User Roles & Access Control
Voucherify organizes work on promotional campaigns with Users and Projects. These components give you the ability to launch enterprise-grade promotions, which require the involvement of many parties. Let's see how access control in Voucherify works in practice.
Contents
- Key Concepts
- Merchants with no access to the dashboard
- Roles of users with access to the dashboard:
- Assign a user to a built-in role
- Create a custom role and assign user (enterprise feature)
- Role permissions
If you want to share and redeem promo codes by collaborating with affiliates, we supplied Voucherify with features that enable you to limit users' access to the dashboard and perform particular actions only.
Key concepts
- Users – you can invite team members to collaborate on campaigns on the Dashboard. After account confirmation, new users can be granted access to projects. Each user's activity is tracked and can be seen in the audit logs. Go here to learn how to invite new members.
- Projects – projects group campaigns in collections. The primary goal of projects is to help you control user access to campaigns. You can define which users have access to separate projects. For example, Jane can operate only on new acquisition campaigns but cannot access employee discounts. Go here to learn more about managing your projects.
- API keys – each project can have multiple API keys. This gives you the ability to control how your team members and 3rd party vendors interact with the API and access data. Learn more about API keys here.
The user structure is managed per project. However, the custom roles are defined for the whole organization.
Merchants with API keys
Merchants with API keys are allowed to perform validation and redemption of single incentives only, excluding other activities, as they do not have access to the Dashboard. You can make as many redemption points as you want to and keep the only rights to create and manage your coupons.
Coupons are generated and managed by your Voucherify account.
- When vouchers are ready, you can deliver them to your affiliates (Merchants) where they are published.
- Customers can now come to these stores (Merchants) to redeem their codes.
- The Merchant sends a redemption request to Voucherify. If the coupon is valid, Voucherify sends a positive response, and the redemption is successful (all redemption details are noted in your Voucherify account).
Go here to learn more about the coupon redemption process.
Configuration
The Merchant role is available with unique API keys, which you can create in the Voucherify Dashboard.
To begin, open the Project Settings and go General > Application Keys section.
- Choose Plus to generate unique API keys and assign them to a particular merchant (you can add as many merchants as you want to). After you define a name for a merchant and choose the Merchant role, choose Create access API key option.
- Share the API key with your affiliate and send the coupons (see export options) to publish. With these credentials, the Merchant can validate/redeem delivered codes.
Users with dashboard access
Within Team settings, you can also assign particular roles to your team members and affiliates. Roles control what kind of access to your data a specific user is granted.
The roles can be added only by the ADMIN user, who doesn't have any limits on an account.
The process is divided into two main steps:
- Define a role – grant access to particular data and activities (endpoints).
- Invite a new team member and assign them to the role.
Role types
While inviting a new team member to the project, an administrator can assign one of the built-in roles:
| Role | Description |
|---|---|
| ADMIN | Has full access to everything in the workspace. |
| USER | Can read, modify and export data from an assigned project, but cannot add new team members or create new projects. |
| RESTRICTED USER | Can manage and perform campaign tasks (like validation, redemption, and rollbacks) only within their assigned areas or stores, which are set by an admin or account owner. |
| VIEWER | Can read all data from an assigned project and export data, but cannot modify any data. |
| MERCHANT | Can search vouchers by the code, search customers by their source id, email, and phone number, redeem vouchers and view redemptions invoked with his/her account. Merchants have access to the products list but can't update or create products. They won't be able to read any other data in the project or perform any other action besides a redemption. Merchants are allowed to export their redemptions. |
| CUSTOM ROLE (enterprise feature) | ADMIN can create new roles and set access rights allowed for each of them. By default, custom roles have data export disabled. |
Managing roles
To manage Users' Structure, go to the Team settings – ROLES.
In the roles directory, you can:
- view actions performed within predefined roles (click on a role name to view details),
- add new roles (see the section below),
- edit your custom roles with the pencil tool. (enterprise feature)
Assign a user to a built-in role
You can invite a new team member to use one of the default roles (User, Merchant, or Viewer). Read more here.
Create a custom role and assign a user (enterprise feature)
If you'd like to add a new role, follow these steps:
In Team Settings > Roles, duplicate one of the predefined roles, and the app will direct you to the edit tool.
Name your role, select the limitations of your given user role, and click Save.
Go to Team Settings > Team. If you choose to add a new member, click Invite Member.
- You will have the option of adding an email address and their first and last name, adding the user to a project, and assigning the custom role to the user within the project scope.
To add the user to a project, Select a Project from the list and then select the Role the user will have within the project.
To remove the user from a project, click on the X button.
When you are finished with assigning projects and roles, click Invite Member. Read more about inviting a member here.
If you choose to edit a user, click on the tricolon ⁝ next to the user whose role you would like to modify, then choose Edit. You have the option of updating their first and last name, remove the user from a project, add the user to a project and assign the custom role to the user.
When you are finished with assigning projects and roles, click Save.
Role permissions
The table below lists all permissions available and the default roles.
Custom roles can be configured with any combination of available permissions for precise control over user actions and access.
| Permission | ADMIN | USER | VIEWER | MERCHANT | USER_RESTRICTED |
|---|---|---|---|---|---|
| General Permissions | |||||
| Read dashboard | YES | YES | YES | NO | YES |
| Access onboarding process | YES | YES | NO | NO | YES |
| Areas Permissions | |||||
| Join areas and stores | NO | NO | NO | NO | YES |
| Manage areas | YES | NO | NO | NO | NO |
| Read areas | YES | YES | YES | YES | NO |
| Campaigns Permissions | |||||
| Read Campaigns | YES | YES | YES | NO | YES |
| Create Campaigns | YES | YES | NO | NO | YES |
| Modify Campaigns and related Validation Rules | YES | YES | NO | NO | YES |
| Delete Campaigns | YES | YES | NO | NO | YES |
| Enable Campaigns | YES | YES | NO | NO | YES |
| Disable Campaigns | YES | YES | NO | NO | YES |
| Export Points Expirations | YES | YES | YES | NO | YES |
| Limitations (Campaigns) | |||||
| Campaigns' updates must be approved by Managing User | NO | NO | NO | NO | NO |
| Created Campaigns must be approved by Managing User | NO | NO | NO | NO | NO |
| Campaign Templates Permissions | |||||
| Read Campaign Templates | YES | YES | YES | NO | NO |
| Create and modify Campaign Templates | YES | YES | NO | NO | NO |
| Delete Campaign Templates | YES | YES | NO | NO | NO |
| Voucher Permissions | |||||
| Read Vouchers | YES | YES | YES | NO | YES |
| Read Voucher by code | YES | YES | NO | YES | YES |
| Create Vouchers | YES | YES | NO | NO | YES |
| Import Vouchers | YES | YES | NO | NO | YES |
| Export Vouchers | YES | YES | YES | NO | YES |
| Modify Vouchers | YES | YES | NO | NO | YES |
| Delete Vouchers | YES | YES | NO | NO | YES |
| Enable Vouchers | YES | YES | NO | NO | YES |
| Disable Vouchers | YES | YES | NO | NO | YES |
| Redeem Voucher | YES | YES | YES | YES | YES |
| Rollback Redemptions | YES | YES | NO | NO | YES |
| Publish Voucher | YES | YES | YES | NO | YES |
| Add balance to Gift Vouchers | YES | YES | NO | NO | YES |
| Limitations (Vouchers) | |||||
| Adding vouchers to existing Campaign must be approved by Managing User | NO | NO | NO | NO | NO |
| Vouchers' updates must be approved by Managing User | NO | NO | NO | NO | NO |
| Created standalone Vouchers must be approved by Managing User | NO | NO | NO | NO | NO |
| Redemptions Permissions | |||||
| Read Redemptions | YES | YES | YES | YES | YES |
| Read Redemptions history of identified Voucher | YES | YES | YES | NO | YES |
| Rollback Redemptions | YES | YES | YES | NO | YES |
| Export Redemptions | YES | YES | YES | YES | YES |
| Limitations (Redemptions) | |||||
| Limit listing of Redemptions to those done by User | NO | NO | NO | YES | NO |
| Distributions Permissions | |||||
| Read Distributions and Publications | YES | YES | YES | NO | YES |
| Create and modify Distributions | YES | YES | NO | NO | YES |
| Enable Distributions | YES | YES | NO | NO | YES |
| Disable Distributions | YES | YES | NO | NO | YES |
| Export Publications | YES | YES | YES | NO | YES |
| Customers Permissions | |||||
| Read Customers | YES | YES | YES | NO | YES |
| Read single Customer by ID or Source ID | YES | YES | NO | YES | YES |
| Create and modify Customers and Segments | YES | YES | NO | NO | YES |
| Export Customers | YES | YES | YES | NO | YES |
| Import Customers | YES | YES | NO | NO | YES |
| Products Permissions | |||||
| Read Products | YES | YES | YES | YES | YES |
| Create and modify Products and Products Collections | YES | YES | NO | NO | YES |
| Import Products | YES | YES | NO | NO | YES |
| Orders Permissions | |||||
| Read Orders | YES | YES | YES | NO | YES |
| Create and modify Orders | YES | YES | NO | NO | YES |
| Import Orders | YES | YES | NO | NO | YES |
| Export Orders | YES | YES | YES | NO | YES |
| Events Permissions | |||||
| Read events and technical logs | YES | YES | NO | NO | YES |
| Project Settings Permissions | |||||
| Access Project Settings | YES | YES |
NO | NO | YES |
| Access and configure Integrations | YES | NO | NO | NO | NO |
| Access to Project's Users list (required for features like Validation Rules or Redemptions filtering) | YES | YES |
YES | NO | YES |
| Modify base Project Details (like Locale, etc) | YES | NO | NO | NO | NO |
| Read API keys and other Settings | YES | YES |
NO | NO | NO |
| Modify API keys and other Settings including upgrading API version | YES | NO | NO | NO | NO |
| Read defined Webhooks | YES | YES |
NO | NO | YES |
| Create and modify Webhooks | YES | NO | NO | NO | NO |
| Read Metadata Schema | YES | YES |
NO | YES | YES |
| Add and modify Metadata Schema | YES | NO | NO | NO | NO |
| Read Custom Event Schema | YES | YES | NO | NO | YES |
| Add and modify Custom Event Schema | YES | NO | NO | NO | NO |
| Delete Custom Event Schema | YES | NO | NO | NO | NO |
| Validation Rules Permissions | |||||
| Read Validation Rules | YES | YES | YES | NO | YES |
| Create and modify Validation Rules | YES | YES | NO | NO | YES |
| Delete Validation Rules | YES | YES | NO | NO | YES |
| Limitations (Validation Rules) | |||||
| Validation Rules' changes must be approved by Managing User | NO | NO | NO | NO | NO |
| Landing Pages Permissions | |||||
| Read Landing Pages | YES | YES | YES | NO | YES |
| Create and modify Landing Pages | YES | YES | NO | NO | YES |
| Delete Landing Pages | YES | YES | NO | NO | YES |
| Locations Permissions | |||||
| Read Locations | YES | YES | YES | NO | YES |
| Create and modify Locations | YES | YES | NO | NO | YES |
| Delete Locations | YES | YES | NO | NO | YES |
| Categories Permissions | |||||
| Read Categories | YES | YES | YES | NO | YES |
| Create and modify Categories | YES | YES | NO | NO | YES |
| Delete Categories | YES | YES | NO | NO | YES |
| CMS Integrations Permissions | |||||
| Bloomreach | YES | YES | NO | NO | YES |
| Contentful | YES | YES | NO | NO | YES |
| Amplience | YES | YES | NO | NO | YES |