Protect your guild with security best practices. Learn how to manage access, monitor activity, and keep your team and applicant data safe.
Security Overview
Guild security involves protecting both your team's access and your applicants' data. Guildbase provides several features to help you maintain a secure environment.
Role-Based Access
Control who can do what with granular permissions
Audit Logs
Track all actions taken in your guild
Two-Factor Auth
Encourage or require 2FA for team members
Session Management
Control active sessions and devices
Access Control Best Practices
Principle of Least Privilege
Only give team members the permissions they need to do their job. Don't make everyone an Admin just for convenience.
| Role | Typical Use |
|---|---|
| Owner | Only the guild creator — billing, danger zone |
| Admin | Trusted leaders — can manage team and settings |
| Moderator | Review staff — can process applications |
| Viewer | Read-only access — can view but not act |
Pro Tip
Create custom roles for specific needs. A "Template Designer" role might only need template editing permissions, not application access.
Audit Logs
Audit logs record every significant action in your guild. Use them to investigate issues, verify compliance, and maintain accountability.
What's Logged
- Application status changes and who made them
- Team member additions and removals
- Role and permission changes
- Template modifications
- Settings changes
- Integration connections and disconnections
Accessing Audit Logs
- Go to your guild Settings
- Click Audit Log
- Use filters to find specific events
- Click any entry for details
Screenshot: Audit log interface
Two-Factor Authentication
Encourage or require team members to enable two-factor authentication on their accounts. This adds a critical layer of protection.
Requiring 2FA for Team
- Go to Settings → Security
- Enable Require 2FA for team members
- Choose enforcement level (warn or require)
- Team members without 2FA will see a setup prompt
Important
If you enable strict 2FA enforcement, team members without 2FA will be locked out until they set it up. Give advance notice before enabling.
Session Security
Manage active sessions from your account settings:
- View active sessions — See all devices logged into your account
- Revoke sessions — Log out specific devices remotely
- Log out everywhere — Force logout on all devices at once
Handling Security Incidents
If you suspect a security issue:
- Don't panic — Act quickly but deliberately
- Check audit logs — See what actions were taken
- Remove compromised access — Revoke affected user's permissions
- Reset credentials — Change passwords and regenerate API keys
- Review the damage — Check what data may have been accessed
- Document everything — Keep records for reference
Data Protection
Protecting applicant data is crucial:
- Limit data access — Only give application access to those who need it
- Don't share externally — Keep applicant data within your team
- Clean up old data — Archive or delete applications you no longer need
- Be transparent — Tell applicants how their data is used