Role-Based Access
Give people the access they need, not a bit more.
As your organization grows, so does the number of people who need access to your systems — but not everyone needs access to everything. Meld's access control is designed around a simple principle: every person sees exactly what they need to do their job, and nothing else. No over-provisioning, no guesswork, no risk.
Most organizations we work with have a mix of roles: individual subscribers who just need to manage their own subscriptions, administrators who oversee a department's subscribers, and senior leadership who need the full picture. Meld mirrors this reality with a clear four-tier role structure that maps to how organizations actually work.
At the most basic level, your subscribers can manage their own profiles, subscriptions, and invoices — but they can't see anyone else's data. Administrators get visibility into their own organization's subscribers and can run imports, exports, and reports for their segment. Organization administrators have full access across all organizations within your tenant. And system administrators operate at the platform level.
This hierarchy isn't just about convenience — it's about reducing risk. The principle of least privilege means that even if an account is compromised, the blast radius is limited to what that role could access. A compromised admin account can't export the entire organization's data. A compromised subscriber account can't see other subscribers.
Even if an account is compromised, the blast radius is limited to what that role could access.
Role-Based Access
For organizations with stricter security requirements, Meld supports IP allowlists that restrict admin access to specific network ranges. If your policy requires that administrative actions can only happen from the office network, Meld enforces that at the platform level — not just as a guideline, but as a hard constraint.
We also recognize that support teams sometimes need to see what a subscriber sees in order to help them. Meld handles this with a formal impersonation feature: administrators can view the system as a specific subscriber without needing their credentials. Every impersonation session is fully logged — who did it, who they impersonated, when it started, when it ended. Your compliance team has a complete record.
The result is a system where you can confidently delegate access without worrying about what might go wrong. Your admins can do their jobs independently, your subscribers can self-serve, and you maintain full control and visibility at the organizational level.