> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pesaswap.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Users and roles

Manage users, roles, and their access to your PesaSwap account.

## What are Users & Roles?

Users are people who can access your PesaSwap account. Roles control what each user can do.

## Business Profile

### Default Profile

When you create a PesaSwap account, you get a **default** business profile automatically. This is where your payments are processed.

## User Roles

### Organization Admin

**Full Control** - Can do everything in PesaSwap

* Add/remove users
* Create merchant accounts
* Manage all payments
* Access all reports
* Change all settings

### Merchant Admin

**Merchant Control** - Can manage one merchant account

* Add users to their merchant
* Manage payments for their merchant
* View reports for their merchant
* Configure payment methods

### User

**Basic Access** - Can only do specific tasks

* Process payments (if allowed)
* View payments (if allowed)
* Cannot change settings
* Cannot add other users

## How to Invite a User

### Step 1: Go to Users Section

1. Login to PesaSwap dashboard
2. Click **Settings**
3. Click **Users & Roles**

<img src="https://imgstorepesaswap.blob.core.windows.net/images/user1.png" />

### Step 2: Invite User

1. Click **Invite User** button
2. Enter email address
3. Choose role (Admin or User)
4. Click **Send Invite**

<img src="https://imgstorepesaswap.blob.core.windows.net/videos/users%20-%20Made%20with%20Clipchamp.gif" />

### Step 3: User Joins

1. User receives email invitation
2. User clicks link and creates password
3. User can now access PesaSwap

## User Table

| Email                                               | Role               | Status | Actions      |
| --------------------------------------------------- | ------------------ | ------ | ------------ |
| [admin@business.com](mailto:admin@business.com)     | Organization Admin | Active | Edit, Remove |
| [manager@business.com](mailto:manager@business.com) | Merchant Admin     | Active | Edit, Remove |
| [staff@business.com](mailto:staff@business.com)     | User               | Active | Edit, Remove |

## What Each Role Can Do

### Organization Admin Can:

1. Everything
2. Add/remove users
3. Create merchant accounts
4. Access all payments and reports
5. Change all settings

### Merchant Admin Can:

1. Manage their merchant account
2. Add users to their merchant
3. Process payments
4. View reports for their merchant
5. Cannot access other merchants

### User Can:

1. Process payments (if given permission)
2. View payments (if given permission)
3. Cannot add users
4. Cannot change settings
5. Cannot access reports (unless given permission)

## Managing Users

### Change User Role

1. Go to **Users & Roles**
2. Find the user in the table
3. Click **Edit** in Actions column
4. Select new role
5. Click **Save**

### Remove User Access

1. Go to **Users & Roles**
2. Find the user in the table
3. Click **Remove** in Actions column
4. Confirm removal

### Give Specific Permissions

When inviting or editing a user, you can give them specific permissions:

* **View Payments**: Can see payment transactions
* **Create Payments**: Can process new payments
* **Refund Payments**: Can process refunds
* **View Reports**: Can access financial reports

## Example: Adding a Cashier

**Scenario**: You want to add a cashier who can only process payments

**Steps**:

1. Click **Invite User**
2. Email: `cashier@yourstore.com`
3. Role: **User**
4. Permissions: Select only **Create Payments**
5. Click **Send Invite**

**Result**: Cashier can login and process payments but cannot see reports or change settings.

## Security

### Password Requirements

* Minimum 8 characters
* Include numbers and special characters
* Cannot reuse last 3 passwords

### Two-Factor Authentication (2FA)

* **Required** for Organization Admins
* **Recommended** for all users
* Use SMS or Google Authenticator

### Session Security

* Automatic logout after 4 hours of inactivity
* Maximum 3 active sessions per user
* Admins can force logout any user

## Advanced Roles (For Admins & Developers)

<details>
  <summary>Click to view advanced role definitions</summary>

  | **Role Name**                | **Entity**   | **Scope**    | **Key Permissions**                                    |
  | ---------------------------- | ------------ | ------------ | ------------------------------------------------------ |
  | **Profile Admin**            | Profile      | Organization | Full control on profiles, users, workflows, connectors |
  | **Profile Operator**         | Profile      | Organization | Manages operations, workflows, connectors              |
  | **Profile Developer**        | Profile      | Organization | View analytics, manage accounts and connectors         |
  | **Profile View Only**        | Profile      | Organization | Read-only access across key sections                   |
  | **Profile Iam**              | Profile      | Organization | Manage users, view connectors and analytics            |
  | **Profile Customer Support** | Profile      | Organization | View operations, connectors, and analytics             |
  | **Merchant Admin**           | Merchant     | Organization | Manage users, settings, payments, and reports          |
  | **Merchant Developer**       | Merchant     | Organization | View and manage accounts, connectors, analytics        |
  | **Merchant Operator**        | Merchant     | Organization | Manage ops, recon, view analytics and users            |
  | **Merchant Iam**             | Merchant     | Organization | View/manage users, operations, analytics               |
  | **Merchant View Only**       | Merchant     | Organization | Read-only access to merchant data                      |
  | **Customer Support**         | Merchant     | Organization | View ops, recon, users, and analytics                  |
  | **Organization Admin**       | Organization | Organization | Super admin access across all modules                  |
</details>

## Getting Help

Need help with users and roles?

* Email: **[info@pesaswap.io](mailto:info@pesaswap.io)**
