Merchant / institution roles
| Role | Cases & monitor | Protection & rules | API keys | Invite team |
|---|---|---|---|---|
| Admin | Full | Full | Create / revoke | Yes |
| Analyst | Full | Edit (policy-dependent) | View | Usually no |
| Viewer | Read-only | Read-only | No | No |
Viewer (read-only)
Viewers can:- Open Panel, Monitor, and case lists assigned to the org
- Export or review activity for audits
- Invite users or change team membership
- Create API keys or edit protection rules
- Mutate cases (status changes return forbidden)
API key permissions (technical)
Separate from human roles, each key carries scopes:| Key type | Prefix | Typical scopes |
|---|---|---|
| Checkout (browser) | clm_pub_ | assess |
| Server (backend) | clm_sk_ | assess, fraud report, merchant APIs |
| Event ingest | clm_wh_ | webhook ingest only |
clm_sk_ in mobile or browser code.
Enterprise operators (Clausum-managed)
Organizations serviced by Clausum operations may also use internal operator profiles to manage multiple merchants. Those capabilities are not self-serve in public documentation:- Client provisioning and cross-tenant administration are assigned by Clausum support
- If you need multi-merchant oversight, contact your account team
Separation of duties
Recommended practices:- Payments engineering holds server keys
- Fraud / risk owns blocklists and rules
- Compliance owns expedientes submission
- Read-only viewers for audit and finance review
Team & invitations
Invite flow step-by-step.
Authentication
Keys vs dashboard session.