Role-Based Access Control
Understand the capabilities of your role type and leverage role-based access control to manage your users' privileges within P2PE Manager.
The P2PE Manager has a role-based access control (RBAC) system with three primary user roles: partner level users, client level users, and Key Injection Facility (KIF) users, as described below.
Partner level user roles:
• Partner User
• Fulfillment Partner
• Partner Supervisor
Client level user roles:
• Client User
• Client Admin
• Client Custodian
• Client Procurement
Partner Users
A Partner User is an entity that refers, sets up, or supports clients who are processing on Bluefin’s P2PE platform and is not an end user of the platform. For example, a partner could be a software provider, a merchant account sales office, a payment gateway, or a reseller of a payment gateway.
Fulfillment Partner
Fulfillment Partners have access to the same resources as Partner Users, but they also have the ability to view client shipments.
Partner Supervisor
Partner Supervisors have access to the same resources as Partner Users, but they also have the ability to view client shipments and attestations.
Client User
Client Users are merchants who are processing P2PE transactions. The is the default role for a Client User. Users with this role can manage devices, shipments, attestations and view transactions; however, they cannot order or take custody of devices.
Client Admin
Users with the Client Admin role have access to the same functionality as Client Users; however, they can also create additional users and manage the client's locations.
Client Custodian
The Client Custodians are users who will receive a device but who will not be the end users of that device. They are assigned responsibility for maintaining custody of the device for a short period. This user can manage devices, shipments and attestations, but they cannot view transactions.
Client Procurement
Users with the Client Procurement role have access to device-ordering functionality. They also have read-only access to attestations, and cannot view transactions. This role is designed for users who must be able to replenish devices or manage their repair status, but who do not need to manage device compliance.
KIF Users
The Key Injection Facility (KIF) performs encryption key injection of Point of Interaction (POI) devices. KIF users interact with devices before they are sent to the Client/Merchant. A KIF user has the ability to manage other KIF users, create devices, shipments and update equipment requests.
Access Control
The following table outlines the access afforded to users with each of the security roles:
| Resource | KIF User | Partner Supervisor | Partner Fulfillment | Partner User | Client Admin | Client User | Client Procurement | Client Custodian |
|---|---|---|---|---|---|---|---|---|
| Users | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Partners | ✔ | ✔ | ✔ | |||||
| Clients | ✔ | ✔ | ✔ | |||||
| Manufacturers | ✔ | |||||||
| Partner Device Types | ✔ | ✔ | ✔ | |||||
| Locations | ✔ | ✔ | ✔ | ✔ | ||||
| Shared Devices | ✔ | ✔ | ✔ | |||||
| Devices | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Shipments | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Attestations | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Transactions | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Reports | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Procure Equipment | ✔# | ✔ | ✔ | ✔ | ✔ | ✔ |
✔# A KIF user can modify an equipment request but they cannot create one.
Updated about 3 years ago