User permissions

Last updated: July 16, 2025

User permissions enable you to control what your Dashboard users can access and what actions they can take. If you have multiple entities, you can also specify which entities each user has access to.

There are various pre-defined roles that have a fixed set of permissions. You can also create custom roles with specific permissions to meet your needs. Roles can apply to individual users or groups of users.

This page also provides guidance on how to manage your users.

The Dashboard has the following pre-defined roles that have a fixed set of permissions:

Manages all areas and edits settings of the Dashboard for own entities:

Account:
- Manage processing settings (website URLs, payment methods, processing channels and account structure)
- View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
- View sensitive business stakeholder details
Account activation – Manage applications for new entities and sub-entities
Account rules:
- Create, edit, or delete rules
- View the list of rules
Business account – View all sub-account balances
Compliance:
- Manage compliance requests
- View compliance requests
Developers:
- Create new keys
- Edit Issuing authorization relay settings
- View the list of keys
Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Fraud management – Decline high-risk payments
Funds management:
- Access spending credentials for all cards
- Create new, rename, and change limits for all cards
- View last four digits, transactions, and card name for all cards
- View spending credentials and transactions for cards assigned to them
Homepage & analytics – View homepage, KPIs, and Analytics section
Invoices – View and download monthly fees invoices
Issuing:
- Create and edit cards and cardholders; Simulate transactions
- View all transactions, cards, cardholders, and card products
- View card number and CVC2
Network tokens:
- Access to download the reports from Network Tokens Dashboard page
- Manage access from the Network Tokens Dashboard page - Enable, Disable, Add, Modify configurations for NT
- Read access to the Network Tokens Dashboard page
Notifications:
- Create, edit and delete workflow notifications
- View secret keys
- View the list of workflow notifications
Payments:
- Capture payments
- Manage payment documents
- Refund payments
- View and manage billing descriptors
- View and search for payments
- View, approve or reject pending refund requests triggered by account rules
- View payment details
- Void payments
Payments creation:
- Create payments (Payment Links and manual payments)
- View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Settlements:
- View and search for settlements
- View sensitive bank account details for settlements
- View settlements details and download the transaction breakdown report
Sub-entities:
- Download files associated with sub-entities
- Onboard and edit sub-entity details
- View list of own sub-entities only
User management:
- Create, edit, and delete custom roles
- Create, edit, and delete users on the account
- View the list of users on the account
Vault:
- Access to download the reports from Vault Dashboard page
- Manage access from the Vault Dashboard page - Create, Delete, Edit Instruments
- Read access to the Vault Dashboard page

Manage requests for information about payments that have been flagged for regulatory compliance checks.

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Compliance:
- Manage compliance requests
- View compliance requests
Notifications:
- Create, edit and delete workflow notifications
- View the list of workflow notifications
Payments:
- View and search for payments
- View payment details
Payments creation – View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)

Manages workflows and views access keys and payments data:

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Developers:
- Create new keys
- Edit Issuing authorization relay settings
- View the list of keys
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Notifications:
- Create, edit and delete workflow notifications
- View secret keys
- View the list of workflow notifications
Payments:
- View and search for payments
- View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports

Views payments data and manages disputes:

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Network tokens – Read access to the Network Tokens Dashboard page
Payments:
- View and search for payments
- View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Sub-entities – View list of own sub-entities only
Vault – Read access to the Vault Dashboard page

Manages disputes only:

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Issuing – View all transactions, cards, cardholders, and card products
Payments – View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Vault – Read access to the Vault Dashboard page

Manages team permission and security settings including single sign-on (SSO) configuration for all entities:

Account
- Manage team security settings including single sign-on
- View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
User management:
- Create, edit, and delete custom roles
- Create, edit, and delete users on the account
- Manage team security settings including single sign-on
- View the list of users on the account

Views payments data only for all entities:

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Disputes – View unanswered and all disputes lists
Funds management – View spending credentials and transactions for cards assigned to them
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Network tokens – Read access to the Network Tokens Dashboard page
Notifications – View the list of workflow notifications
Payments:
- View and search for payments
- View payment details
Payments creation – View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Sub-entities – View list of own sub-entities only

Manages the decline payments functionality and views payments data and disputes:

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Disputes – View unanswered and all disputes lists
Fraud management – Decline high-risk payments
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing – View all transactions, cards, cardholders, and card products
Network tokens – Read access to the Network Tokens Dashboard page
Payments:
- View and search for payments
- View payment details
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Vault:
- Access to download the reports from Vault Dashboard page
- Read access to the Vault Dashboard page

Views and manages payments data and disputes. For PayFac accounts, views sub-entities too:

Account - View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)
Disputes:
- Accept disputes and submit evidence
- View unanswered and all disputes lists
Homepage & analytics – View homepage, KPIs, and Analytics section
Issuing:
- Create and edit cards and cardholders; Simulate transactions
- View all transactions, cards, cardholders, and card products
Network Tokens:
- Access to download the reports from Network Tokens Dashboard page
- Read access to the Network Tokens Dashboard page
Notifications – View the list of workflow notifications
Payments:
- Capture payments
- Manage payment documents
- Refund payments
- View and search for payments
- View payment details
- Void payments
Payments creation:
- Create payments (Payment Links and manual payments)
- View all Payment Links
Personally identifiable information (PII) – View customer PII (such as name, card number and email)
Reports – View and generate payment reports
Settlements:
- View and search for settlements
- View settlements details and download the transaction breakdown report
Sub-entities:
- Download files associated with sub-entities
- Onboard and edit sub-entity details
- View list of own sub-entities only
Vault:
- Access to download the reports from Vault Dashboard page
- Read access to the Vault Dashboard page

Certain tasks in the Dashboard require a specific permission to carry out. Each permission may be available to one or more pre-defined roles. You can also add certain permissions individually to custom roles.

Permission	Pre-defined roles
Account
Manage account structure Cannot be added to a custom role	Account owner
Manage processing settings (website URLs, payment methods, processing channels, and account structure) Cannot be added to a custom role	Account owner Admin
Manage team security settings including single sign-on Cannot be added to a custom role	Account owner IAM admin
Transfer ownership Cannot be added to a custom role	Account owner
View account settings (business stakeholders, billing descriptors, processing channels, bank settlements, business contacts and payment methods)	Account owner Admin Compliance operator Developer Disputes manager Disputes operator Identity and access management (IAM) admin Read only Risk manager Support manager
View sensitive business stakeholder details Cannot be added to a custom role	Account owner Admin
Account activation
Manage applications for new entities and sub-entities Cannot be added to a custom role	Account application only
Account rules
Create, edit, or delete rules For configuring account rules, including approval flows	Admin
View the list of rules For account rules configured on the account	Admin
Business account
View all sub-account balances	Admin
Compliance
Manage compliance requests	Admin Compliance operator
View compliance requests	Admin Compliance operator
Developers
Create new keys	Admin Developer
Edit Issuing authorization relay settings	Admin Developer
Edit or delete keys	None
View the list of keys	Admin Developer
Disputes
Accept disputes and submit evidence	Admin Disputes manager Disputes operator Support manager
View unanswered and all disputes lists	Admin Disputes manager Disputes operator Read only Risk manager Support manager
Fraud management
Decline high-risk payments	Admin Risk manager
Funds management
Access spending credentials for all cards Beta For all the entity’s Corporate Cards	Admin
Create new, rename, and change limits for all cards Beta For Corporate Cards, including changing card users and revoking cards	Admin
View last four digits, transactions, and card name for all cards Beta For all the entity’s Corporate Cards	Admin
View spending credentials and transactions for cards assigned to them Beta For Corporate Cards assigned to you, including suspending and reactivating cards	Admin Read only
Homepage & analytics
View homepage, KPIs, and Analytics section	Admin Developer Disputes manager Read only Risk manager Support manager
Invoices
View and download monthly fees invoices	Admin
Issuing
Create and edit cards and cardholders; Simulate transactions	Admin Support manager
View all transactions, cards, cardholders, and card products	Admin Developer Disputes manager Disputes operator Read only Risk manager Support manager
View card number and CVC2	Admin
Network tokens
Access to download the reports from Network Tokens Dashboard page	Admin Support manager
Manage access from the Network Tokens Dashboard page - Enable, Disable, Add, Modify configurations for NT	Admin
Read access to the Network Tokens Dashboard page	Admin Disputes manager Read only Risk manager Support manager
Notifications
Create, edit and delete workflow notifications	Admin Compliance operator Developer
View secret keys	Admin Developer
View the list of workflow notifications	Admin Compliance operator Developer Read only Support manager
Payments
Capture payments	Admin Support manager
Manage payment documents	Admin Support manager
Refund payments	Admin Support manager
View and manage billing descriptors	Admin
View and search for payments	Admin Compliance operator Developer Disputes manager Read only Risk manager Support manager
View, approve or reject pending refund requests triggered by account rules	Admin
View payment details	Admin Compliance operator Developer Disputes manager Disputes operator Read only Risk manager Support manager
Void payments	Admin Support manager
Payments creation
Create payments (Payment Links and manual payments)	Admin Support manager
View all Payment Links	Admin Compliance operator Read only Support manager
Personally identifiable information (PII)
View customer PII (such as name, card number and email)	Account application only Admin Compliance operator Developer Disputes manager Disputes operator IAM admin Read only Risk manager Support manager
Reports
View and generate payment reports	Admin Developer Disputes manager Read only Risk manager Support manager
Settlements
View and search for settlements	Admin Support manager
View sensitive bank account details for settlements	Admin
View settlements details and download the transaction breakdown report	Admin Support manager
Sub-entities
Download files associated with sub-entities	Account application only Admin Support manager
Onboard and edit sub-entity details	Admin Support manager
View list of own sub-entities only	Admin Disputes manager Read only Support manager
User management
Create, edit, and delete custom roles Cannot be added to a custom role	Admin IAM admin
Create, edit, and delete users on the account	Admin IAM admin
View the list of users on the account	Admin IAM admin
Vault
Access to download the reports from Vault Dashboard page	Admin Risk manager Support manager
Manage access from the Vault Dashboard page - Create, Delete, Edit Instruments	Admin
Read access to the Vault Dashboard page	Admin Disputes manager Disputes operator Risk manager Support manager

You must have the Admin role to create custom roles and assign them to users.

Sign in to the Dashboard.
Select the Settings menu in the top navigation bar.
Under Team settings, select Roles and permissions.
Under the Popular roles section, select View all roles.
On the Roles page, under Organization roles, select New role.
On the Create custom role page, under Settings, enter the Role name and Description.
Under Permissions, select the relevant permissions for the role.

You must assign at least one permission and can assign as many as needed, except for the following, which aren't available for custom roles:

User management – Account owner and Admin roles only
Manage team security settings including single sign-on – Account owner and IAM admin roles only
Manage processing settings (website URLs, payment methods, processing channels and account structure) – Account owner and Admin roles only

Save the custom role by selecting Create custom role.

The new role is displayed in the Popular roles section.

To view all custom and pre-defined roles set up and currently active for your organization:

Sign in to the Dashboard.
Select the Settings menu in the top navigation bar.
Under Team settings, select Roles and permissions.
Select View all roles.

You can edit permissions assigned to a role at any time.

Note

Editing a role affects the permissions for all users assigned to that role.

When a role is no longer needed, you can delete it from the Role details page for that role.

Note

Any user assigned to a role that is deleted is transferred to the Read only role by default.

User permissions

Pre-defined roles

Permissions

Custom roles

Create a role

View all roles

Edit a role

Note

Delete a role

Note