Users & Permissions Management

Control who can access your Devdraft Console and what they can do with role-based access control (RBAC). Manage team members, assign appropriate permissions, and maintain security across your organization.

Why RBAC Matters

Role-based access control ensures that team members have the right level of access for their responsibilities:
  • Security: Prevent unauthorized access to sensitive data
  • Compliance: Meet regulatory requirements for data protection
  • Efficiency: Streamline workflows by giving appropriate permissions
  • Audit Trail: Track who performed what actions and when
Proper RBAC implementation is essential for organizations handling financial data and customer information.

Understanding Roles

Devdraft provides predefined roles with specific permission sets:

Admin Role

Admin Permissions

  • Full access to all features and settings
  • Can manage users and roles
  • Can view and modify all transactions
  • Can configure webhooks and API keys
  • Can access audit logs and reports
  • Can manage organization settings
Admin role should be limited to key personnel who need full system access.

Finance Role

Finance Permissions

  • View all transactions and reports
  • Process refunds and handle disputes
  • Access financial analytics and exports
  • Manage payout configurations
  • View customer payment information
  • Cannot modify API keys or webhooks

Viewer Role

Viewer Permissions

  • View transactions and reports (read-only)
  • Access basic analytics and metrics
  • View product store information
  • Cannot modify any data or settings
  • Cannot access sensitive configuration

Custom Roles

Create custom roles to match your organization’s specific needs and workflows.
1

Define Role Requirements

Identify what permissions each team member needs for their role.
2

Create Custom Role

Navigate to Users & PermissionsRolesCreate Role.
3

Configure Permissions

Select specific permissions for the custom role:
  • Transaction management
  • Product store access
  • Webhook configuration
  • API key management
  • User management
  • Settings access
4

Assign to Users

Assign the custom role to appropriate team members.

Managing Team Members

Inviting New Users

1

Navigate to Users

Go to Users & PermissionsUsers in the Devdraft Console.
You’ll see a list of current team members and their roles.
2

Send Invitation

Click Invite User and enter their email address.
You can invite multiple users at once by entering multiple email addresses.
3

Assign Role

Select the appropriate role for the new team member:
  • Admin
  • Finance
  • Viewer
  • Custom role
4

Set Permissions

Configure specific permissions if using a custom role.
5

Send Invite

Review the invitation details and send the invite.
Invited users will receive an email with a secure link to join your organization.
Users and permissions dashboard with role assignments

User management interface showing team members and their assigned roles

Managing Existing Users

User Management Actions

  • View Profile: See user details and activity
  • Change Role: Update user permissions
  • Suspend Access: Temporarily disable user access
  • Remove User: Permanently remove from organization
  • Reset Password: Help users regain access

User Activity Monitoring

1

Access User Activity

Click on any user to view their activity log.
2

Review Actions

See what actions the user has performed:
  • Login times and locations
  • Transactions processed
  • Settings changed
  • API calls made
3

Set Alerts

Configure alerts for suspicious activity:
  • Unusual login times
  • Failed authentication attempts
  • Sensitive operations performed

Permission Categories

Devdraft organizes permissions into logical categories:

Transaction Management

transaction_permissions
object
Permissions related to viewing and managing transactions.

Product Store Access

product_permissions
object
Permissions related to managing products and inventory.

System Configuration

system_permissions
object
Permissions related to system settings and configuration.

User Management

user_permissions
object
Permissions related to managing team members and roles.

Security Best Practices

RBAC Security Guidelines

  • Principle of Least Privilege: Give users only the permissions they need
  • Regular Reviews: Periodically review user permissions and roles
  • Role Separation: Separate duties between different roles
  • Access Monitoring: Monitor user activity for unusual patterns
  • Timely Removal: Remove access immediately when users leave
  • Strong Authentication: Require 2FA for sensitive roles

Implementing Least Privilege

1

Assess User Needs

Determine what each user actually needs to do their job.
2

Create Specific Roles

Design roles that provide only necessary permissions.
3

Test Permissions

Verify that users can perform required tasks with assigned permissions.
4

Monitor Usage

Track how permissions are being used and adjust as needed.

Audit Trail

Track all user actions for security and compliance:

What’s Logged

Audit Trail Events

  • User login/logout events
  • Permission changes
  • Transaction modifications
  • Settings updates
  • API key generation/revocation
  • Webhook configuration changes
  • User invitations and removals

Accessing Audit Logs

1

Navigate to Audit Trail

Go to Users & PermissionsAudit Trail.
2

Filter Events

Filter by:
  • User
  • Action type
  • Date range
  • Resource affected
3

Export Logs

Download audit logs for external analysis or compliance reporting.
Audit trail dashboard with filtered events and timestamps

Audit trail interface showing user actions and system events

Compliance Considerations

Proper RBAC implementation helps meet various compliance requirements.

Regulatory Requirements

PCI DSS

  • Access control requirements
  • User authentication
  • Activity monitoring
  • Regular access reviews

GDPR

  • Data access controls
  • User consent management
  • Right to be forgotten
  • Data processing logs

Compliance Reporting

1

Generate Reports

Create reports showing:
  • User access levels
  • Permission assignments
  • Activity summaries
  • Security incidents
2

Review Regularly

Conduct periodic reviews of:
  • User permissions
  • Role assignments
  • Access patterns
  • Security policies
3

Document Changes

Maintain records of:
  • Permission changes
  • User additions/removals
  • Role modifications
  • Security incidents

Troubleshooting

Best Practices

User Management Best Practices

  • Create role templates for common job functions
  • Use descriptive role names and descriptions
  • Implement approval workflows for sensitive permissions
  • Conduct regular access reviews (quarterly recommended)
  • Document role responsibilities and requirements
  • Train users on security best practices
  • Monitor for unusual access patterns
  • Have a clear offboarding process

Next Steps

Explore these related topics to enhance your user management:

Audit Trail

Learn how to monitor and track user activity.

Settings

Configure security settings and access controls.