Roles and permissions
Roles and permissions are used to give users the correct access to various system functionality relating to their business roles. A user may have multiple roles. ActiveServer comes with pre-defined user roles:
- System admin - for managing the technical upkeep for the instance, including deployment and licensing, directory server connection management, system settings management plus monitoring system notifications.
- Page access: Directory servers, Deployment, Audit logs, Settings, About, Profile, System notifications.
- User admin - for managing users for the instance, including assigning roles.
This role is able to see all merchants in the system to enable it to assign a merchant to a single scope user. There must always be one user with this role.
- Page access: Merchants, User Management.
- Business admin - for managing the business processes for all merchants on the instance, including viewing dashboard statistics, managing merchant functions and viewing transaction history.
- Page access: Dashboard, Merchants, Transactions, Profile.
- Merchant admin - for managing the business processes for a single merchant on the instance, including viewing dashboard statistics, managing merchant details and viewing transaction history.
- Page access: Dashboard, Merchants, Transactions, Profile.
- Merchant - for users who require read only access to a single merchant on the instance, including viewing dashboard statistics, viewing merchant details and viewing transaction history.
- Page access: Dashboard, Merchants, Transactions, Profile.
Permission scope¶
Each user role has a level of scope attached to allow a User admin user to define the correct level of access to entities within the system.
Merchant scope¶
In relation to Merchants, scope indicates whether the user will be able to access all merchants and their information (e.g. statistics, details, transactions), or just allow access to a single merchant's information:
- All scope - The Business admin role has authority over all merchants. This allows them to select all merchants when viewing dashboard statistics, search/edit/create/delete all merchants and view transactions for all merchants in the system. The User admin has access to viewing merchant details for the purposes of assigning merchants to single scope users.
- Single scope - The Merchant admin and Merchant roles have authority over a single merchant only. After a merchant is assigned to their profile, they can access only that merchant's dashboard statistics, merchant details and transactions.
- No scope - The System admin role does not have any permissions relating to managing merchants, and therefore is not able to access any pages with merchant functionality.
This separation of duties allows clients managing multiple merchants in a single system, such as Payment Service Providers, to give granular control to individual merchants if required.
Important
If a user is assigned roles that have both All and Single scope, the All scope will take precedence.
Assigning merchants¶
If a user has Single scope level access in relation to merchants, a User admin can assign them an already created merchant to manage.
If the user already has a merchant assigned to them, this can be overwritten in their profile but they cannot have more than merchant at a time.
Permission list table¶
The following table provides a detailed view of the specific permissions granted to the user roles. The Scope column indicates permissions that have a scope attached to it where appropriate.
User Note
Through this document you will see these User Note boxes, which indicate what features are available to specific user roles.
| Page | Sub page | Permission | Scope | System Admin | User Admin | Business Admin | Merchant Admin | Merchant |
|---|---|---|---|---|---|---|---|---|
| Dashboard | View all merchant statistics | All merchants | ✔ | |||||
| View merchant statistics | Single merchant | ✔ | ✔ | |||||
| Merchants | Search | View all merchant details | All merchants | ✔ | ✔ | |||
| View merchant details | Single merchant | ✔ | ✔ | |||||
| Create multiple merchants | All merchants | ✔ | ||||||
| Delete multiple merchants | All merchants | ✔ | ||||||
| Merchant Settings | View all merchant details | All merchants | ✔ | ✔ | ||||
| View merchant details | Single merchant | ✔ | ✔ | |||||
| Edit all merchant details | All merchants | ✔ | ||||||
| Edit merchant details | Single merchant | ✔ | ||||||
| View all merchant notes | All merchants | ✔ | ||||||
| Edit all merchant notes | All merchants | ✔ | ||||||
| Edit all merchant enabled status | All merchants | ✔ | ||||||
| Download all merchant certificates | All merchants | ✔ | ||||||
| Download merchant certificate | Single merchant | ✔ | ✔ | |||||
| Revoke all merchant certificates | All merchants | ✔ | ||||||
| Revoke merchant certificates | Single merchant | ✔ | ||||||
| Rotate all merchants encryption key | All merchants | ✔ | ||||||
| Rotate merchant encryption key | Single merchant | ✔ | ||||||
| Acquirer | View acquirers | ✔ | ||||||
| Create acquirer | ✔ | |||||||
| Edit acquirer | ✔ | |||||||
| Delete acquirer | ✔ | |||||||
| Directory Servers | View Directory Server settings | ✔ | ||||||
| Edit Directory Server settings | ✔ | |||||||
| View Directory Server certificates | ✔ | |||||||
| Edit Directory Server certificates | ✔ | |||||||
| Transactions | View all merchant transactions | All merchants | ✔ | |||||
| View merchant transactions | Single merchant | ✔ | ✔ | |||||
| Deployment | Nodes | View deployment information | ✔ | |||||
| Edit deployment information | ✔ | |||||||
| Activation Status | View activation details | ✔ | ||||||
| Edit product activation information | ✔ | |||||||
| User Management | Search | View all users details | All users | ✔ | ||||
| Add users | ✔ | |||||||
| Delete users | ✔ | |||||||
| Details | Edit all users details | All users | ✔ | |||||
| Edit all users roles | All users | ✔ | ||||||
| Edit all users status | All users | ✔ | ||||||
| Audit Logs | View all audit logs | ✔ | ||||||
| Settings | System | View system settings | ✔ | |||||
| Edit system settings | ✔ | |||||||
| Security | View security settings | ✔ | ||||||
| Edit security settings | ✔ | |||||||
| 3D Secure 2 | View 3D Secure 2 settings | ✔ | ||||||
| Edit 3D Secure 2 settings | ✔ | |||||||
| About | View details | ✔ | ✔ | ✔ | ||||
| User profile | Edit profile | View user details | Single user | ✔ | ✔ | ✔ | ✔ | ✔ |
| Edit user details | Single user | ✔ | ✔ | ✔ | ✔ | ✔ | ||
| Notifications | View system notifications | ✔ | ||||||
| View user notifications | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Reset Password | Reset password | ✔ | ✔ | ✔ | ✔ | ✔ |