The following table depicts the security roles and their corresponding access levels.
In general, the following guidelines apply:
The "Staff" role corresponds with typical CSR activity by an accounting clerk
The "Supervisor" role is a level above the Staff in that they can issue refunds and credits, suspend orders, edit usage activity data (for metered billing purposes) and most importantly, access reports. They cannot edit Plans and Charges.
The "Billing Administrator" role can change billing plans and also change all system configurations.
The "Web Service Programmatic (API) Access" role is only allowed API access and cannot log into the system. As an alternative, OAuth2 access is available for API access as well.
Note that the "restrict logins by IP" settings may be used to limit access from specific locations. This feature may be enabled either on a per-user basis or on an organization wide level.