> This is Payabli documentation. For a complete page index, fetch https://docs.payabli.com/llms.txt — append .md to any page URL for lightweight markdown. For section-level indexes, query parameters, and other AI-optimized access methods, see https://docs.payabli.com/ai-agents.md

# User roles overview

> Learn about user roles and permissions

When you add a user to your organization, you make two decisions: which user role to assign them, and where that user role applies.

A user role is a bundle of permissions assigned to a user at a specific scope. Permissions determine which actions a user can perform and which records they can view. The scope determines which part of your organization that access applies to. This article covers Payabli's default roles, what each role can do, and how scope affects access.

## Default roles

Payabli has four default tiered roles. The viewer, member, manager, and admin roles form a hierarchy: each role includes all the permissions of roles lower in the hierarchy, plus additional capabilities. For example, when you assign a user the manager role, they can do all of the things that a member or viewer can do.

| Role    | Intended users                                   | Capabilities                                                                                                                                                                                                         |
| ------- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Viewer  | Accountants, analysts, auditors                  | Read-only access to transactions, reports, customers, and payment history. Can't modify data, process transactions, or view boarding flow elements like templates and applications.                                  |
| Member  | Customer support, operations staff               | Can create and manage transactions, bills, invoices, and payment links. Can view boarding flows but can't modify them.                                                                                               |
| Manager | Department heads, operations managers            | Can create and manage vendors and customers. Can view boarding flows but can't modify them. Can invite and manage users with roles equal to or lower than their own.                                                 |
| Admin   | System administrators, IT staff, business owners | All manager permissions. Can manage paypoints, configure API credentials and webhooks, manage notifications and audit logs, read batches and funding data, and delete payment records. Can modify security settings. |

Payabli supports custom roles for organizations that need permissions tailored to specific workflows in the Payabli Portal. Contact your Payabli solutions engineer to discuss this feature.

To view your role, select your profile at the bottom of the sidebar, then select **User Profile**. Your role appears beneath your organization name. Admins and managers can change or delete users with lower roles through **Settings > User Management** — for example, a manager can change a member's role but can't modify an admin's role.

## Access scope

Every role assignment targets a specific entity: either an organization or a paypoint. Organization-level assignments take precedence and cascade down — a user with an org-level role has that access across every paypoint in the organization.

**Organization-level access** applies across the entire organization, including all paypoints under it. If you have suborganizations, access cascades the same way: from the organization down through suborganizations to all paypoints beneath them.

**Paypoint-level access** scopes the role to a single paypoint only. Users can hold different roles at different paypoints, and a paypoint-level role can be stronger than the user's org-level role. For example, a user might be a member across the organization but a manager at one specific paypoint.

To review a user's roles and scope assignments, go to **User Management**, select a user, and click **View User Access** at either the org or paypoint level.

Where you are in Payabli when you create a user determines the scope of their assignment. You can check your current context using the context switcher in the top right — it lists the name and type (organization or paypoint) of your current context. Click it to switch between organizations or paypoints. At the paypoint level, the user role assignment is for that paypoint only. When you [create a user](/guides/pay-ops-portal-users-manage), you can assign user roles for multiple paypoints within an organization.

## Related resources

See these related resources to help you get the most out of Payabli.

* **[Manage users (API)](/guides/pay-ops-developer-users-manage)** - Learn how to add and manage users in Payabli
* **[Manage users in the UI](/guides/pay-ops-portal-users-manage)** - Learn how to add and manage users in PartnerHub and PayHub
* **[Manage your profile](/guides/platform-portal-user-profile-manage)** - Learn how to manage your user profile in the Payabli UI

- **[Entities overview](/guides/platform-entities-overview)** - Understand how entities like organizations, suborganizations, paypoints, customers, and vendors work in Payabli