and run reports but restrict refund processing to management under the Merchant Supervisor role.
A web developer you have hired to build your new online store
You have contracted a web developer to build your new online store. You can provide them with a Merchant External Partner` role, which allows them to access the dashboard to view information to confirm that their integration is working correctly, but they cannot perform any payment actions.
Updated 2 days ago