Hi everyone, we appreciate all your feedback on how we could evolve roles for customers using Xero. As you can see through the ideas on the platform, there are a wide range of combinations of permissions our customers want to see us build. As user roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs.
We’re beginning to conduct research on the current landscape and how we might approach some of the most predominant needs in roles for our customers. Front footing this, the discovery of this work will be long winded and there will be multiple phases of research and forms of engagement with users that’ll help shape the path ahead in this space.
We’d like to invite you, our community to be part of this research and discovery. This may involve interviews and sharing further feedback through direct surveys or questionnaires.
✍️ If this is something you’d be interested in taking a part of please fill in our short form here.
Though we won’t be able to invite everyone into every stage, our research team will be in touch with many of you over the coming months.
We will be back to share on the outcomes of our research and any progress around development of roles in Xero.
Hi everyone, we appreciate all your feedback on how we could evolve roles for customers using Xero. As you can see through the ideas on the platform, there are a wide range of combinations of permissions our customers want to see us build. As user roles impact all areas of the product, there are many considerations we must factor in when assessing how to solve for majority of our customers needs.
We’re beginning to conduct research on the current landscape and how we might approach some of the most predominant needs in roles for our customers. Front footing this, the discovery of this work will be long winded and there will be multiple phases of research and forms of engagement with users that’ll help shape the path ahead in this space.
We’d like to invite you, our community to be part of this research and discovery. This may involve interviews…
I am writing to express my serious concern regarding the current permission system implemented in our XERO platform, which I believe poses a significant risk to management processes. The existing system lacks a crucial middle layer of permissions, offering an all-or-nothing approach that is neither secure nor practical.
At present, the permissions are so broadly defined that they allow for only very limited or almost complete access. This lack of granularity means that accountants, among others, can view and even edit almost everything within the system. Such extensive access is not only unnecessary for their role but also represents a substantial security risk that could potentially lead to data breaches, unauthorized transactions, or other forms of misuse.
The absence of a nuanced permission structure does not allow for the balanced distribution of access rights, which is essential for maintaining the integrity and confidentiality of sensitive company information. It is unsettling to know that the current system does not provide the means to effectively control or limit access based on the specific needs and responsibilities of different roles within the organization.
Wendy Xing
supported this idea
·
I am writing to express my serious concern regarding the current permission system implemented in our XERO platform, which I believe poses a significant risk to management processes. The existing system lacks a crucial middle layer of permissions, offering an all-or-nothing approach that is neither secure nor practical.
At present, the permissions are so broadly defined that they allow for only very limited or almost complete access. This lack of granularity means that accountants, among others, can view and even edit almost everything within the system. Such extensive access is not only unnecessary for their role but also represents a substantial security risk that could potentially lead to data breaches, unauthorized transactions, or other forms of misuse.
The absence of a nuanced permission structure does not allow for the balanced distribution of access rights, which is essential for maintaining the integrity and confidentiality of sensitive company information. It is unsettling to know that the current system does not provide the means to effectively control or limit access based on the specific needs and responsibilities of different roles within the organization.