Skip to content
← For small businesses

Enter your idea

For small businesses: Settings & user roles

Categories

(thinking…)

User Permissions - History recorded of role changes and ability to add description

There is currently no record of changes to User registrations in the xero file. This is a failure of audit processes.
A description for each user would be handy to identify the role of each person within the Organisation.
A start and End date would allow for Temporary access arrangements.

38 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Andrew Syme shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Nathan Cipperly commented  ·   ·  Report

    Auditing standards require us to check the appropriateness of user roles within an organisation over time. We are unable to meet the auditing standard requirements in ISA 315R with the current functionality. Surely this information is logged somewhere in the database, so I would imagine its just a matter of buliding a report to summary and present it.

  • Bridgitte Harley commented  ·   ·  Report

    Totally agree. A log is essential to know when users are changed. A huge risk to confidentiality. Today I have just discovered an admin team member has magically been set on a much higher user level than I originally set. A huge breach of confidentiality. She has now seen business bank transactions that she should not have eg salary payments to other staff members. Horrified

  • BB&S Admin commented  ·   ·  Report

    Agree - we had an issue today where all our administrators had their access to the practice's Xero account upgraded from expense submitter only to full advisor access.Obviously this is a huge confidentiality risk and we have no idea how it happened or how to prevent it happening again.

  • SHYANG WEI EDWIN NG commented  ·   ·  Report

    Today we encounter role changed issue, but unable to identify the when and who did it. Am really surprise this product does not have user permissions changed history, pls get this feature up asap...

  • Kim Fay commented  ·   ·  Report

    Yes. A n important security feature to add.
    Esp related to Bank Account Contact admin access.

  • Freya Pieroz commented  ·   ·  Report

    I can see that a particular (now ex-)user made changes to transactions, but I cannot see when their access was removed, nor can I see what email address they were using to log in - this means that I can't differentiate easily between work done by users with similar, generic names.

  • Ashley Garrone commented  ·   ·  Report

    The ability to view User Access History is critically important for businesses in relation to system security. To view who made the change to what level of access, and when it occurred.

  • Emma Bonete commented  ·   ·  Report

    Critical requirement for IT security audit - to know who did what and when.

  • Jo Threlfo commented  ·   ·  Report

    definitely needed every user should have their own login

  • Nicole Lothian commented  ·   ·  Report

    Yes, The more we know who is on a file and can grant access for when they need it the better