Role-Based Access Control

Understand the capabilities of your role type and leverage role-based access control to manage your users' privileges within P2PE Manager.

The P2PE Manager has a role-based access control (RBAC) system with three primary user roles: partner level users, client level users, and Key Injection Facility (KIF) users, as described below.

Partner level user roles:
• Partner User
• Fulfillment Partner
• Partner Supervisor

Client level user roles:
• Client User
• Client Admin
• Client Custodian
• Client Procurement

Partner Users

A Partner User is an entity that refers, sets up, or supports clients who are processing on Bluefin’s P2PE platform and is not an end user of the platform. For example, a partner could be a software provider, a merchant account sales office, a payment gateway, or a reseller of a payment gateway.

Fulfillment Partner

Fulfillment Partners have access to the same resources as Partner Users, but they also have the ability to view client shipments.

Partner Supervisor

Partner Supervisors have access to the same resources as Partner Users, but they also have the ability to view client shipments and attestations.

Client User

Client Users are merchants who are processing P2PE transactions. The is the default role for a Client User. Users with this role can manage devices, shipments, attestations and view transactions; however, they cannot order or take custody of devices.

Client Admin

Users with the Client Admin role have access to the same functionality as Client Users; however, they can also create additional users and manage the client's locations.

Client Custodian

The Client Custodians are users who will receive a device but who will not be the end users of that device. They are assigned responsibility for maintaining custody of the device for a short period. This user can manage devices, shipments and attestations, but they cannot view transactions.

Client Procurement

Users with the Client Procurement role have access to device-ordering functionality. They also have read-only access to attestations, and cannot view transactions. This role is designed for users who must be able to replenish devices or manage their repair status, but who do not need to manage device compliance.

KIF Users

The Key Injection Facility (KIF) performs encryption key injection of Point of Interaction (POI) devices. KIF users interact with devices before they are sent to the Client/Merchant. A KIF user has the ability to manage other KIF users, create devices, shipments and update equipment requests.

Access Control

The following table outlines the access afforded to users with each of the security roles:

ResourceKIF UserPartner SupervisorPartner FulfillmentPartner UserClient AdminClient UserClient ProcurementClient Custodian
Users
Partners
Clients
Manufacturers
Partner Device Types
Locations
Shared Devices
Devices
Shipments
Attestations
Transactions
Reports
Procure Equipment✔#

✔# A KIF user can modify an equipment request but they cannot create one.