User permissions

Last updated: May 27, 2025

User permissions enable you to control what your Dashboard users can access and what actions they can take. If you have multiple entities, you can also specify which entities each user has access to.

There are various pre-defined roles that have a fixed set of permissions. You can also create custom roles with specific permissions to meet your needs. Roles can apply to individual users or groups of users.

This page also provides guidance on how to manage your users.

The Dashboard has the following pre-defined roles that have a fixed set of permissions:

Manages all areas and edits settings of the Dashboard for own entities:

Account: – Manage processing settings (website URLs, payment methods, processing channels and account structure)
- View business stakeholders
Account activation – Manage applications for new entities and sub-entities
Account rules:
- Create, edit, or delete rules
- View the list of rules
Business account – View all sub-account balances
Compliance:
- Manage compliance requests
- View compliance requests
Developers:
- Create new keys
- Edit Issuing authorization relay settings
- View the list of keys
Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Fraud management – Decline high-risk payments
Funds management:
- Access spending credentials for all cards
- Create new, rename, and change limits for all cards
- View last four digits, transactions, and card name for all cards
- View spending credentials and transactions for cards assigned to them
Homepage & analytics – View homepage, KPIs, and Analytics section
Invoices – View and download monthly fees invoices
Issuing:
- Create and edit cards and cardholders; Simulate transactions
- View all transactions, cards, cardholders, and card products
- View card number and CVC2
Network tokens:
- Access to download the reports from Network Tokens Dashboard page
- Manage access from the Network Tokens Dashboard page - Enable, Disable, Add, Modify configurations for NT
- Read access to the Network Tokens Dashboard page
Notifications:
- Create, edit and delete workflow notifications
- View secret keys
- View the list of workflow notifications
Payments:
- Capture payments
- Manage payment documents
- Refund payments
- View and manage billing descriptors
- View and search for payments
- View, approve or reject pending refund requests triggered by account rules
- View payment details
- Void payments
Payments creation:
- Create payments (Payment Links and manual payments)
- View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Settlements:
- View and search for settlements
- View bank accounts details settlements are made to
- View settlements details and download the transaction breakdown report
Sub-entities:
- Download files associated with sub-entities
- Onboard and edit sub-entity details
- View list of own sub-entities only
User management:
- Create, edit, and delete custom roles
- Create, edit, and delete users on the account
- View the list of users on the account
Vault:
- Access to download the reports from Vault Dashboard page
- Manage access from the Vault Dashboard page - Create, Delete, Edit Instruments
- Read access to the Vault Dashboard page

Manage requests for information about payments that have been flagged for regulatory compliance checks.

Compliance:
- Manage compliance requests
- View compliance requests
Notifications:
- Create, edit and delete workflow notifications
- View the list of workflow notifications
Payments:
- View and search for payments
- View payment details
Payments creation – View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)

Manages workflows and views access keys and payments data:

Developers:
- Create new keys
- Edit Issuing authorization relay settings
- View the list of keys
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Notifications:
- Create, edit and delete workflow notifications
- View secret keys
- View the list of workflow notifications
Payments:
- View and search for payments
- View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports

Views payments data and manages disputes:

Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Network tokens – Read access to the Network Tokens Dashboard page
Payments:
- View and search for payments
- View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Sub-entities – View list of own sub-entities only
Vault – Read access to the Vault Dashboard page

Manages team permission and security settings including single sign-on (SSO) configuration for all entities:

Account – Manage team security settings including single sign-on
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
User management:
- Create, edit, and delete custom roles
- Create, edit, and delete users on the account
- Manage team security settings including single sign-on
- View the list of users on the account

Views payments data only for all entities:

Disputes – View unanswered and all disputes lists
Funds management – View spending credentials and transactions for cards assigned to them
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Network tokens – Read access to the Network Tokens Dashboard page
Notifications – View the list of workflow notifications
Payments:
- View and search for payments
- View payment details
Payments creation – View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Sub-entities – View list of own sub-entities only

Manages the decline payments functionality and views payments data and disputes:

Disputes – View unanswered and all disputes lists
Fraud management – Decline high-risk payments
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Network tokens – Read access to the Network Tokens Dashboard page
Payments:
- View and search for payments
- View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Vault:
- Access to download the reports from Vault Dashboard page
- Read access to the Vault Dashboard page

Views and manages payments data and disputes. For PayFac accounts, views sub-entities too:

Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing:
- Create and edit cards and cardholders; Simulate transactions
- View all transactions, cards, cardholders, and card products
Network Tokens:
- Access to download the reports from Network Tokens Dashboard page
- Read access to the Network Tokens Dashboard page
Notifications – View the list of workflow notifications
Payments:
- Capture payments
- Manage payment documents
- Refund payments
- View and search for payments
- View payment details
- Void payments
Payments creation:
- Create payments (Payment Links and manual payments)
- View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Settlements:
- View and search for settlements
- View settlements details and download the transaction breakdown report
Sub-entities:
- Download files associated with sub-entities
- Onboard and edit sub-entity details
- View list of own sub-entities only
Vault:
- Access to download the reports from Vault Dashboard page
- Read access to the Vault Dashboard page

Certain tasks in the Dashboard require a specific permission to carry out. Each permission may be available to one or more pre-defined roles. You can also add certain permissions individually to custom roles.

Permission	Pre-defined roles
Account
Manage account structure Cannot be added to a custom role	Account owner
Manage processing settings (website URLs, payment methods, processing channels, and account structure) Cannot be added to a custom role	Account owner Admin
Manage team security settings including single sign-on Cannot be added to a custom role	Account owner IAM admin
Transfer ownership Cannot be added to a custom role	Account owner
View business stakeholders Cannot be added to a custom role	Account owner Admin
Account activation
Manage applications for new entities and sub-entities Cannot be added to a custom role	Account application only
Account rules
Create, edit, or delete rules For configuring account rules, including approval flows	Admin
View the list of rules For account rules configured on the account	Admin
Business account
View all sub-account balances	Admin
Compliance
Manage compliance requests	Admin Compliance operator
View compliance requests	Admin Compliance operator
Developers
Create new keys	Admin Developer
Edit Issuing authorization relay settings	Admin Developer
Edit or delete keys	None
View the list of keys	Admin Developer
Disputes
Accept disputes and submit evidence	Admin Disputes manager Disputes operator Support manager
View unanswered and all disputes lists	Admin Disputes manager Disputes operator Read only Risk manager Support manager
Fraud management
Decline high-risk payments	Admin Risk manager
Funds management
Access spending credentials for all cards Beta For all the entity’s Corporate Cards	Admin
Create new, rename, and change limits for all cards Beta For Corporate Cards, including changing card users and revoking cards	Admin
View last four digits, transactions, and card name for all cards Beta For all the entity’s Corporate Cards	Admin
View spending credentials and transactions for cards assigned to them Beta For Corporate Cards assigned to you, including suspending and reactivating cards	Admin Read only
Homepage & analytics
View homepage, KPIs, and Analytics section	Admin Developer Disputes manager Read only Risk manager Support manager
Invoices
View and download monthly fees invoices	Admin
Issuing
Create and edit cards and cardholders; Simulate transactions	Admin Support manager
View all transactions, cards, cardholders, and card products	Admin Developer Disputes manager Disputes operator Read only Risk manager Support manager
View card number and CVC2	Admin
Network tokens
Access to download the reports from Network Tokens Dashboard page	Admin Support manager
Manage access from the Network Tokens Dashboard page - Enable, Disable, Add, Modify configurations for NT	Admin
Read access to the Network Tokens Dashboard page	Admin Disputes manager Read only Risk manager Support manager
Notifications
Create, edit and delete workflow notifications	Admin Compliance operator Developer
View secret keys	Admin Developer
View the list of workflow notifications	Admin Compliance operator Developer Read only Support manager
Payments
Capture payments	Admin Support manager
Manage payment documents	Admin Support manager
Refund payments	Admin Support manager
View and manage billing descriptors	Admin
View and search for payments	Admin Compliance operator Developer Disputes manager Read only Risk manager Support manager
View, approve or reject pending refund requests triggered by account rules	Admin
View payment details	Admin Compliance operator Developer Disputes manager Disputes operator Read only Risk manager Support manager
Void payments	Admin Support manager
Payments creation
Create payments (Payment Links and manual payments)	Admin Support manager
View all Payment Links	Admin Compliance operator Read only Support manager
Personally identifiable information (PII)
View customer PII (such as name, card number and email)	Account application only Admin Compliance operator Developer Disputes manager Disputes operator IAM admin Read only Risk manager Support manager
Reports
View and generate payment reports	Admin Developer Disputes manager Read only Risk manager Support manager
Settlements
View and search for settlements	Admin Support manager
View bank accounts details settlements are made to	Admin
View settlements details and download the transaction breakdown report	Admin Support manager
Sub-entities
Download files associated with sub-entities	Account application only Admin Support manager
Onboard and edit sub-entity details	Admin Support manager
View list of own sub-entities only	Admin Disputes manager Read only Support manager
User management
Create, edit, and delete custom roles Cannot be added to a custom role	Admin IAM admin
Create, edit, and delete users on the account	Admin IAM admin
View the list of users on the account	Admin IAM admin
Vault
Access to download the reports from Vault Dashboard page	Admin Risk manager Support manager
Manage access from the Vault Dashboard page - Create, Delete, Edit Instruments	Admin
Read access to the Vault Dashboard page	Admin Disputes manager Disputes operator Risk manager Support manager

You must have the Admin role to create custom roles and assign them to users.

Sign in to the Dashboard.
Select the Settings menu in the top navigation bar.
Under Team settings, select Roles and permissions.
Under the Popular roles section, select View all roles.
On the Roles page, under Organization roles, select New role.
On the Create custom role page, under Settings, enter the Role name and Description.
Under Permissions, select the relevant permissions for the role.

You must assign at least one permission and can assign as many as needed, except for the following, which aren't available for custom roles:

User management – Account owner and Admin roles only
Manage team security settings including single sign-on – Account owner and IAM admin roles only
Manage processing settings (website URLs, payment methods, processing channels and account structure) – Account owner and Admin roles only

Save the custom role by selecting Create custom role.

The new role is displayed in the Popular roles section.

To view all custom and pre-defined roles set up and currently active for your organization:

Sign in to the Dashboard.
Select the Settings menu in the top navigation bar.
Under Team settings, select Roles and permissions.
Select View all roles.

You can edit permissions assigned to a role at any time.

Note

Editing a role affects the permissions for all users assigned to that role.

When a role is no longer needed, you can delete it from the Role details page for that role.

Note

Any user assigned to a role that is deleted is transferred to the Read only role by default.

Anyone with the View the list of users on the account permission can access the Roles and permissions page from the Settings menu, which lists all the account's users. Depending on your entity access and business needs, you can filter the list to find users whose details you can edit. The Account owner can view and manage all users for all entities on the account.

If your organization uses single sign-on, user management is handled by your third-party identity provider (IdP) and is not available within the Dashboard.

The Roles and permissions page provides an overview of all users, including their roles and user status.

The Last login column reflects the three possible user statuses:

Pending – The user has been invited to your Dashboard but hasn't yet accepted the invite or set up their sign in details. Invites expire after seven days.
[Timestamp] – The user has accepted the invite. The date and timestamp show the last time they accessed the Dashboard.
Expired – The user didn't accept the invite in time and it expired. To resend it, next to the status, select Resend invite.

To view more information or edit a user's details, select a row. The User profile page is displayed.

You can add as many users to your Dashboard as needed. You must provide each user’s email, name, and role, as well as the entities you want them to have access to.

New user invites expire after seven days. If the new user doesn't activate their account within that time frame, an Admin needs to resend the invite.

Sign in to the Dashboard.
Select the Settings menu in the top navigation bar.
Under Team settings, select Roles and permissions.
Under the Users section, select New user.
On the New user page:
- Under Settings, enter the user's First name, Last name, and Email address.
- Under Access to entities and entity segments, turn on the toggle for specific entities and segments you want the user to have access to.
  Alternatively, to give the user access to all existing and future entity segments, select Grant full access.
- Under Permissions, from the Role dropdown, select the user's role.
  If you select the Admin role, the access granularity is restricted at the legal entity level.
Select Save user.
A confirmation message appears and the new User profile page is displayed.
The new user's status is Pending. When they activate their account, this is replaced with [Timestamp].

Note

You can only assign a user to entities that you have access to. Once added, another Admin can amend the user’s access if required.

To edit an existing user's role and entity access:

Go to Settings > User permissions, and select the user.
In the User profile page, from the Role dropdown, update the user's role.
Select Save to confirm.

The user's details are updated.

To delete a user to revoke all their access rights and completely remove them:

Sign in to the Dashboard.
Select the Settings menu in the top navigation bar.
Under Team settings, select Roles and permissions.
Under the Users section, select the user.
In the User profile window that opens, select Delete user.
A confirmation dialog appears.
To confirm, select Delete user again.
A confirmation message appears and the user is removed from the Roles and permissions overview.

User permissions

Pre-defined roles

Permissions

Custom roles

Create a role

View all roles

Edit a role

Note

Delete a role

Note

Manage users

View users

Add a user

Note

Edit a user

Delete a user