Appearance
Roles & Permissions
GovPayPlan uses role-based access control (RBAC) to manage what users can see and do within the platform.
Default Roles
GovPayPlan includes four default roles:
Viewer
Purpose: Read-only access for oversight and monitoring
| Capability | Access |
|---|---|
| View transactions | Yes |
| View reports | Yes |
| Process payments | No |
| Issue refunds | No |
| Manage users | No |
| Configure settings | No |
Operator
Purpose: Day-to-day payment processing
| Capability | Access |
|---|---|
| View transactions | Yes |
| View reports | Yes |
| Process payments | Yes |
| Issue refunds | Yes (with limits) |
| Manage users | No |
| Configure settings | No |
Manager
Purpose: Team oversight and limited administration
| Capability | Access |
|---|---|
| View transactions | Yes |
| View reports | Yes |
| Process payments | Yes |
| Issue refunds | Yes (higher limits) |
| Manage users | Yes (same or lower roles) |
| Configure settings | Limited |
Administrator
Purpose: Full system access and configuration
| Capability | Access |
|---|---|
| View transactions | Yes |
| View reports | Yes |
| Process payments | Yes |
| Issue refunds | Yes (unlimited) |
| Manage users | Yes (all users) |
| Configure settings | Yes (all settings) |
Permission Categories
Payments
- View payments
- Create payments
- Edit payments
- Void payments
Refunds
- Issue refunds
- Refund limit amount
- Approve refunds over limit
Reports
- View reports
- Export reports
- Schedule reports
- Create custom reports
Users
- View users
- Create users
- Edit users
- Deactivate users
- Delete users
Settings
- View settings
- Edit agency settings
- Configure payment types
- Manage integrations
Custom Roles
Administrators can create custom roles for specific needs.
Creating a Custom Role
- Navigate to Settings > Roles
- Click Create Role
- Enter role name and description
- Select permissions for each category
- Save the role
Editing Custom Roles
- Open the role from the roles list
- Modify permissions as needed
- Save changes
WARNING
Changing role permissions affects all users assigned to that role.
Deleting Custom Roles
- Ensure no users are assigned to the role
- Open the role settings
- Click Delete Role
Assigning Roles
Single User
- Navigate to the user's profile
- Select the new role from the dropdown
- Save changes
Bulk Assignment
- Go to Settings > Users
- Select multiple users
- Click Actions > Change Role
- Select the new role
- Confirm
Refund Limits
Operators and Managers have refund limits to control financial risk.
Setting Refund Limits
- Navigate to Settings > Roles
- Select the role
- Under Refunds, set:
- Per-transaction limit
- Daily limit
- Requires approval over amount
Over-Limit Refunds
When a user attempts a refund over their limit:
- Refund goes to pending approval
- Manager or Admin is notified
- Approver reviews and approves/denies
- User is notified of decision
Audit and Compliance
Role Change Logging
All role assignments and changes are logged:
- Who made the change
- Previous role
- New role
- Timestamp
Access Reviews
Best practice: Review role assignments quarterly
- Remove unnecessary access
- Verify role appropriateness
- Document review completion
Related Topics
- User Management - Manage user accounts
- Security Settings - Additional security controls