Juspay Tenant User Management Guide

A guide to managing users, roles, and access across your Juspay tenant.

This guide covers creating and managing users at the tenant, reseller, and merchant levels including how to grant merchant access, configure roles and permissions, and switch between merchant contexts.

---

Understanding the Juspay Hierarchy

User Types

Context Types

When you log in or switch entities, you operate in a specific context. Your context determines what you can see and do in the system.

---

1. Creating Merchants

Merchants can be created by tenant users or reseller users.

1.1 As a Tenant

Tenants can create merchants with full configuration control:

1. Navigate to Merchants → Create Merchant

2. Fill in merchant details (ID, name, email, country, etc.)

3. Configure Juspay settings (2FA, merchant track, integration types, industry)

4. Set access control (initial roles/ACL for the merchant)

5. Configure client platforms and products

6. Create merchant

1.2 As a Reseller

Resellers have a simplified merchant creation flow:

1. Navigate to Merchants → Create Merchant

2. Fill in basic merchant details

3. Set access control

4. Create merchant (platform config is auto-set)

---

2. Creating Resellers

Only tenant administrators or tenant users with Resellers RW can create resellers.

1. Navigate to Resellers → Create Reseller

2. Enter reseller information (ID, name, email, type)

3. Configure security settings (2FA, login limits, password policies)

4. Assign payment gateways

5. Create reseller

---

3. Managing Tenant Users

Tenant Users have the highest level of access in your organization.

What tenant users can do

• Access all merchants (direct and under resellers)

• Create and manage resellers and merchants

• Manage all user types (tenant, reseller, merchant)

• Configure tenant-level settings

• Access consolidated analytics

3.1 Creating a Tenant User:

Step 1.

Navigate to User Creation

Go to Users → Create User (while in TENANT context)

Step 2.

Enter User Email

Email Address: user@yourcompany.com

• Enter email address

• Must be unique across the system

• Corporate email recommended

Step 3.

Select Merchant Access (Optional)

As a tenant user, you can grant access to:

• All merchants (leave empty or select all)

• Specific merchants (select from dropdown)

The Merchant Access field appears as a multi-select dropdown:

• Searchable list of all merchants

• Select one or more merchants

• User can access selected merchants only

• Can be updated later

When to restrict merchant access:

• User should only manage specific merchants

• User is responsible for particular business units

• Security requirement to limit scope

Leave empty for:

• Full tenant administrators

• Users who need access to all current and future merchants

Step 4.

Assign Role

Select a tenant-level role:

• Tenant Admin

• Tenant Operations

• Tenant Finance

• Tenant Support

• Or any custom role you've created

Role automatically assigns all appropriate permissions.

Step 5.

Send Invitation

• Click Create User

• User receives invitation email with setup link

• Link is valid for 24 hours (configurable)

• User must set password and configure 2FA (if required)

3.2 Tenant User Invitation Flow

3.3 Managing Existing Tenant Users

3.4 View Tenant Users

1. Navigate to Users → List Users

3.5 Update Tenant User Email

1. Go to user details page

2. Click Update Email

3. Enter new email address

4. User must verify new email

5. Requirement: User status must be ACTIVE

3.6 Update Tenant User Role

1. Go to user details page

2. Click Update Role

3. Select new role

4. User's permissions automatically update to match new role

5. Changes take effect immediately

3.7 Update Merchant Access

See [Understanding Merchant Access]section for detailed instructions.

3.8 Enable/Disable Tenant User

3.9 Delete Tenant User

Soft Delete (Reversible):

1. Go to user details

2. Click Soft Delete

3. User status changes to SOFT_DEL

4. User cannot log in

5. Can be restored later

Hard Delete (Permanent):

1. Go to user details

2. Click Delete (requires special ACL permission)

3. Confirm action

4. User permanently removed

5. Cannot be undone

---

4. Managing Reseller Users

What are Reseller Users?

Reseller Users have access limited to their reseller's merchants. They can:

• Create merchants under their reseller

• Manage merchants assigned to their reseller

• Create users for their merchants

• Switch between their assigned merchants

• Cannot access tenant settings

• Cannot access other resellers' merchants

4.1 Creating a Reseller User

Step 1.

Switch to Reseller Context

Using Entity Switcher:

1. Click entity switcher (usually top-right)

2. Select the reseller

3. Context switches to RESELLER

OR from Reseller Details:

1. Navigate to Resellers → List Resellers

2. Click on reseller name

3. Go to Users tab

4. Click Create User

Step 2.

Enter User Email

Email: reselleruser@partnercompany.com

• Single email address

• Must be unique

• Partner organization email recommended

Step 3.

Assign Merchant Access [Optional or can be mandated]

The dropdown shows only merchants belonging to this reseller:

• Select specific merchants for the user

• Or select all reseller merchants for full access

Common patterns:

• Reseller Admin: Access to all reseller merchants

• Reseller Support: Access to all or subset of merchants

• Reseller Account Manager: Access to specific merchant portfolio

Step 4.

Assign Role or Configure ACL

Select from available reseller roles:

• Reseller Admin

• Reseller Operations

• Reseller Support

• Reseller Analyst

• Or any custom reseller role

Roles are pre-configured with appropriate permissions for reseller context.

Step 5.

Create User

• Click Create User

• User receives invitation email

• User completes setup (password, 2FA)

• User can access reseller dashboard

4.2 Managing Existing Reseller Users

View Reseller Users

Method 1: From Reseller Context

1. Switch to reseller context

2. Navigate to Users → List Users

3. See all users with access to this reseller

Method 2: From Reseller Details

1. Go to Resellers → List Resellers

2. Click on reseller name

3. Click Users tab

4.3 Update Reseller User Merchant Access

Validation:

• Cannot update own merchant access

• User must be ACTIVE status

• Must actually change access (not same as before)

• Can only assign merchants within the reseller

See [Understanding Merchant Access] for more details.

4.4 Update Reseller User Role/Permissions

The process for managing reseller users is the same as for tenant users.

---

5. Managing Merchant Users

Merchant Users have access limited to their specific merchant(s). They can:

• View and manage transactions for their merchant

• Process refunds (if permitted)

• Access merchant analytics

• Configure merchant settings (if permitted)

• Cannot access other merchants

• Cannot access tenant or reseller settings

5.1 Creating a Merchant User

Step 1.

Switch to Merchant Context

Option A: Using Entity Switcher

1. Click entity switcher

2. Select the merchant

3. Dashboard switches to MERCHANT context

Option B: From Merchant Details

1. Navigate to Merchants → List Merchants

2. Click on merchant name

3. Go to Users tab

4. Click Create User or Add User

Step 2.

Enter User Email

Email: merchantuser@merchantcompany.com

• Single email address

• Must be unique

• Merchant team member email

Step 3.

Assign Role or Configure ACL

Select a merchant-appropriate role:

• Merchant Admin: Full merchant management

• Merchant Operations: Day-to-day operations

• Merchant Finance: Financial reporting and analytics

• Merchant Support: Customer support operations

• Merchant Analyst: Analytics access only

Step 4.

Create User

• Click Create User

• User receives invitation email

• User completes setup

• User can access merchant dashboard

5.2 Managing Existing Merchant Users

View Merchant Users

Method I: From Merchant Details

1. Navigate to merchant details

2. Click Users tab

3. View all users with access to this merchant

Method II: From User List (with Filter)

1. Navigate to Users → List Users

5.3 Update Merchant User

Same process as other user types:

• Update email

• Update role

• Enable/disable

• Delete

---

6. Understanding Merchant Access

Merchant Access is a multi-merchant authorization system that allows users to access multiple merchants. Each user has a merchantsAccess field containing an array of merchant IDs they can access.

6.1 How Merchant Access Works

For Tenant Users

• Default: Can access ALL merchants under the tenant

• Restricted: Can be limited to specific merchants via merchant access

• Scope: Can see direct merchants and reseller merchants

Example:

• User A: merchantsAccess = [] → Access to all merchants (implicit)

• User B: merchantsAccess = ["merchant_1", "merchant_2"] → Only these two merchants

For Reseller Users

• Default: Can ONLY access merchants assigned to their reseller

• Restricted: Can be limited to specific merchants via merchant access

• Cannot: Access other resellers' merchants or tenant settings

Example:

• Reseller has 50 merchants

• Admin user: Access to all 50 merchants under the Reseller

• Support user: Access to 10 specific merchants

For Merchant Users

• Default: Single merchant access (their own merchant)

• Cannot: Can’t be granted access to multiple merchants

6.2 Granting Merchant Access

During User Creation

1. When creating a user (especially for tenant/reseller)

2. Look for Merchant Access field

3. Multi-select dropdown appears

4. Select one or more merchants

5. User gets access to all selected merchants

Field appearance:

• Searchable dropdown

• Shows merchant IDs and names

• Multi-select supported

• Only shows merchants within user's scope (tenant: all, reseller: reseller's only)

6.3 Updating Merchant Access

Step 1.

Navigate to User Details

Go to the user's detail page.

Step 2.

Click "Update Merchant Access"

Button appears for tenant and reseller users (not for merchant users in merchant context).

Step 3.

Update Merchant Access Modal Opens

The modal shows:

Current Merchant Access Table:

- Searchable list of currently accessible merchants

- Displays merchant IDs

- Shows serial numbers

- Pagination (5 merchants per page)

- Empty state if no access: "No accessible merchants is present"

Merchant Selection Dropdown:

- Multi-select dropdown

- Add or remove merchants

- Searchable

- Only shows merchants within scope

Step 4.

Modify Access

• Use dropdown to add new merchants

• Remove merchants from selection to revoke access

• Search for specific merchants

Step 5.

Save Changes

Click Update Merchant Access

Validation:

✗ Cannot update your own merchant access

✗ User must be in ACTIVE status

✗ Must actually change access (not same as before)

✓ Must select at least one merchant (if configured as mandatory)

6.4 Switching Between Merchants

Users with access to multiple merchants can switch between them:

Using the Entity Switcher

Users who have access to multiple merchants can switch between them using the Entity Switcher.

6.5 Merchant Access Restrictions

Required ACL:

• Tenant context: tenants: ReadWrite

• Reseller context: resellers: ReadWrite

6.6 Common Scenarios

Scenario 1: Tenant Support Agent Across All Merchants

Requirement: Support agent needs to help customers across all merchants.

Setup:

1. Create user in TENANT context

2. Assign "Tenant Support" role

3. Leave merchant access empty OR select all merchants

4. User can switch between any merchant to view orders, process refunds

Scenario 2: Reseller Manager for Specific Portfolio

Requirement: Reseller has 100 merchants, manager handles 20.

Setup:

1. Create user in RESELLER context

2. Assign "Reseller Operations" role

3. Select only the 20 specific merchants in merchant access

4. User can only switch between those 20 merchants

---

7. Roles and Permissions

7.1 Understanding Roles

Roles are predefined permission sets that simplify user management.

Benefits:

• Consistency: Same permissions for all users with the role

• Easy Management: Assign role instead of configuring individual permissions

• Scalability: Update role once to affect all users

• Maintainability: Central permission management

7.2 Role Structure

Each role contains:

7.3 Permission Levels

7.4 Creating a Custom Role

Step 1.

Navigate to Role Management

Go to Users → Roles → Create Role

Step 2.

Enter Role Information

Role Name: Custom Operations Manager

• Descriptive, unique name

• Example: "Merchant Operations Manager", "Finance Analyst"

Description: Manages day-to-day merchant operations with approval rights

• Clear description of role purpose

• Include scope (tenant/reseller/merchant level)

Is Enabled: Active

• Set to Active to make role immediately available

• Set to Inactive to create but not allow assignment yet.

Step 3.

Configure Permissions

Select permission level for each module:

Example: Operations Manager Role

Scroll inside to view more

Module	Permission	Reason
orders	RW	Full order management
transactions	RW	View and manage transactions
refunds	RW	Process refunds
payment_links	RW	Create and manage payment links
analytics	R	View reports only
gateways_configuration	CHECKER	Approve gateway changes in maker-checker workflow
merchants	R	View merchant information only
users	RW	Manage users
settings	R	View settings but cannot modify them

Expand

3 columns 10 rows

Example: Finance Analyst Role

Scroll inside to view more

Module	Permission	Reason
orders	R	View orders only
transactions	R	View transactions only
refunds	R	View refunds only
analytics	R	View all reporting and analytics
settlement_reports	R	View settlement information
everything_else	NA	No access to configuration or management modules

Expand

3 columns 7 rows

Example: Support Agent Role

Scroll inside to view more

Module	Permission	Reason
orders	R	View customer orders
transactions	R	Check transaction status
refunds	RW	Process customer refunds
payment_links	R	View payment links
analytics	R	Access basic reporting
configuration_modules	NA	No access to configuration settings

Expand

3 columns 7 rows

Step 4.

Review & Create Role

• Review the complete permission matrix

• Ensure permissions align with role purpose

• Verify no unintended access granted

• Click Create Role

  • Role is now available for assignment to users

7.5 Cloning an Existing Role

To create a role based on an existing one:

Use case: Creating "Senior Support Agent" based on "Support Agent" with additional permissions.

7.6 Managing Roles

7.7 Best Practices for Roles

1. Principle of Least Privilege

• Grant minimum permissions needed for the job

• Start restrictive, expand only when necessary

2. Clear Naming Conventions

• Use descriptive role names

• Include scope in name: "Tenant Finance Analyst", "Reseller Support Agent"

3. Thorough Descriptions

• Document role purpose clearly

• Note intended user types

• List key responsibilities

4. Regular Reviews

• Review role permissions quarterly

• Remove unused roles

• Update permissions to match business needs

5. Separation of Duties

• Don't combine maker and checker permissions in one role

• Separate operational and approval permissions

• Keep financial reporting separate from operations

6. Role Hierarchy

• Create roles for different seniority levels

• Junior, Senior, Manager tiers as needed

• Clear permission escalation path

---

8. Frequently Asked Questions

User Creation and Management

Merchant Access

Roles and Permissions

Security

Troubleshooting