Restrict Unauthorized Changes

Published 10/5/23

We’ve enhanced roles and permissions functionality with a new permission in the Biller Portal: edit email address and username. Permission 39 gives greater control over Customer Service Representative (CSR) actions and helps prevent unauthorized changes to customer profiles.

To review this enhancement:

click the gear icon and navigate to the User Management page in the Biller Portal
select the Manage Permissions icon 🔒
expand the Data Management section to find permission 39 – “Edit Email Address and Username”. (Please note, Permission 39 will automatically be checked for all users.)

Biller Portal Administrators will be able to choose which users have access to this permission. Authorized users, with Permission 39 checked, will be able to edit payer email/ usernames. Any attempted change to the email/username field by an unauthorized user (those without Permission 39 checked) in a customer profile will trigger a tooltip message.

Please note that the “Remove Email Address” action is controlled by a separate permission 34 – “Remove Email Address”. For billers utilizing username authentication instead of requiring an email address, we will be adding a new “Remove Username” permission soon.

Why might a biller need to make this change?

Here are a few examples:

To prevent CSRs from changing an email address without permission.
To ensure that customer email addresses always match the email addresses in their billing software.

Need help to make this change? Please submit a case in Support Central – or email helpdesk@invoicecloud.com