“Why do I have to grant access for every single case?” You may ask. This is the RIO team Credentials (password) management policy. We do this to protect your data.

For all our customers, we wouldn't want to store your production credentials permanently in our system. All the access should be granted per case with an expiry date.

We will only ask for your production login crendentials under the following circumtances:

1. Integration : To integration with RIO Education (Salesforce), we are required to have the login credential of an integration user. The best practice from Salesforce is to use an Integration-only profile with no front-end access. The integration-only profile should also ideally designed to have access to limited objects only.
    
2.  Data Migration : If we need to do a mass update of multiple records in your production on behalf of you, we will require a production user login credentials. These credentials should be removed from our system at the end of the case. If this is a dedicated account for the RIO Education team, you should also deactivate it at the end of this case.
    
3.  Change Deployment : Most deployment can be done via a change set. Once you granted us the login access, we are able to push the changes from sandbox to production. This change set can be deployed by then. If this is a complicated deployment and require tools such as GearSet, we are storing the OAuth credentials in the tool (not clear text).