Skip to Content
Admin GuideSupport Access

Support Access

Customer-consented support access lets ClubMS support staff (CHANGA.tech) help you investigate issues by acting as a user on your account — but only after you explicitly approve the request.

There is no “break-glass” path. Support cannot enter your account without you typing a one-time code from your email.

How it works

  1. A ClubMS staffer requests access to your tenant, choosing a target user, a duration, and writing a reason.
  2. Every CLUB_ADMIN on your tenant receives an email with a 6-digit approval code.
  3. You review the request at Settings → Support Access and either Approve (entering the code) or Deny.
  4. If you approve, the staffer can start a session. You receive a second email when the session starts.
  5. The staffer’s session is read-only and capped at 60 minutes. You can revoke it at any time.

What support staff can and cannot do

  • ✅ View any page in your tenant (members, events, donations, etc.)
  • ✅ Read settings, audit logs, and configuration
  • ❌ Create, edit, or delete anything (any non-read action returns 403 Forbidden)
  • ❌ Process payments or trigger emails
  • ❌ Access another tenant’s data

Approving a request

  1. Go to Settings → Support Access in your dashboard.
  2. Find the pending request and click Approve.
  3. Enter the 6-digit code from the approval email. The code:
    • Expires after 10 minutes
    • Is single-use (burned once approved)
    • Locks out after 3 wrong attempts (you must ask the staffer to submit a new request)
  4. The request moves to APPROVED. The staffer can now start a session.

Denying a request

Click Deny on the pending request. The staffer is notified and cannot retry without submitting a new request.

Revoking an active session

While a session is ACTIVE, the Revoke button on the Support Access page immediately ends it. The next request from the staffer is rejected with 401 Impersonation session revoked.

History

The Support Access page shows every past request, the staffer’s reason, the closing notes they left when ending the session, and the start/end times.

For a full action-by-action audit, your tenant audit log records every read performed under impersonation. Look for entries marked “Performed by ClubMS support” alongside the staff member’s identifier.

Hard rules built into the system

RuleEnforcement
Customer must approve every sessionNo bypass; code required at approve step
Read-only access onlyEdge middleware blocks every non-GET request
60-minute hard capServer-side ceiling regardless of duration requested
Approval codes hashed at restHMAC-SHA256, never stored plaintext
One open request at a timePer (tenant, staffer) pair
Closing notes required≥10 characters when ending a session
Dual-actor auditEvery action records both the staffer and target user
Lifecycle is append-onlyREQUESTED → APPROVED/DENIED → STARTED → ENDED/REVOKED/EXPIRED
Last updated on