Enter your idea

Auditing standards require us to check the appropriateness of user roles within an organisation over time. We are unable to meet the auditing standard requirements in ISA 315R with the current functionality. Surely this information is logged somewhere in the database, so I would imagine its just a matter of buliding a report to summary and present it.

audit trail for permission changes is so important. This not only to have an audit trail but for privacy and sercurity purposes as well.

Totally agree. A log is essential to know when users are changed. A huge risk to confidentiality. Today I have just discovered an admin team member has magically been set on a much higher user level than I originally set. A huge breach of confidentiality. She has now seen business bank transactions that she should not have eg salary payments to other staff members. Horrified

This is now an Audit item in Ireland. Under ISA315 the auditor needs to see users have been timely removed from the system after a user has left the company.

I understand there is history and notes section to show the user activities and login activities. It would be great if there is a log/report that shows the user permission changes. For example, when the new user is created, and created by whom, what permission is given to new user, what permission change is given to existing user and when the user is deactivated and actioned by whom. etc.

Agree - we had an issue today where all our administrators had their access to the practice's Xero account upgraded from expense submitter only to full advisor access.Obviously this is a huge confidentiality risk and we have no idea how it happened or how to prevent it happening again.

Today we encounter role changed issue, but unable to identify the when and who did it. Am really surprise this product does not have user permissions changed history, pls get this feature up asap...

This is important for our organisation.

Yes. A n important security feature to add.
Esp related to Bank Account Contact admin access.

I can see that a particular (now ex-)user made changes to transactions, but I cannot see when their access was removed, nor can I see what email address they were using to log in - this means that I can't differentiate easily between work done by users with similar, generic names.

The ability to view User Access History is critically important for businesses in relation to system security. To view who made the change to what level of access, and when it occurred.

Critical requirement for IT security audit - to know who did what and when.

definitely needed every user should have their own login

Yes, The more we know who is on a file and can grant access for when they need it the better