About User Privilege Levels

When your PayPal Manager account is first created, a single user is associated with the account. The user’s initial name is the same as your merchant name. The user is granted all account privileges. This privilege level (called ADMIN) can do everything that a merchant can and includes the following privileges:

Updating company contact information
Running any type of transaction from Payflow or PayPal Manager
Managing merchant users
Adding new users
Making changes to any users’ privilege and password settings

The administrator cannot, however, update a merchant’s merchant and processor information after the merchant has gone active. To have this information changed, the administrator must contact PayPal Customer Service.

Privilege Levels

You can use users’ privilege levels to control who can perform which activities using your PayPal Manager account.

For example, to maintain a separation of duties, the administrator user might assign READ_ONLY privileges (essentially, the ability to view data, but not to change settings or perform transactions) to one user and FULL_TRANSACTIONS privileges (view all account information, perform all transactions types) to another. The LIMITED_TRANSACTIONS privilege level enables the administrator to reduce exposure to error or fraud by controlling access to sensitive credit operations.

Privilege Level	Description
ADMIN	Edit/View merchant account information (company details, contact information, and so on). Run all transaction types. Run Payflow transactions. Change Recurring Billing and Fraud Protection Filters settings. Manage other user account settings. Assign a privilege level to each user.
ADMIN_TRANSACTIONS	User has all ADMIN privileges mentioned above, except user management such as adding or removing users on the account, managing user account settings, or assigning privilege levels to users.
API_FULL_TRANSACTIONS	Users created with this role cannot login to PayPal Manager. They can only run transactions through APIs. Run all transaction types. Run Payflow transactions. Not allowed to login to PayPal Manager Password will never expire automatically In summary, API_FULL_TRANSACTIONS users can run all transactions through APIs. We recommend that you use API_FULL_TRANSACTIONS roles for API integrations that need to run all transaction types.
API_LIMITED_TRANSACTIONS	Users created with this role cannot login to PayPal Manager. They can only run transactions through APIs. Run only non-credit transaction types Run only non-credit Payflow transactions Not allowed to login to PayPal Manager Password will never expire automatically In summary, API_FULL_TRANSACTIONS users can run all transactions through APIs. We recommend that you use API_LIMITED_TRANSACTIONS role for API integrations that need to run non-credit transactions only.
FULL_TRANSACTIONS	View merchant account information. Run all transaction types. Run Payflow transactions. In summary, FULL_TRANSACTIONS users can do much of what an administrator user can, with restrictions on maintaining other user information or updating company contact information. However, they cannot change the Fraud Filters or Fraud Status. Also, they cannot change the status of the transaction when it is in review (meaning if the status is in review, they cannot accept or reject the transaction). Only the ADMIN can perform this task.
LIMITED_TRANSACTIONS	View merchant account information. Run only non-credit transaction types. Run only non-credit Payflow transactions. In summary, LIMITED_TRANSACTIONS users can do everything a FULL_TRANSACTIONS user can do, except run credit transactions.
READ_ONLY	Modify only own user contact information/password. Cannot run Payflow transactions. In summary, READ_ONLY users cannot modify anything other than their own personal information. These users (like all other system users) can use PayPal Manager to query merchant account information and run reports on transactions.