Access Control
Principle
Section titled “Principle”Use least-privilege access:
- users get only what they need
- high-impact actions remain restricted
- access is reviewed on a regular schedule
Suggested Role Model
Section titled “Suggested Role Model”- Admin: workspace/company settings, user management.
- Finance: invoice and credit-note operations.
- Operations: dispatch and tracking workflows.
- Viewer: read-only oversight.
High-Risk Access to Limit
Section titled “High-Risk Access to Limit”- configuration and settings changes
- role and user administration
- integration key management
Monthly Access Review Checklist
Section titled “Monthly Access Review Checklist”- remove inactive users
- review privileged roles
- verify team-role alignment
- rotate integration keys as needed
Practical Security Tips
Section titled “Practical Security Tips”- avoid shared accounts
- document approval changes
- revoke access immediately on team exits
Continue with Billing and Usage.