I feel like the optimal solution would be in a new table specific to the task. I would extend the purchase data import schema to allow for codes to be imported from reseller data, as well as provide a simple, straightforward UI approach. It occurs to me that there should be administrator permissions that protect the data, with options for read-write, read-only, and a default of no-access.
Not sure how to handle reporting if that is to be provided, as that would require a degree of permissions granularity (single table or domain subset) that is not currently supported. Might be best to not support reporting in this area and leave access to the UI.