Roles and Permissions

This guide outlines the different roles available on your Chapa Dashboard system and their associated permissions. Each role is designed for specific responsibilities and comes with a defined set of capabilities.

Roles and Permissions Overview

Role Descriptions

Admin

The Admin role has full access to all dashboard features and settings. This role is typically assigned to business owners or primary administrators who need complete control over the account.

Allowed Actions:

• Full dashboard access
• View and edit all balances
• Manage all transactions
• Approve and edit transfers
• Manage subaccounts
• Handle capital operations
• Manage chargebacks and refunds
• Full customer management
• Configure integrations
• Manage QR codes
• Create and manage funds
• Handle payment links
• Manage donations and events
• Control referrals and rewards
• Manage API keys
• Handle KYC and compliance
• Control account modes
• Manage business settings
• Full team management
• Configure Radar settings
• Manage virtual accounts
• Control swap operations

Restricted Actions:

• No restrictions

Finance

The Finance role is designed for financial managers who need to handle transactions, transfers, and financial operations while maintaining security restrictions on sensitive settings.

Allowed Actions:

• Full dashboard access
• View balances
• View and edit transactions
• View and edit transfers
• View subaccounts
• Manage capital
• Handle chargebacks and refunds
• View and edit customer data
• Create and manage funds
• Manage payment links
• Handle donations and events
• Manage referrals and rewards
• Handle KYC
• View account mode
• Handle compliance
• View business settings
• View virtual accounts
• Manage swap operations

Restricted Actions:

• Cannot edit balances
• Cannot approve transfers
• Cannot edit subaccounts
• Cannot manage integrations
• Cannot handle QR codes
• Cannot manage API keys
• Cannot edit account mode
• Cannot edit business settings
• Cannot manage teams
• Cannot access Radar
• Cannot edit virtual accounts

Developer

The Developer role is tailored for technical team members who need to configure integrations and manage API keys without access to financial operations.

Allowed Actions:

• Limited dashboard access
• View transactions
• View subaccounts
• Manage capital
• Configure integrations
• View QR codes
• Manage referrals and rewards
• Full API key management
• Control account mode
• View business settings
• View virtual accounts

Restricted Actions:

• Cannot view/edit balances
• Cannot manage transfers
• Cannot edit subaccounts
• Cannot handle chargebacks/refunds
• Cannot access customer data
• Cannot manage funds
• Cannot handle payment links
• Cannot manage donations/events
• Cannot handle KYC
• Cannot manage compliance
• Cannot edit business settings
• Cannot access teams
• Cannot access Radar
• Cannot edit virtual accounts
• No swap operations

Operation

The Operation role provides comprehensive operational access for managing day-to-day business activities while restricting sensitive financial and team management functions.

Allowed Actions:

• Full dashboard access
• View balances
• Manage transactions
• View transfers
• Manage subaccounts
• Handle capital
• Manage chargebacks and refunds
• Full customer management
• Configure integrations
• Manage QR codes
• Handle funds
• Manage payment links
• Handle donations and events
• Manage referrals and rewards
• Manage API keys
• Handle KYC
• Control account mode
• Handle compliance
• Manage business settings
• View virtual accounts

Restricted Actions:

• Cannot edit balances
• Cannot edit/approve transfers
• Cannot manage teams
• Cannot access Radar
• Cannot edit virtual accounts
• No swap operations

Customer Support

The Customer Support role is designed for support staff who need to view transactions and handle customer issues without access to financial or configuration settings.

Allowed Actions:

• Limited dashboard access
• View transactions
• View transfers
• Handle chargebacks and refunds
• View customer data
• View integrations
• View QR codes
• View payment links
• View donations and events
• Manage referrals and rewards
• View account mode
• View virtual accounts

Restricted Actions:

• Cannot access balances
• Cannot edit transfers
• Cannot access subaccounts
• Cannot handle capital
• Cannot edit customer data
• Cannot edit integrations
• Cannot edit QR codes
• Cannot manage funds
• Cannot edit payment links
• Cannot edit donations/events
• Cannot manage API keys
• Cannot handle KYC
• Cannot edit account mode
• Cannot handle compliance
• Cannot access business settings
• Cannot manage teams
• Cannot access Radar
• Cannot edit virtual accounts
• No swap operations

Cashier

The Cashier role provides minimal access for basic transaction viewing and QR code access, suitable for point-of-sale staff.

Allowed Actions:

• Basic dashboard access
• View transactions
• View QR codes

Restricted Actions:

• Cannot access balances
• Cannot edit transactions
• Cannot access transfers
• Cannot access subaccounts
• Cannot handle capital
• Cannot handle chargebacks/refunds
• Cannot access customer data
• Cannot manage integrations
• Cannot edit QR codes
• Cannot handle funds
• Cannot manage payment links
• Cannot handle donations/events
• Cannot manage referrals/rewards
• Cannot access API keys
• Cannot handle KYC
• Cannot access account mode
• Cannot handle compliance
• Cannot access business settings
• Cannot manage teams
• Cannot access Radar
• Cannot access virtual accounts
• No swap operations

Best Practices

• Principle of Least Privilege: Assign the minimum role necessary for each team member's responsibilities
• Regular Audits: Regularly review role assignments to ensure they're still appropriate
• Role Separation: Use different roles for different functions (e.g., Finance for financial operations, Developer for technical tasks)
• Security: Limit Admin role to trusted personnel only

Next Steps

• Security Guide - Learn about security best practices
• Test Mode vs Live Mode - Understand account modes