OwnPay uses a role-based access control (RBAC) system to govern what actions each user can perform and which data they can see. The design reflects OwnPay’s sovereign single-owner model: one master administrator controls the installation, while brand-level staff are strictly scoped to the brands they have been explicitly assigned to. There is no self-registration — every user account is created by an administrator.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt
Use this file to discover all available pages before exploring further.
The Sovereign Owner Model
The master administrator account is created during installation and holds unrestricted access to the entire OwnPay installation. No other user — regardless of their role — can see across brand boundaries, manage system settings, or access the master admin dashboard without the master administrator role. This is a deliberate design decision. OwnPay is infrastructure owned and operated by one entity. The master administrator is that entity’s representative. All other users are guests with delegated, scoped permissions.Default Roles
- Master Administrator
- Brand Staff
- Read-Only Viewers
The master administrator is the sovereign owner of the OwnPay installation.Scope: Entire installation — all brands, all data, all settingsCapabilities:
- Create, edit, and delete any brand
- View and manage transactions across all brands
- Create, invite, and remove any staff member on any brand
- Install and manage system plugins
- Configure system-wide settings (email, caching, queues)
- Access all API keys and webhook configurations across all brands
- View consolidated reports spanning all brands
Permission Scopes
Permissions are organized into named scopes. When creating a custom role, you select any combination of these scopes to define exactly what the role can do.| Permission Scope | What It Allows |
|---|---|
view_transactions | Read transaction records, payment details, and ledger entries for the assigned brand |
manage_gateways | Add, edit, configure, and remove payment gateways on the assigned brand |
manage_webhooks | Create, update, and delete webhook endpoints; view delivery logs; trigger test dispatches |
create_users | Invite new staff members to the assigned brand and assign them roles |
manage_customers | Create, edit, and delete customer records on the assigned brand |
manage_brands | Edit brand settings, branding, domain configuration, and appearance (master admin only for creating new brands) |
manage_plugins | Install, activate, deactivate, and remove gateway and extension plugins |
view_reports | Access financial reports, analytics dashboards, and export transaction data |
manage_settings | Modify brand-level configuration including email templates, notification settings, and checkout options |
Permission Matrix
| Permission | Master Admin | Brand Manager | Staff Member | View-Only |
|---|---|---|---|---|
view_transactions | ✅ | ✅ | ✅ | ✅ |
view_reports | ✅ | ✅ | ✅ | ✅ |
manage_customers | ✅ | ✅ | ✅ | ❌ |
manage_gateways | ✅ | ✅ | ❌ | ❌ |
manage_webhooks | ✅ | ✅ | ❌ | ❌ |
create_users | ✅ | ✅ | ❌ | ❌ |
manage_settings | ✅ | ✅ | ❌ | ❌ |
manage_brands | ✅ | ❌ | ❌ | ❌ |
manage_plugins | ✅ | ❌ | ❌ | ❌ |
| Access all brands | ✅ | ❌ | ❌ | ❌ |
No Self-Registration Policy
OwnPay does not support self-registration. Users cannot create their own accounts. Every account — including brand managers, staff members, and read-only viewers — must be created by the master administrator or by a brand-level user with thecreate_users permission.
This is intentional. A payment gateway should not have an open registration flow. Every person with access to transaction data should be explicitly authorized by a human who is accountable for that authorization.
Staff Invitation Flow
Navigate to Staff Management
Go to People → Staff within the brand context you want to add the user to.
Click Add Staff
Click Add Staff and fill in the new user’s details:
- Full Name
- Email Address — This becomes the login credential
- Role — Select a built-in role or a custom role you have created
- Brand Assignment — Which brand(s) this person can access
Send the Invitation
Click Create. OwnPay sends an invitation email to the address you provided. The email contains a secure one-time link.
User Sets Their Password
The invited user clicks the link in the email, sets their password (minimum 12 characters is enforced), and is redirected to their brand-scoped admin dashboard.
Invitation links expire after 48 hours. If a user does not accept their invitation in time, the master administrator must resend it from People → Staff → [user] → Resend Invitation.
Creating Custom Roles
If the default role configurations do not match your operational structure, you can create custom roles with exactly the permission scopes you need.- Go to People → Roles
- Click Add Role
- Enter a descriptive name for the role (e.g. “Finance Analyst”, “Customer Support”, “Developer”)
- Select the permission scopes this role should have
- Click Create
Example Role Configurations
Customer Support Agent
Customer Support Agent
A support agent needs to look up customer records and payment history to answer queries, and occasionally needs to create a payment link on a customer’s behalf. They should not be able to touch gateway configuration or financial settings.Permissions:
view_transactions, manage_customersFinance Analyst / Accountant
Finance Analyst / Accountant
An accountant or finance team member needs full read access to transactions and reports for reconciliation, but must not be able to create or modify any records.Permissions:
view_transactions, view_reportsDeveloper / Integration Engineer
Developer / Integration Engineer
A developer building an integration needs access to API keys, webhook configuration, and transaction logs for debugging. They do not need access to customer PII, staff management, or financial settings.Permissions:
view_transactions, manage_webhooksBrand Operations Manager
Brand Operations Manager
An operations manager running day-to-day payment operations for a brand needs full access except for plugin management and system-level settings.Permissions:
view_transactions, manage_gateways, manage_webhooks, create_users, manage_customers, view_reports, manage_settingsAuditing User Access
All actions performed by staff members are logged. To review what a specific user has done:- Go to Reports → Audit Log
- Filter by user email or user ID
- Review the timestamped list of actions, including what resource was affected and what change was made