Managing Users and Their Privileges
You can control the identity and the level of access of each user. Users can be assigned individual permissions or a role, which contains a pre-determined set of permissions. This section describes how to choose roles and permissions:
Types of Privileges
Adding and Modifying Users and their Privileges
User Management Report
When your account is created, you are given one default user, which has the same name as your merchant ID.
This merchant user is an administrator who can create up to nine merchant ID users. However, your account provider may allow a different number of users. For more information, contact your account provider. Merchant users can add users, modify, and delete users.
Types of Privileges
All users can be assigned either specific permissions or a role, which is a group of permissions.
Permissions
When a user, including an administrator, performs a task, the Business Center verifies that the user has the correct permission for the task. For example, only an account administrator can configure reports.
You may need to combine several permissions to allow users to perform what appears to be a single task. For example, to process credit card authorizations and sales in the Virtual Terminal, users must have three permissions: Virtual Terminal Transaction, Payment Authorization, and Payment Capture/Settlement/Debit.
* 
Before assigning any of the permissions, make sure that the feature is part of your package. In addition to the documentation guides mentioned below, refer also to the online help for the section of the Business Center for instructions on configuring users.
The following tables show the permissions available for users (Table 3) and administrators (Table 4).
Table 3
Description of User Access Privileges 
Location or Type
Description and Usage
Virtual Terminal
These permissions gives the user access to the various functions of the Virtual Terminal:
Virtual Terminal Settings View: can see but cannot modify the Virtual Terminal settings.
Virtual Terminal Settings Management: can see and modify Virtual Terminal settings.
Virtual Terminal Transaction: can process transactions in the Virtual Terminal.
If you are the merchant account holder and have the Virtual Terminal Transaction permission, you may be able to process transactions for your merchants if you also have one or more of the Payment permissions. For more information, contact your account provider.
Payment
These permissions give the user the ability to successfully process in the Business Center the specified payment type(s) if the user also has permission to use the feature where the payment type can be processed, such as the Virtual Terminal Transaction permission:
Payment Authorization: can process credit card authorizations.
Payment Capture/Settlement/Debit: can process credit card capture (sale or capture with verbal authorization) and electronic check debit.
Payment Credit: can refund money to the customer: all credits (card and electronic check).
Payment Void: can void a credit or debit or can reverse a card authorization.
Re-Authorization: can see and click the link; can retrieve the order information in the Transaction Search and process a new authorization in the Virtual Terminal; must have the Payment Authorization permission to successfully re-authorize a partial transaction.
Re-Authorization and Settlement: can see and click the link; can retrieve the order information in the Transaction Search and process a new authorization in the Virtual Terminal; must have the Payment Authorization and Capture/Settlement/Debit permissions to successfully process a re-authorization and capture.
New Order from Previous Authorization: can see and click the link; can retrieve the order information in the Transaction Search and process a new authorization in the Virtual Terminal; must have the Payment Authorization permission to successfully process a new order.
For more information about these payment types, see the documentation specific to the features that you are authorized to use: Processing an Order with the Virtual Terminal.
Transaction Search
This permission gives the user access to the Transaction Search feature of the Business Center:
Transaction View: can search for transactions and view their details. If the user with this permission has the appropriate Payment permission(s), this user can also refund money or void a transaction by using the button options on the search details page.
For more information about searching for transactions, see Searching and Reviewing Orders.
Transaction Search Results Export
This permission gives the user the ability to export search results.
 
Table 4
Description of Administrator Access Privileges
Location or Type
Description and Usage
User Management
These permissions gives the user access to the permissions that can be assigned to users:
User View: can see the list of users and the permissions assigned to each user.
User Management: can see, create, modify, and delete users privileges; can generate a User Management Report to view a list of users and their permissions. The user with this permission is a manager (not an administrator) who cannot assign individual permissions but can assign existing roles to other users (not to other user managers or administrators).
Merchant Settings
These permissions give the user access to some of the basic information of the merchant ID:
Banking Information Management: can see and modify the payment processor information.
Merchant Information Management: can see and modify the basic contact and service information.
API Key Management: can see, create, modify, and delete API keys. For more information on API keys, see the Business Center Simple Order API User’s Guide.
Hosted Order Page
These permissions give the user access to the management options of the Hosted Order Page:
HOP Script Management: can see, create, and delete the Hosted Order Page security scripts but cannot see or modify the settings.
HOP Script View: can see the Hosted Order Page security scripts but cannot modify them; cannot see or modify the settings.
HOP Settings Management: can see and modify the Hosted Order Page settings; cannot see, create, or delete the security scripts.
HOP Settings View: can see the Hosted Order Page settings but cannot modify them.
For more information about the Hosted Order Page, see the Business Center Hosted Order Page User's Guide.
Reporting
These permissions give the user access to the many reports functions:
Report Settings View: can see the report settings and subscriptions.
Report Settings Management: can modify report settings and subscriptions.
Report View: can search for and view reports.
Report Download: can download programmable reports but cannot log into the Business Center.
For more information about reports, see the Business Center Reporting User's Guide
Roles
By combining permissions into roles, you can customize how your users access and use the Business Center. In addition, to update the users who are assigned a role, you need to update only the permissions defined in the role. The figure below shows an organization with the default roles (administrator and report download) at the top and several users below. Users are listed in order of creation.
Read-Only Roles
The Business Center provides two default roles: administrator and report download:
Administrator: This role, assigned to the account and merchant users, contains all permissions. The account administrator, created during registration, has the same name as your merchant ID and can assign the administrator role to up to nine other users. These administrator users can be modified or deleted as necessary, but the account administrator user cannot be modified or deleted. All administrators can add, modify, and delete merchant ID users.
Report Download: This role exists only to enable you to download programmable reports. The password assigned to this role never expires, but the user cannot log into the Business Center.
Custom Roles
Only administrators (account or merchant can create and modify roles. When creating a role, you can add and later modify the role with any of the permissions in Table 3 and Table 4 above that can be assigned to a user. For example, instead of assigning individual permissions to process orders in the Virtual Terminal, you can create a role for that purpose. This role would contain the three required permissions: Virtual Terminal Transaction, Payment Authorization, and Payment Capture/Settlement/Debit.
When adding permissions to a role, remember to assign to an administrator or to a user only the appropriate permissions.
Adding and Modifying Users and their Privileges
You can view a list of users under the Account Management section of the Business Center. This section describes briefly how to add and modify users. If you are logged in as a user with the correct permissions, you can perform these tasks. Only an account or merchant administrator can change settings. For detailed instructions, see the online help
* 
If you add, delete, or modify users in the test system, the changes affect both the test and production systems.
Creating or Modifying a Role
This figure shows the page that you use to create or modify a role. This page is similar to the page that you use to add individual permissions to a user. To streamline your management process, you should create the roles that you will need before creating users.
Adding Users
A sample page appears below. You use this page only to create a user. You need to modify the user to assign permissions or a role.
* 
By using generic names for users instead of user names based on employees’ names, merchants can give the user name, with the associated permissions or role, to any employee.
Modifying Privileges
The figure below shows that in addition to identifying the user and assigning a password, you also assign a role or individual permissions. The dropdown menu always contain the options Administrator and Report Download. The menu also contains any role that you have created and a custom option that you can use to assign specific individual permissions to the user.
 
User Management Report
To see at a glance all the permissions and role granted to users, users with the appropriate permission can download a daily report or use a query to request an on-demand report. The report is available in CSV or XML format. For example, this report in CSV format was run September 14, 2007. The report shows two enabled users:
The first user has a custom role with the permissions to process a payment authorization in the Virtual Terminal.
The second user has the report download role, which enables the user to download reports but not to log into the Business center.
User Listing Report,Version 1.0,2007-09-14
Username,Merchant ID,First Name,Last Name,Email,Date Created,LastAccess,Status,Role, Permissions
infodev_user,infodev,Jane,Doe,,2007-03-29 07:47 GMT,2007-09-21 11:44 GMT,Enabled, Custom,Virtual Terminal Transaction|Payment Authorization
infodev_user_2,infodev,John,Doe,,2007-03-29 07:47 GMT,2007-09-21 08:00 GMT,Enabled, Report Download,Report Download
CyberSource recommends that you immediately save the report on your computer. You can save the report by date if you are a merchant or by merchant ID if you are an administrator. By downloading the report regularly, you can easily keep track of the changes among your users and their permissions. You can obtain this report at any time.
For the complete description of the report in CSV and XML formats, see the Business Center Reporting User’s Guide.