Recurly’s Read-Only Access: Compliance, Security and Confidence
At Recurly, we take pride in the fact that our application is both intuitive and accessible. But while every user in your organization can have access to your site via the Recurly app, we understand that not every user needs full access. With this in mind, we have made some changes to user management to help your company mitigate security risks and stay compliant with company policies.By providing site administrators with the ability to manage user roles, they’ll be able to determine more precisely who has access to your site and its data and what their access allows them to do. For security purposes, we recommend you only provide as much access as is necessary for the user to complete their job duties. To facilitate this, we provide five distinct permission groups corresponding to the five sections of the application.
The five permission groups are now named to reflect the area of the Recurly application to which you are providing the user with access: Customers, Reports, Configuration & Integrations, Developers and Admin. By naming the roles this way, site administrators have more relevant descriptions for the type of access they are granting.
Finally, administrators have the option for an even more granular level of user control: the addition of Read-Only access to the “Customers” section of the application. With the addition of this role, site administrators can now provide users with the ability to view accounts, invoices, transactions and subscription plan—but without ability to edit, delete or add to any of that content. The only change users with read-only access can make is to add account notes. We are confident this feature will provide your business with an additional level of security and control to meet your compliance and audit requirements.
This addition is the first step in a series of user management enhancements we will be making in the coming months. With these changes to user roles and permissions, we want our merchants to feel confident that they can provide the right level of access to their employees using our application’s user management controls.