Xoxoday Plum enables internal admin users to grant, configure, and revoke merchant access to the gift marketplace through a role-based, centralised access-control workflow.
Approving Merchant Applications
When a merchant submits an application to list offers on the marketplace, an internal admin reviews and approves or rejects the request directly within Xoxoday Plum. This gated approach ensures only vetted partners gain access, keeping catalogue quality consistent for end users across your organisation.Assigning Roles and Permissions
Once a merchant is approved, admins assign granular roles that define exactly what each merchant account can do. Common permissions include offer creation, offer editing, performance reporting, and campaign configuration. A merchant granted offer creation rights, for example, can publish new rewards to the catalogue without accessing financial reporting or admin-level settings — reducing risk and keeping operations clean. This role-based structure aligns naturally with how enterprise HR and procurement systems such as Workday or SAP SuccessFactors manage vendor access: least-privilege by default, with elevation only where operationally justified.Activating and Deactivating Merchant Accounts
Xoxoday Plum supports full lifecycle management of merchant accounts. Admins can activate a newly onboarded merchant to make their offers visible in the marketplace, or deactivate an existing account when a partnership ends or during a compliance review. Deactivation is immediate — the merchant’s offers are removed from the catalogue without requiring a full account deletion, preserving historical transaction data for auditing purposes. This is particularly valuable for organisations operating under compliance frameworks such as ISO 27001 or SOC 2 Type II, where access controls and audit trails for third-party vendors are a formal requirement.Configuring Access-Control Workflows
Beyond individual permissions, Xoxoday Plum lets admins configure the broader workflow governing how merchant access requests are routed, reviewed, and approved. Admins can set up multi-step approval chains, assign reviewer roles to specific team members, and define conditions under which a merchant account escalates for additional sign-off. This makes it straightforward to enforce your organisation’s vendor governance policies at scale without custom development. Learn more: [Xoxoday Plum Help Centre — Gift marketplace](How do admins manage roles and permissions in Xoxoday Plum?
Understand how role-based access control works across admin, manager, and end-user levels in Xoxoday Plum.
How does Xoxoday Plum curate the gift marketplace catalogue?
Learn how offers are reviewed, categorised, and published in the Xoxoday Plum gift marketplace.