Paytronix allows for Custom Permission Groups to allow merchants greater flexibility in access to different areas and functions within the platform. By creating well-structured permission groups, clients can ensure their users have the appropriate level of access to perform their job functions while maintaining system security and data integrity.
What are Permission Groups?
Permission Groups are collections of access rights and privileges that define what users can view, edit, or manage within the Paytronix system. Each merchant can have multiple permission groups tailored to different roles within the organization, such as Customer Service representatives, Finance team members, IT Store Administrators, or general Administrators.
Common Considerations
Each permission group can contain a custom set of web page permissions that control access to specific features and functions. Common permissions that should be included in most groups:
Merchant Home - Access to the main merchant dashboard
Change Own Password
Permission Levels
While there are a growing range of Web Page Permissions, these permissions can have different access levels:
Read - View-only access to information
Write - Ability to create and modify information
Delete - Permission to remove information
New - Ability to create new items
Update - Permission to update existing items
Accessing Permission Groups
To create and manage permission groups:
Log into Paytronix Admin
In the Search type in Permission
Click on Manage Permission Groups
Creating a Permission Group
Step-by-Step Process
Navigate to Manage Permission Groups
Access Permission Groups
The system will display existing Permission Groups for your merchant, such as Customer Service, Finance, IT Store Admin, and Admin.
Create New Permission Group
Click on New Permission Group to begin creating a new group.
Configure Basic Information
Name: Enter a descriptive name for the permission group (e.g., "Wallet Manager", āFinanceā, āFranchisee Reportsā)
Label: Reuse the name value here
Type: Select the Merchant type
Select Permissions
Browse through the comprehensive list of available permissions and check the boxes for each permission you want to include in this group. Use the search functionality (e.g., search for "wallet") to quickly find specific permissions related to your group's purpose.
Save the Permission Group
Once all permissions are selected, save the permission group. The new group will now appear in the list of available permission groups for the merchant.
Example: Wallet Manager Permission Group
A Wallet Manager permission group is an excellent example of a specialized role. This group is designed for users who need to manage customer wallet functions without requiring full administrative access.
Key Permissions for Wallet Manager
Wallet Manager - Enables View Access to the tool
Wallet Manager - Create New Wallet - enables the ability to create and edit wallets
LoadMap Report - Provides visibility into Storeās eligible wallets and configuration patterns
Merchant Setup Rule - Read - Access for Advanced Users to view Wallet Manager created rules
Merchant Setup Rule - Write - Access for Advanced Users to edit Wallet Manager created rules
Best Practices and other Recommendations
1. Follow the Principle of Least Privilege
Grant users only the permissions they need to perform their job functions. Avoid creating overly broad permission groups that provide unnecessary access. This minimizes security risks and reduces the potential for accidental or intentional misuse of system features.
2. Use Clear, Descriptive Names
Choose permission group names that clearly indicate their purpose and the role they support. Names like "Wallet Manager," "Customer Service," or "Finance Team" are immediately understandable, while vague names like "Group1" or "Special" create confusion and maintenance challenges.
3. Create Role-Based Groups
Design permission groups around specific job roles or functions within your organization. This approach makes it easier to assign appropriate permissions when onboarding new users and ensures consistency in access levels across similar positions.
4. Regularly Review and Update Permissions
Conduct periodic audits of your permission groups to ensure they remain aligned with current business needs and security requirements. Remove obsolete permissions and add new ones as your organization's needs evolve.
5. Use Search to Find Related Permissions
When configuring permission groups, leverage the search functionality to find all related permissions. For example, searching for "wallet" will surface all wallet-related permissions, ensuring you don't miss important access controls that should be included in the group.
6. Document Permission Group Purposes
Maintain documentation that explains the purpose of each permission group and the specific job functions it supports. This documentation is invaluable for system administrators, especially during user onboarding, role changes, or compliance audits.
7. Test Permission Groups Before Deployment
Before assigning a new permission group to production users, test it thoroughly with a test account to verify that all necessary functions are accessible and no unintended access has been granted.
8. Maintain Separation of Duties
Ensure that permission groups maintain appropriate separation of duties, particularly for sensitive financial operations. For example, users who can adjust wallet balances should be separate from those who approve financial reconciliations.