Users & Roles (RBAC)
Last Updated: 2025-12-02 10:48 UTC
Personas: Controller / Billing Admin
What you'll learn
- Understand Plixo's role-based access controls.
- Invite team members and manage seat usage.
- Apply least-privilege practices for sensitive actions.
Step-by-step
- Review the roles matrix.
- Navigate to Admin → Users & Roles to see permissions for Admin, Controller, A/R Manager, A/R Operator, Sales, CSM, Legal, Viewer, and Billing Admin roles.
- Use the matrix to confirm which actions (sending, approvals, policy edits) each role can perform.
- Invite or deactivate users.
- Click Invite User, enter their work email, and choose a role. Invites expire after 7 days for security.
- Deactivate access when teammates leave; their historical activity remains in the audit log.
- Manage seat limits.
- The seat tracker shows how many licenses are in use per role. Free up seats by deactivating dormant accounts or contact Plixo to expand capacity.
- Apply least-privilege controls.
- Assign the lowest role needed. For example, give Sales the Viewer role with nudge permissions instead of Operator.
- Use temporary elevated access (e.g., grant Controller for a week) when someone covers vacations and then revert.
Success checks
- Active user list matches your finance and revenue roster.
- Sensitive actions (policy edits, credits) are limited to Controllers and Legal.
- Seat usage stays within contracted limits without blocking new hires.
Common pitfalls
- Sharing accounts. Prohibited for audit reasons--invite individuals instead.
- Leaving former employees active. Set quarterly reminders to review access.
- Granting broad access by default. Start with Viewer and expand only when required.
Related pages
- Next step: Connectors & Data
- Controller Guide
- Audit & Exports