Role-Based Access Control (RBAC)

RBAC is the first value-add feature of Spreedly’s new Security Suite - with Multi-factor Authentication and Single Sign-on coming later in 2022. Merchants of Record and Merchant Agregators will benefit from aligning certain user roles in an organization to the functions they need to perform on a daily basis.

RBAC enables merchants to limit operational and brand risk including:

  • Security: RBAC improves overall security as it relates to compliance, confidentiality, privacy, and access management to resources and other sensitive data and systems.
  • Selective access: RBAC systems can support users having multiple roles at the same with specific permissions for each role.
  • Security as a function of organizational structure: Allows organizations to impose hierarchies for assigning permissions based on the seniority or topology of organizations.
  • Separation of duties (SoD): Is the concept that no one person has sole control over a task. SoD benefits organizations as cyber-attacks on a single account won’t cause significant harm to systems.
  • Flexibility: Organizations can review and adjust permissions associated with each role periodically.

Roles Overview

Spreedly offers four pre-configured roles starting with an Administrator (Admin) role, which has full access to the organization, and three limited-access roles.

Using RBAC is incredibly simple:

  • All users with access to Spreedly ID initially default to the Admin role until a role change is needed
  • Role changes require that an Admin select the user to modify their role in the user tab in Spreedly ID
  • It is strongly suggested that there be at least two Admins identified within an organization to avoid situations like an unexpected sudden departure, leaving the organization without a functioning Admin
  • New users can easily be added by the Admin, who will select the new user button and add the name and email address of the new user before assigning one, or multiple, new access roles: Admin, Environment Manager, Billing Manager, and/or Analyst
    • All roles, except the Admin, can remove themselves from their assigned role
  • Multiple roles can be assigned to a user in many combinations:
    1. Admin only with full usage access
    2. Billing, Environment & Analyst (does not equal full Admin access)
    3. Billing & Environment
    4. Billing & Analyst
    5. Environment & Analyst

Note:

  • Merchants that pay monthly, or Enterprise level merchants, will not see a Billing Manager role as it is not relevant to their connection with Spreedly
  • Merchants cannot “opt-out” of RBAC
  • RBAC applies only to interactions with Spreedly online — access to the Spreedly API is still controlled by separate API credentials
  • RBAC can be used to limit who can view and create new API credentials, but it cannot be used to limit or revoke existing credentials
  • Spreedly customer success can perform a reset if the primary Admin user access is denied/changed or otherwise unavailable

Available Roles

Role Description
Administrator Admins have access to all Speedly tools including:
  • Invite new users and remove existing users
  • Configure usage permissions for new users
  • Change the organization’s name in id.spreedly.com
  • Turn Account Updater functionality either on or off
  • Access, create, and modify Routing Rules
Environment Manager
Billing Manager Access Chargify and view, edit, and modify billing functionality
  • Access “Upgrade” buttons to migrate a trialist to a paying customer
  • Available to Spreedly customers on trials and Month-to-Month plans, but not customers on contracts
Analyst Allows a User to access Spreedly’s Dashboard and read-only access to Routing Rules. Users with the Analyst role will be able to see a list of environments on Spreedly’s Dashboard, regardless of their other roles. Perfect for a business analyst, for example.

Identifying Existing Users’ Roles

  1. To get started with RBAC, the Admin must click the Users tab, in the main navigation bar, at the top of the page.
  2. On the users page, the Admin will find a list of current Spreedly ID users on the left and a list of their assigned roles on the right side of the screen.
  3. Controls to Remove or Modify a user’s role(s) are located below the current assigned role.
  4. If a user has problems logging in, they can reset their password by visiting id.spreedly.com/signin. On the Users page, you will find a list of all users in your organization. Next to each user you will see a list of their assigned roles. Initially, all users will have the Administrator role. Underneath the list of roles are controls to either remove a user from your organization, or modify their roles.

Changing an Existing User’s Roles

  1. To modify an existing user’s role(s), the Admin must select the blue Modify link associated with the username of the individual whose role should change.
  2. This link navigates the Admin to an Edit User Roles page like the following:
  3. The Admin must select at least one of the sliders to assign a new user to a role(s), then click the Save button in the lower right corner. An error message appears in the top left corner of the screen as a reminder.
  4. Role changes are acknowledged via notification in the top left corner of the screen.

NOTE:

  • The Administrator role includes all additional roles

Configuring Roles When Adding A New User

  1. When adding a new user, an Admin must select the Add User button in the upper right corner of the Users’ tab first.
  2. Add the new user’s email address twice, for format verification, then select the on (blue) or off (gray) slider(s) relevant to the user’s role(s).
  3. The Admin must select at least one of the sliders to assign a new user to a role(s), then click the Add User button in the lower right corner. Multiple roles can be added to one user in varying combinations.
  4. You will receive a confirmation in the top left side of the screen once a new user is successfully added. An email is also sent to confirm the user’s valid email address.

NOTE:

  • The Administrator role cannot be combined with any other role
  • A new user cannot be saved without having at least one role assigned

Removing a User

  1. If a Spreedly ID user needs to be removed for any reason, select the red Remove link listed under the selected role for that user.
  2. The user or Admin will receive a confirmation message before the user is deleted from Spreedly ID.
  3. A final confirmation that the user has been removed from Speedly ID appears in the upper left corner of the screen.

Viewing changes to RBAC settings

  1. To see a complete listing of all changes made to RBAC roles from the users page, Admins can navigate to Activity Log from their team menu.
  2. Admins can then view a timestamped record of any role changes made from the RBAC configuration. That information includes what change was made, who made the change, and who was impacted.
  3. Click the Download CSV button to export the Activity Log, formatted to match the table above.

If you have questions regarding RBAC, please contact Spreedly Support.