Role-Based Access Control

Understand the capabilities of your role type and leverage role-based access control to manage your users privileges within P2PE Manager

The P2PE Manager has a role based access control system. There are three primary user roles: Partner level users, Client level users, and a KIF user. Partner level user roles are comprised of Partner User, Partner Fulfillment, and Partner Supervisor. Client level user roles include Client User, Client Admin, Client Custodian, and Client Procurement.

Partner level user roles:
• Partner Users
• Partner Fulfillment
• Partner Supervisor

Client level user roles:
• Client User
• Client Admin
• Client Custodian
• Client Procurement

Partner Users

Partners are an entity that refers, sets up, or supports clients who are processing on Bluefin’s P2PE platform and is not an end user of the platform. For example, a Partner could be Software Provider, a merchant account sales office, a payment gateway, or a reseller of payment gateway.

Partner Fulfillment

Fulfillment Partners have access to the same resources as Partner Users, but they also have the ability to view Client Shipments.

Partner Supervisor

Partner Supervisors have access to the same resources as Partner Users, but they also have the ability to view client shipments and attestations.

Client User

Clients are merchants who are processing P2PE transactions. The is the default role for a Client User. Users with this role can manage devices, shipments, attestations and view transactions. However, they cannot order or take custody of devices.

Client Admin

Users with the Client Admin role have access to the same functionality as that of the Client Users. However they can also create additional users and manage the Client's locations.

Client Custodian

The Client Custodians user role is designed for users that will receive a device, but will not be the end user of the device. They are assigned responsibility for maintaining the custody of the device for a short period. This user can manage devices, shipments and attestations, but they cannot view transactions.

Client Procurement

Users with the Client Procurement role has access to device-ordering functionality. They also have read-only access to attestations, but cannot view transactions. This role is designed for users but must be able to replenish devices or manage their repair status, but do not need to manage device compliance.

KIF User

The key-injection facility (KIF) performs encryption key injection of POI devices. They interact with devices before they are sent to the Client/Merchant. A KIF user has the ability to manage other KIF users, create devices, shipments and update equipment requests.

Access Control

The following table outlines the access afforded to users with each of the security roles:

ResourceKIF UserPartner SupervisorPartner FulfillmentPartner UserClient AdminClient UserClient ProcurementClient Custodian
Partner Device Types
Shared Devices
Procure Equipment✔#

✔# A KIF user can modify an equipment request but they cannot create one.

Did this page help you?