# Support User Access By default, Veza employees cannot access customer tenant data. To troubleshoot issues with assistance from the Veza support team, you can create a short-lived support user account with limited teams and roles in your environment. This account expires automatically after a specified duration, ensuring security and compliance with organizational policies. Upon expiration, the support account is automatically disabled and removed from the **Users** page. You can re-enable the account using the **Support User Access** form. After consenting to support access, authorized Veza personnel can log in to your tenant at the URL `https:///api/private/support:login`. ### Enable Veza Support User 1. Log in as an administrator and click the **Administration** cog icon at the bottom of the navigation sidebar. ![Administration in the navigation sidebar.](/files/bFU0HiZYU3W6xsMOOEcB) 2. Click **Support User Access**. ![Support User Access in the Administration section.](/files/Sornx0QErHmEd047EkK2) 3. Assign appropriate team(s) and role(s). Click **Next**. For read-only investigation, assign the **Operator** role for the **Root** team. To enable the support user to make changes to your tenant, assign the **Administrator** role. ![Create support user](/files/Ho1IFsYkWwuKHnW5h3dA) 4. Click **Next** and tick the checkbox to consent to support access for an initial 12 hours. Click **Grant Access to Veza Support** to enable the user. ![Consent and enable the user](/files/OY6QbjUOqzy89Lrd0GLb) Granting access will notify the Veza support team. After access is granted, the page will show the user details and time remaining: ![Extend support user access](/files/gAvR0mqqpKjl4uCWv0Jb) To add time in 24-hour increments, click the **Extend Access** button. Access can be granted for up to one week in this way. ### Manage Support User Account The user should now also be visible in the User Management table. This user will have the **Support** user type, and the Roles/Teams cannot be changed. * Updating Roles/Teams for the support user requires disabling the user and re-granting access with the new Roles/Teams. * Access extension can also be done from the Actions menu in the User Management table, as shown in the screenshot below. ![Managing support user account](/files/GCnUybCjYgqYAGiGM23h) * Any events produced by support user actions are logged with the support user email ```txt by via productsupport@veza.com ``` * See the screenshot below to compare an API key creation Event for a normal user vs. a support user: ![Support user logs](/files/zmQNV1JIkeQdmpLFcyJv) * When support access expires, the user is removed from all associated teams. * When support access expires, any created API keys are deleted. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/administration/administration/users/support-user-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.