Skip to main content

User Roles

Modifying User Permissions

After a team member accepts their invitation, you maintain the flexibility to modify their role as necessary. You can access the option to adjust a team member’s role from your account’s user management settings. Click the edit icon next to their user account to make the desired changes.

Owner

  • Full access to the entire dashboard
  • Full control of products, discounts, taxes, surcharges, tips
  • Has access to invite new users
  • Has access to remove any user, including Admins
  • Can assign multiple Admins per business
  • Can access all reports and receives relevant notifications
  • Can access Sales and Reports across all locations and users
  • Can initiate a refund for any transaction

Admin

  • Full access to dashboard
  • Full control of products, discounts, taxes, surcharges, tips
  • Has access to invite new users with Manager and Cashier roles
  • Cannot remove other Admins
  • Has access to all reports and receives relevant notifications
  • Can access Sales and Reports across all locations and users
  • Can initiate a refund for any transaction

Manager

  • Has “View Only” access to bank account details
  • Full control of products & discounts only
  • Has “View Only” access to API keys
  • Managers will be able to access transactions that are not assigned to any location (e.g API transactions, Plugin transactions)
  • If assigned to a location, managers can only access transactions and export reports from their designated location
  • Can initiate a refund for transactions that do not have a location OR transactions under their designated location only

Cashier

  • Limited to accepting payments using:
    • Point of Sale
    • Recurring billing
    • Invoicing
  • Can access Sales and Reports but is restricted to viewing transactions conducted under their personal account only
  • Refund is restricted by default, Owners or Admins can configure whether to allow/disallow cashiers to perform a refund

Account Security & Shared Responsibility

At HitPay, securing account access is a shared responsibility between us and our SME partners. We enforce strict controls to ensure that only authorized personnel can access sensitive information:
  • Role-Based Access Controls: Each team member is assigned specific permissions aligned with their role, reducing the risk of misuse.
  • Two-Factor Authentication (2FA): 2FA is available for implementation and is highly recommended to add an extra layer of protection even if a password is compromised.
  • Password Sharing: We highly recommend not sharing your account passwords with your staff. Instead, each individual should use their own credentials to maintain accountability.
By following these guidelines, we work together to maintain a secure and reliable access environment.
I