User roles are used to determine how much access a user has to see, edit, create, or delete information on the Portal. Roles can be assigned to users to provide or extract the access capabilities they're intended to have. Each User has a set of default roles with customizable parameters to restrict or allow access to specific pages and functions of the portal and the greater platform. For example, if you wanted to enable a Merchant-level user that can create reports and only view all other information, you would assign a Merchant View Only default role and enable the custom Reports role resource with the Create detail permission enabled.
Default Roles
Default roles determine the level of portal access for a user. Partner-level Access Roles are roles available to users of a Partner-level entity, while Merchant-Level Access Roles are available to users of a Merchant-level entity.
Notes
Partners can manage all Merchants and sub-Partners, while Merchant user roles are limited to their respective Merchant and sub-Merchants.
Referrer is the system title for Partner-level user roles. They will be used interchangeably throughout this guide.
Referrer Default Roles
See the default user roles available for Referrer-level users:
Referrer Admin Full Access: Enables the user to view and modify all Merchants under a Partner hierarchy and any sub-Partner accounts under their Division.
Referrer Admin View Only: Enables the user to view only all Merchants under a Partner hierarchy and any sub-Partner accounts under their Division.
Referrer Full Access: Enables the user to view and modify all Merchants under their Partner account.
Referrer View Only: Enables the user to view only all Merchants under their Partner account.
For example, a user with the Referrer Admin Full Access role can view, edit, and manage all Merchants and account configurations within their platform portfolio. A user with the Referrer Admin View Only role can access the entities and data within their portfolio for reporting and accounting purposes only.
Merchant-Level Default Roles
See the default user roles available for Merchant-level users:
Merchant Admin Full Access: Enables the user to view and modify the Merchant accounts they are associated with, in addition to managing sub-Merchant accounts.
Merchant Admin View Only: Enables the user to view the Merchant account they are associated with in addition to viewing sub-Merchant accounts.
Merchant Full Access: Enables the user to view and modify the Merchant accounts they are associated with.
Merchant View Only: Enables the user to view only the Merchant account they are associated with.
For example, a user with the Merchant Full Access role can add customers, accept payments, and schedule payouts for their entity. A user with the Merchant View Only role can access the platform solely to view data, including transaction data and reports, to facilitate reconciliation processes for their entity.
Access Templates
In addition to the default roles described in the previous sections, you can assign an Access Template when creating a user. An Access Template combines predefined roles and role resources into a tailored set of permissions.
Access Templates help streamline user setup and ensure consistent permissions for users with similar responsibilities. For example, you can create an Access Template that grants Merchant-level users access only to reporting features. This minimizes internal risk and prevents unauthorized changes by restricting permissions for users, such as accountants, who require limited access to the platform.
See Understanding Access Templates for more details on creating custom user role templates.
Set Default User Roles
To set default user roles when creating a user:
Click Users, under Management in the left navigation panel.
Click Add User on the Users page to reveal the Create a User lightbox.
Select the desired Default Role from the Role dropdown menu.
Important!
If you want to apply an Access Template with your preconfigured custom user roles, you must do so before completing step 5. If you create the user without assigning the template, you’ll need to delete the user and start over because you cannot apply access templates after a user is created. If the template you need doesn’t exist, you can create one by clicking Add a Template.
Enter the Username, Password, Full Name, and Email Address.
Click Add User to complete the process.
Result: A new user has been created for your account and assigned a default user role, such as Referrer Admin Full Access or Merchant View Only, providing the core permissions needed. From here you can now customize the user role resources and detailed permissions as needed for the user.
Custom Roles
Custom roles allow the user’s access to be refined by specific role resources or actions on the platform. Custom Roles provide 20 role categories with various role resources and detailed permission options.
Set Custom User Roles
After setting a user’s Default User Roles, complete the following steps to set a user's Custom User Roles for additional refined user access:
From the Users menu, select your new user to access the User Profile page.
Select the Role tab from the user Profile.
Review each role category and click the checkbox to enable each user role.
Once enabled, click the arrow next to each role resource to reveal the Detailed Permissions.
Click the checkbox next to each Detailed Permission desired.
Repeat steps 1 through 5 for each user role you need to assign.
Tip
Click the Advanced button to reveal the Advanced Access Template Customization dialog. Use this dialog to quickly assign or remove user roles by Detailed Permission, rather than manually reviewing and enabling them by role category. This is especially useful when a user requires extensive user roles and permissions as opposed to a user that requires minimal access.
Click Update when finished to complete the process.
Result: Your new user has been assigned the desired roles and permissions and is now able to access the portal and other platform features according to their role.
Detailed Permissions
Detailed permissions follow typical Create, Retrieve, Update and Delete (CRUD) functionality. The primary difference is that there are two View options, where one is given full visibility instead of just access to monetary totals associated with a specific role resource:
Create: Gives users access to create content for the enabled role resources.
Full View: Gives users access to view content for the enabled role resources.
Summary View: Gives user access to view monetary totals for the enabled role resources.
Update: Gives user access to update content for the enabled role resources.
Delete: Gives user access to delete content for the enabled role resources.
Note
Not all Custom Role resources offer all five Detailed Permission options. To view the available permissions for a resource, click the arrow icon next to that resource when you’re customizing a user role.
Role Resources
Role resources determine the specific abilities that a user will have when navigating the portal. In many cases, the Default Roles available for Partners and Merchant-level users provide the necessary access capabilities that most users need to perform daily actions such as creating Transactions or Withdrawals. For unique cases where Default Roles don’t satisfy the specific criteria required by the Parent Entity or users, Custom Roles allow individual assignment of specific resources (see below) with sub-resources for a completely modular user setup.
Bank Accounts
The Bank Accounts role resource allows the user to add bank accounts for payouts or debits to an entity, such as a Partner or Merchant.
Resource | Description |
|---|---|
Accounts | Access to view the bank accounts associated with an entity. This controls access to the bank account numbers, routing numbers, account type, etc. |
Payments
The Payments role resource allows the user to view transactions/payments.
Resource | Description |
|---|---|
Transactions | Access to create, view, and edit a payment used to charge a Merchant’s customer, such as one of the following:
This is used in various places in portal - transaction history, transaction details, reports, chargebacks, risk page. Anywhere transactions are accessible is affected by this. |
Transaction Results | Access to view the details of a specific transaction, including the following:
This is required to view the Payment Returns page and Payment Returns on the Merchant Disputes page. |
Batches | Access to create, view, and update a group of transactions sent to the processor for settlement. This is related to how the API processes transactions and allows for cancelling and restoring transactions. |
Entity Returns | Access to view ACH transactions that have been rejected. This is required to view the Withdrawal Returns page. |
Recurring Payments
The Recurring Payments role resource allows the user to set up recurring payments/subscriptions for a Merchant.
Resource | Description |
|---|---|
Plans | Access to create, view, and edit recurring payment plans:
This is required to use the Recurring Payments page. |
Subscriptions | Access to view and edit existing recurring payment plans (subscriptions). This is required to use the Subscription Details page. |
Subscription Tokens | Access to create, view, and edit tokenized payment methods used for the recurring payment plan. This is required to access the Tokens tab on the Subscription Details page. |
Tokens | Access to create, view, and edit recurring payment plan token details represented in the Token ID:
This is required to access the Tokens tab on the Subscription Details page. |
Customers | Access to create, view, and edit customer data records associated with a recurring payment plan. This is required to use the Customers page and Customer Profile pages. |
Risk Management
The Risk Management role resource allows the user to manage Merchant/transaction risk factors that are open, reviewed, approved, or blocked.
Resource | Description |
|---|---|
Holds | Access to create and view a reviewable action taken on a transaction. This is required to view the Risk page. |
Notes | Access to create, view, update, and delete risk management notes regarding why a transaction or Merchant was reviewed and (if applicable) released. This is utilized to perform extended actions on the Risk and Risk Details pages. |
Decisions | Access to create, view, update, and delete create, view, update, and delete the schedule and rules for a transaction check such as validating AVS/CVV. This is required to view the Decisions tab on Group and Merchant Profile pages, as well as create and edit Decisions. |
Decision Rules | Access to create, view, update, and delete the conditions that make a risk decision apply during a specific circumstance such as not allowing a transaction over a specific amount to process. This is required to view the Decisions tab on Group and Merchant Profile pages, as well as create and edit Decisions. |
Invoices
The Invoices role resource allows the user to manage invoices sent to clients to collect money for a specific transaction or event.
Resource | Description |
|---|---|
Invoices | Access to create, view, and delete the following:
This is required to view the Invoices and Invoice Details pages. |
Invoice Items | Access to create, view, and delete the line item details specific to an invoice resource. This is required to view the products on an invoice. |
Invoice Line Items | Access to create, view, and delete an invoice item by holding information such as quantity and pricing of each item. This is required to view the products on an invoice. |
Invoice Results | Access to create and view the status of an invoice such as if it was successful or failed and additional details associated with a particular invoice. This is required to view the Activity window on an Invoice Details page. |
Invoice Configuration
The Invoice Configuration role resource allows the user to configure how an invoice is created such as by providing a set address, message, token, or logo for an invoice.
Resource | Description |
|---|---|
Invoice Parameters | Access to create, view, update and delete invoice settings related to accepted payment methods, placeholders, legal restrictions or agreements and more. This is required to utilize the Invoice Settings and Pay Invoice pages. |
Merchants
The Merchants role resource allows the user to set up, view, and edit Merchants under a Partner.
Resource | Description |
|---|---|
Entities | Access to setup, view, and edit the top-level API resource of a business:
This is required for a wide variety of List and Profile pages for Merchants and Partners. It is also used on the Global Profile page. |
Merchants | Access to set, view, and update a Merchant that collects money from their customers via transaction processing. This is required to access Merchants, Portfolio Management, and Risk pages. |
Members | Access to create, view, and edit a member’s (person) data associated with a Merchant. One member associated with each Merchant will be the “primary” member that has the most ownership share for that Merchant. This is required to view the Owners tab on Merchant Profile pages. |
Terminals | Access to create, view, and edit the information for the device/software used to process transactions.. |
Funds | Access to view the amount of money for a specific entity including:
This is utilized in Withdrawals, Balance pages, and the withdrawals tab on a Merchant Profile page. |
Entries | Access to view the movement of funds to or from an entity. This is required for the withdrawals page, merchant withdrawals tab, and various reports. |
Pending Entries | Access to view an entry that will be created in the future (such as a refund that has been submitted reducing the available balance but has not been captured). |
Users
The Users role resource allows the user to manage a specific user (login) associated with an entity.
Resource | Description |
|---|---|
Logins | Access to create, view, update, and delete a user associated with a specific login, including all of the following:
This is required to view the Users page, Global Profile page, Teams page. |
Messages | Access to create, view, update, and delete the message associated with a specific user such as if a transaction has been placed on hold. This is required to use the Message feature in the portal. |
Message Threads | Access to create, view, update, and delete the sender, receiver, and subject of a message resource. This is required to use the Message feature in the portal. |
Teams | Access to create, view, update, and delete the collection of logins that are associated with a Team to grant additional permissions such as access to multiple Merchants. This is required to utilize the Teams page. |
Team Logins | Access to create, view, update, and delete the link between a Login and a Team in addition to the Login's rights such as View Only or Admin on the team. This is required to add users to a team. |
Groups
The Groups role resource allows the user to group Merchants together to set up specific rules for risk management and fees, as well as enable specific parameters.
Resource | Description |
|---|---|
Orgs | Access to create, view, and edit the collection of entities within a group. This is required to use the Groups page in the portal, as well as Groups tab on a merchant's profile page. |
Org Entities | Access to create, view, and edit the relationship between an org (group) and a specific entity. This is required to add merchants, Partners, or facilitators to groups. |
Org Flows | This is required for the Group Details page's Workflows tab. |
Org Flow Actions | This is required for the Group Details page's Workflow Actions section. |
Alerts
The Alerts role resource allows the user to manage the particular event that invokes a notification sent to an end-user.
Resource | Description |
|---|---|
Alerts | Access to create, view, update, and delete a specific event notification. This is required for working with Web and Email Alerts pages. |
Alert Actions | Access to create, view, update, and delete the action taken on an alert event such as:
This is required to define where to send an alert. |
Alert Triggers | The triggering event that causes an alert to be sent such as a transaction failing or a payout being disbursed. This is required to define when to send an alert. |
Withdrawal Schedules
The Withdrawal Schedule role resource allows the user to set a withdrawal/payout for an entity to disburse funds or collect funds from the associated account.
Resource | Description |
|---|---|
Payouts | This is required to interact with the Withdrawal Schedules in the Withdrawals page and the Merchant details page. |
Payout Flows | This is required to interact with Withdrawal Flows on the Group page. |
Withdrawal History
The Withdrawal History role resource allows the user to view the history of disbursements that have been processed or failed for a specific entity.
Resource | Description |
|---|---|
Disbursements | Access to view a breakdown of what was paid out to an entity account based on sales, fees, chargebacks, and returns. This is required to view the Disbursements table on the Withdrawal page, as well as Disbursement Detail pages. |
Disbursement Results | Access to view a specific disbursement result, such as if it was successful or failed. This is required to view a table on Disbursement Detail pages. |
Referrers
The Referrers role resource allows the user to view and manage details about Referrers and Divisions.
Resource | Description |
|---|---|
Vendors | This is required to view the Referrer Profile page. |
Divisions | This is required to interact with the Divisions page in the portal. |
Splits
The Splits role resource allows the user to split an entry between two entities.
Resource | Description |
|---|---|
Fees | This is required to view and interact with fee portions of the Merchant and Referrer Profile pages, as well as Groups and Transaction Details pages. |
Fee Rules | This is required to interact with rules related to fees. |
Fee Modifiers | This is required to interact with modifiers related to fees. |
Profit Shares | This is required to view profit share information on the Merchant and Referrer Profile pages, and the Group Profile page. |
Refunds | This is required to view refund amounts in the Balance Details page. |
Assessments | This is required for the Dispute Fees section on the Disputes page and the Costs tab of the Merchant and Referrer Profile pages. |
Disputes
The Disputes role resource allows the user to manage disputes (chargebacks) that are open, closed, won, or lost.
Resource | Description |
|---|---|
Chargebacks | Access to view a chargeback filed on a transaction such as a duplicate charge or an item not being as described. This is required to interact with the Disputes page. |
ChargebackDocuments | Access to create and view the message sent by a Merchant, processor, or bank about a chargeback. This is required to manage responses to chargebacks. |
ChargebackMessages | Access to view the status of a chargeback such as if it is in Retrieval, Arbitration, Lost, or Won. Required to upload documents when replying to a chargeback. |
Reserves
The Reserves role resource allows the user to create reserves for Merchants, Partners or Groups and review entries from previous reserves.
Resource | Description |
|---|---|
Reserves | This is required for interacting with the Reserves tab on the Merchant and Referrer Profile pages, as well as the Groups Profile page. |
Entity Reserves | This is required to connect a Reserve to a Merchant, or Partner. |
Reserve Entries | This is required for Reserve table details on the Balance Details page. |
Track Pending Merchants
The Track Pending Merchants role resource allows the user to view the Request More Info page in the portal as a Partner.
Resource | Description |
|---|---|
Stips | This is required to view the Document Request page. |
Quick Charge
The Quick Charge role resource allows the user to view and use the Quick Charge section as found on the user's Payrix Pro dashboard.
Resource | Description |
|---|---|
Quick Charge | Access to view and use the quick charge (virtual terminal) to process a transaction on a Merchant entity. This is required to view Quick Charge on the Merchant Dashboard. |
CC | Access to view and use the Quick Charge to process a credit card transaction. This is required to use a credit card on Quick Charge on the Merchant Dashboard. |
ECheck | Access to view and use the Quick Charge to process an eCheck transaction. This is required to use an eCheck on Quick Charge on the Merchant Dashboard. |
Underwriting
The Underwriting role resource allows the user to view underwriting information from the Risk Management and Merchant Profile pages.
Resource | Description |
|---|---|
Underwriting | This is required to view the Underwriting page on a Merchant's Profile page. |
Other
The Other section provides a list of direct resources that aren’t found in the other role resource categories shown above.
Resource | Description |
|---|---|
Inactive Invoices | Access to view previously active invoices. |
AccountVerifications | Access to view attempts to verify ownership of a bank account through deposit verification or credentials. |
Adjustments | Access to view monetary adjustments made to an entity's funds. |
Aggregation Result Groups | Access to view and delete groupings of aggregated data results for reporting and analysis. |
Aggregation Results | Access to view and delete individual results generated from aggregation queries. |
Aggregations | Access to create, view, update, and delete the application of desired calculations such as a count, sum, min/mac to a given resource within a search query. |
Apikeys | Access to create, view, update, and delete a permanent method of authentication to the API. |
AppleDomains | Access to view Apple Pay domain registrations for Merchants required for processing Apple Pay transactions. |
AuthTokens | Access to create, view, update and delete auth tokens as an additional layer of authentication security and tracking for Apikeys and Sessions. |
BillingEvents | Access to view and mange events related to billing activities such as invoicing and payment processing. |
BillingModifiers | Access to create, view, update and delete modifiers that change the total amount of the billing or whoever will pay it. |
Billings | Access to create, view, update and delete billing resources to collect and invoice for any funds owed by a Merchant for a particular period of time. |
Bins | Access to view Bank Issuing Number (BIN) information about the issuer of a card. |
ChangeRequests | Access to view and manage requests for new or modified bank account information. |
ChargebackMessageResults | Access to view the result of a message associated with a chargeback. |
ChargebackStatuses | Access to create and view any file related to a chargeback. |
ConfirmCodes | Access to create, view or delete a unique confirmation code issued to an email address, when a user forgets their password, or when the system needs to verify the email address associated with a new login. |
Contacts | Access to create, view, and edit a person's data records associated with an entity. |
Credentials | Access to create, view, update and delete an authorization for an Entity to connect to an integration to perform a particular action, such as send Transactions to the processor, or board a Merchant with the processor. |
DecisionActions | Access to create, view, update and delete an action that takes place after a specified Decision Rule has been triggered. |
DisbursementEntries | Access to view records of disbursement amounts. |
DisbursementRefs | Access to view reference codes issued with a payout is disbursed. |
EntityCustomFields | Access to create, view, update and delete custom fields on Merchants such as risk-specific data, CRM identifiers, or other unique information not captured on the Merchant Signup Form or Merchant profile. |
EntityDatas | Access to create and view data related to an entity such as the signature for the terms and conditions. |
EntityDebts | Access to view outstanding debts associated with an entity, including unpaid fees or settlements. |
EntryOrigins | Access to view the origin of an entry, such as a transaction and where it was funded. |
ExternalFees | Access to create, view, update and delete external fees charged to entities for Value Added Services and other third-party service fees. |
FundOrigins | Access to view the source of where funds were processed for an entity. |
HostThemes | Access to view visual themes and branding configurations for hosted payment pages and other third party integrations of matching the business’s portal brand in other instances of their websites and products. |
Iplists | Access to create, view, update, and delete the list of IP (Internet Protocol) addresses that are used to whitelist or deny for a specific login so only specific IP addresses can be used. |
Items | Access to create, view, and update a line item associated with a particular transaction that is used to describe the cost, quantity, and other item details. |
LoginsHelpers | Access to view and manage utitlites that assist with login-related actions such as password resets. |
MerchantPlatformStatuses | Access to view the status of a Merchant’s boarding to Payrix Pro and individual Value-Added Services. |
MerchantResults | Access to view responses from a specific processing platform such as VCore or Apple to the Merchant related to their performance, transactions or account status. |
Mappings | Access to create, view, update (re-map), and delete fields in the API for either input or output such as if the system uses a different format for output data than what is sent to the API. |
NoteDocuments | Access to create, view, update and delete a file that is related to a specific Note record. |
OmniTokens | Access to create, view, and update a Value Added Service Omnitoken resource. |
OrgFlowRules (Group Workflow Rules) | Access to create, view, update and delete a workflow to add or remove Merchants to a Group based on a specific criteria. |
OrgsVASOmniTokens (Group Value Added Service Omnitoken) | Access to create, view, update and delete automatic enrollments for Merchants in the specified Group for the Omnitoken Value Added Service. |
OrgsVASRevenueBoosts (Group Value Added Service Network Payment Manager) | Access to create and view automatic enrollments for Merchants in the specified Group for the Network Payment Manager Value Added Service. |
OrgsVASSaferPayments (Group Value Added Service Safer Payments) | Access to create, view, update and delete automatic enrollments for Merchants in the specified Group for the Safer Payments Value Added Service. |
PaymentUpdateGroups | Access to view batches of Account Updater requests that occur at one time for an Entity. |
PaymentUpdates | Access to view update requests for a payment method used in a Subscription Token or Account. |
PlaidConsumerAccounts | Access to create, view, update and delete consumer bank account data retrieve via Plaid for payment processing. |
PlaidConsumerPayments | Access to create, view, update and delete consumer payment transactions initiated through Plaid-linked customer bank accounts. |
ProfitShareResults | Access to view reports and data related to profit-sharing configurations between entities. |
ReportItems | Access to create, view, update and delete individual data points within reports. |
ReportResults | Access to create and view report generation status and results from attempting to generate the report. |
Reports | Access to create, view, update and delete reports on the platform that summarize business activity, transitions, or other financial metrics. |
RevenueBoosts | Access to create and view Network Payment Manager Value Added Service records. |
RevShareSchedules (Revenue Share Schedules) | Access to create, view, update and delete schedules defining revenue-sharing distributions among participating entities. |
RevShareStatements (Revenue Share Statements) | Access to view statements for revenue-sharing payouts and allocations. |
SaferPayments | Access to create, view and update SaferPayments Value Added Service records. |
Secrets | Access to create, view, update and delete a Secret, a key used to decrypt data or an indicator of which key to be used to decrypt data. |
Sessions | Access to create, view and delete a Session, a temporary method of authentication to the API. Each Session expires automatically after 30 minutes of inactivity. |
StatementEntries | Access to view a record of funds owed for a billing schedule. |
Statements | Access to view the total collection record of all funds owed for a billing schedule. |
TaxFormRequests | Access to create and view a Tax Document Request to return the pdf of the tax document. |
TerminalTxnDatas (Terminal Transaction Datas) | Access to create and view transaction data captured from payment terminals. |
TerminalTxnMetadatas (Terminal Transaction Metadatas) | Access to create and view data from an EMV transaction and returned by the credit card network associated with a terminal transaction. |
TerminalTxnRefs (Terminal Transaction References) | Access to create a reference code issued by the Processor in relation to a particular terminal transaction. |
TerminalTxnResults (Terminal Transaction Results) | Access to view the results and outcomes from the processor of transactions submitted through payment terminals. |
TerminalTxns (Terminal Transactions) | Access to create, view, update and delete transactions processed through a physical payment terminal. |
TokenResults | Access to view results related to tokenized payment methods such as card-on-file, account-on-file or Omnitoken network tokenization. |
TxnDatas (Transaction Datas) | Access to view the base64 image of a signature when creating a transaction and save within the txnDatas endpoint. |
TxnMetadatas (Transaction Metadatas) | Access view data from an EMV transaction and returned by the credit card network associated with a terminal transaction. |
TxnSessions (Transaction Sessions) | Access to create, view and delete a TxnSession, a temporary method of authentication to the API. Each TxnSession expires automatically after 10 minutes of inactivity or by the customizable configurations field. |
VasEfeOffers (Value-Added Service Embedded Finance Engine Offers) | Access to view embedded finance offers for Referrers and Merchants, including terms, eligibility and application details. |
VasEfeOfferUpdates (Value-Added Service Embedded Finance Engine Offer Updates) | Access to view changes to lending offers, including new opportunities, modified terms, and expirations. |