User Permissions
Last updated: June 7, 2023
Not all users on the Dashboard have the same permissions. Control what your users can access with User Permissions, a set of roles that can be applied to a group of users. If you have multiple entities, you can also decide which of these each user has access to.
This page explains:
The Dashboard comes with several pre-defined roles, so you can ensure your users have the appropriate permissions across the platform:
- Administrator Owner
- Administrator
- Developer
- Disputes Manager
- Disputes Operator
- Identity and Access Management (IAM) Administrator
- Support Manager
- Read Only
The Administrator Owner is the overall owner for the account, and has access to all permissions.
Every other role has its own set of permissions, as described in the following table:
| Permission | Admin | Developer | Disputes Manager | Disputes Operator | IAM Admin | Support Manager | Read Only |
|---|---|---|---|---|---|---|---|
Transfer ownership | |||||||
View and manage users Add, edit, and delete users. | |||||||
View user activity | |||||||
View homepage and analytics | |||||||
View payments View payments list and search for payments. | |||||||
View balances | |||||||
Manage payment documents | |||||||
Manage payments Capture, void, or refund payments. | |||||||
View disputes View the Unanswered disputes and All disputes lists. | |||||||
Manage disputes Accept disputes and submit evidence. | |||||||
View and generate payment reports | |||||||
View keys | |||||||
Create keys | |||||||
Manage keys Update or delete existing keys. | |||||||
Manage team security Manage team security settings, including single sign-on. | |||||||
View settlements | |||||||
View sub-entities View list of own sub-entities only. | |||||||
Manage sub-entities View, onboard and edit sub-entities' details. | |||||||
Download sub-entity files Download files associated with sub-entities. | |||||||
View and download monthly invoices | |||||||
Edit decline lists and risk rules | |||||||
Create Payment Links | |||||||
View all Payment Links |
- Navigate to Team > User Permissions, find the Popular roles section, then select + New role. If the + New role button is not visible, select View all roles to expand the Popular roles section.
- In the roles section, you can navigate through the sidebar menu to review and assign available permissions. You can assign as many as you need, except for the following permissions, which are not available for custom roles:
- Roles management – limited to the account owner and admins only.
- Transfer ownership of the account – limited to the account owner only.
- Once you've assigned at least one permission, you can give your custom role a unique name, and provide a description to summarize its use.
- Save the custom role by selecting Create role. The new role will be displayed in the Popular roles section.
Selecting View all roles shows all roles set up and currently active for your organization for both custom and pre-defined roles.
You can edit permissions assigned to a role at any point. Note that editing a role will affect permissions for all users who are assigned to that role.
When a role is no longer needed, you can delete it from the details page for that role. Note that any user assigned to a role that is deleted will be transferred to the Read Only role by default.
Create custom roles with pre-defined permissions to ensure users have access to relevant information and tools - all from the Checkout.com Dashboard.
Anyone with the 'View users' permission can access the User Permissions screen (under Settings), which provides a record of all users on an account. Depending on your entity access and business needs, the list on view will filter to reflect the users whose details you can edit. The Administrator Owner can view and manage all users for all entities on the account.
If your organization leverages single sign-on, user management will be delegated to your third-party identity provider (IdP) and will not be available within Dashboard.
The User Permissions screen provides a view of all users at a glance, including their roles and user status.
The Last login column reflects the three possible user statuses:
PENDING: the user has recently been invited to your platform and is yet to accept the invitation and set up their login details (users have seven days to accept an invitation before it expires)[Timestamp]: the user has accepted the invitation — the date and timestamp show the last time the user accessed the platformEXPIRED: the user has failed to accept the invitation in time and the token has expired
To view more information or edit a user's details, click on a row. You will be taken to the user's profile.
You can add as many users to your Dashboard as you require. A user’s email, name, and role are all mandatory, as well as the entities you want them to have access to.
New user invitations expire after seven days. If the new user doesn't activate their account within that timeframe, the invitation will need to be resent. This can be done by any Administrator.
- In Team > User Permissions, select +New user under the Users header. A new screen will load.
- Enter the user's First name, Last name, and Email.
- Tick the Legal entities you want the user to have access to.
- Select the Role you want the user to have. By default, this is set to Read Only.
Note
You can only assign a user to the entities that you have access to. Once added, another Administrator can amend the user’s access if required.
- Select Save new user.
A confirmation message pops up and you will be taken to the new user's profile.
Information
The new user has a PENDING status. When they activate their account, this will be replaced with a timestamp.
Edit an existing user's role and entity access.
- In Team > User Permissions, select a user. This will open the details window.
- Use the Role drop-down to update a user's role.
- Tick or untick the Legal entities you want the user to have access to.
- Select Save to confirm.
The user's details are updated.
Delete a user to revoke all their access rights and completely remove them from the platform.
- In Team > User Permissions, select a user. This will open the user's profile page.
- Select Delete user.
- To confirm, select Delete user again.
A confirmation message pops up and the user is removed from the User Permissions screen.