Role-Based Access Control
Understand the capabilities of your role type and leverage role-based access control to manage your users privileges within P2PE Manager
The P2PE Manager has a role based access control system. There are three primary user roles: Partner level users, Client level users, and a KIF user. Partner level user roles are comprised of Partner User, Partner Fulfillment, and Partner Supervisor. Client level user roles include Client User, Client Admin, Client Custodian, and Client Procurement.
Partner level user roles:
• Partner Users
• Partner Fulfillment
• Partner Supervisor
Client level user roles:
• Client User
• Client Admin
• Client Custodian
• Client Procurement
Partner Users
Partners are an entity that refers, sets up, or supports clients who are processing on Bluefin’s P2PE platform and is not an end user of the platform. For example, a Partner could be Software Provider, a merchant account sales office, a payment gateway, or a reseller of payment gateway.
Partner Fulfillment
Fulfillment Partners have access to the same resources as Partner Users, but they also have the ability to view Client Shipments.
Partner Supervisor
Partner Supervisors have access to the same resources as Partner Users, but they also have the ability to view client shipments and attestations.
Client User
Clients are merchants who are processing P2PE transactions. The is the default role for a Client User. Users with this role can manage devices, shipments, attestations and view transactions. However, they cannot order or take custody of devices.
Client Admin
Users with the Client Admin role have access to the same functionality as that of the Client Users. However they can also create additional users and manage the Client's locations.
Client Custodian
The Client Custodians user role is designed for users that will receive a device, but will not be the end user of the device. They are assigned responsibility for maintaining the custody of the device for a short period. This user can manage devices, shipments and attestations, but they cannot view transactions.
Client Procurement
Users with the Client Procurement role has access to device-ordering functionality. They also have read-only access to attestations, but cannot view transactions. This role is designed for users but must be able to replenish devices or manage their repair status, but do not need to manage device compliance.
KIF User
The key-injection facility (KIF) performs encryption key injection of POI devices. They interact with devices before they are sent to the Client/Merchant. A KIF user has the ability to manage other KIF users, create devices, shipments and update equipment requests.
Access Control
The following table outlines the access afforded to users with each of the security roles:
| Resource | KIF User | Partner Supervisor | Partner Fulfillment | Partner User | Client Admin | Client User | Client Procurement | Client Custodian |
|---|---|---|---|---|---|---|---|---|
| Users | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Partners | ✔ | ✔ | ✔ | |||||
| Clients | ✔ | ✔ | ✔ | |||||
| Manufacturers | ✔ | |||||||
| Partner Device Types | ✔ | ✔ | ✔ | |||||
| Locations | ✔ | ✔ | ✔ | ✔ | ||||
| Shared Devices | ✔ | ✔ | ✔ | |||||
| Devices | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Shipments | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Attestations | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Transactions | ✔ | ✔ | ✔ | ✔ | ✔ | |||
| Reports | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Procure Equipment | ✔# | ✔ | ✔ | ✔ | ✔ | ✔ |
✔# A KIF user can modify an equipment request but they cannot create one.
Updated 6 months ago