User Roles & Permissions
User Types
User Type is the foundational classification of every user in the system. It defines the structural access boundary — the absolute ceiling of what a user can see or do. Every user must have exactly one User Type.
| User Type | Scope |
|---|---|
| Super Admin | Full system access |
| Partner | Manages multiple merchants |
| Merchant | Manages business, users, and roles |
| Branch | Operates under a merchant |
| Terminal | Limited to transaction operations |
| User | Access based on assigned role |
User Type is system-defined and cannot be modified through role or permission assignment.
User Roles
A Role is a named, reusable collection of permissions. While User Type defines the access boundary, Role defines what actions a user can perform within that boundary.
Roles are operational, not structural they are assigned to users and can be reassigned or updated without changing the user's type.
Permissions
Permissions are the atomic units of access control. Each permission is the combination of a module and an action, and every role is a discrete set of these combinations.
Actions
| Action | Definition |
|---|---|
| Read | View existing records |
| Write | Create new records |
| Edit | Modify existing records |
| Delete | Remove records permanently |
| Export | Extract data outside the system |
Modules
| Module | Description |
|---|---|
| Payment Link | Link-based payment requests |
| Terminal | POS terminal operations |
| Config | System-level configuration |
| Theme Config | Interface appearance settings |
| Branch | Branch entity management |
| Merchant | Merchant entity management |
| Dashboard | Aggregated analytics view |
| User | User account management |
| Partner | Partner entity management |
| Role | Role definition and assignment |
| Onboarding | Merchant onboarding workflows |
| Payout | Outbound payment operations |
| Threat Logs | Fraud and risk event log |
| Audit Logs | System activity trail |
| Transaction | Transaction records and history |
| Initiate Payment Link | Payment link generation |
| Reconciliation | Transaction matching and settlement |
Access Determination
A user's effective access is the product of three additive layers, evaluated in sequence:
| Layer | Function |
|---|---|
| User Type | Defines the maximum permissible boundary |
| Role | Applies a predefined permission set within that boundary |
| User-Level Overrides | Adjusts specific permissions for an individual user |
User-level overrides allow per-user adjustments without creating a dedicated role. Overrides cannot exceed the User Type ceiling under any condition.
Management Scope
Users can create, edit, or delete users and roles only if they are lower in the hierarchy.
Updated 3 days ago