LuxPay for businessOperational

Roles and permissions

Design permissions that reduce error and separate execution, review, and approval.

Last reviewed: For: Business owner · Branch manager · Security team

Start with tasks, not titles

Roles called manager and employee are not enough. List the actions each role needs: accept payment, view reports, create a refund, approve a refund, manage users, or review settlement. Then grant the smallest useful set.

Separation of duties

For sensitive operations, separate:

  • The person creating an action from the person approving it.
  • The person refunding funds from the person reviewing refunds.
  • User administration from audit review.
  • Settlement preparation from settlement approval.

Separation does not have to block routine work. Amount thresholds or step-up approval can apply only when an action exceeds the ordinary range.

Scope and duration

Authority should define what action, where it applies, and for how long. A branch manager does not automatically control all branches, and temporary access should expire automatically.

Periodic review

Review access after role changes, transfers, contract termination, and incidents. Do not rely on memory; use active-membership, device, and sensitive-action reports.

Broad permission is faster during setup, but it turns every small mistake into a larger financial effect.

Also read Person and business identity and Account security and verification.