Users & Roles
Manage users within your organization and configure roles and permissions using tenant-scoped RBAC (Role-Based Access Control).Scope: Tenant-scoped; requires org admin permissions
Availability: Not available in SuperAdmin
Availability: Not available in SuperAdmin
Understanding Tenant-Scoped RBAC
Role Scopes
Roles are scoped to different levels:- SYSTEM: Platform-level roles (SuperAdmin only - not in this documentation)
- TENANT: Organization-level roles (this documentation)
- LOCATION: Location-specific roles (this documentation)
Role Hierarchy
Roles follow a hierarchy:- TENANT_PEOPLE: Baseline role (all authenticated users)
- TENANT_USER: Standard user role
- TENANT_MANAGER: Operations manager role
- TENANT_ADMIN: Full tenant administration
Location-Scoped Roles
Roles can be assigned at:- Organization Level: Applies to all locations
- Location Level: Applies only to specific location
Managing Users
Adding Users
- Navigate to Admin → Users & Roles
- Click Add User
- Enter:
- Email: User email address
- Name: User name
- Role: Assign default role
- Locations: Assign to locations (optional)
- Click Send Invitation
User Roles
Users can have multiple roles:- Default Role: Organization-wide default role
- Location Roles: Location-specific roles
- Additional Roles: Additional role assignments
Managing User Access
- Find user in user list
- Click Edit on user
- Update:
- Roles: Add/remove roles
- Locations: Assign to locations
- Status: Activate/deactivate user
- Save changes
Roles and Permissions
Role Templates
Industry packs provide role templates: Healthcare Pack:- WARD_USER
- OR_USER
- PHARMACY_MANAGER
- CENTRAL_STORE_MANAGER
- QUALITY_USER
- STORE_ASSOCIATE
- STORE_MANAGER
- DC_MANAGER
- ANALYST
- QC_USER
- COMPONENT_STORE_USER
- PRODUCTION_MANAGER
- RMA_MANAGER
Creating Custom Roles
- Navigate to Admin → Users & Roles → Roles
- Click Create Role
- Configure:
- Name: Role name
- Description: Role description
- Scope: TENANT or LOCATION
- Permissions: Assign permissions
- Save role
Permission Categories
Permissions are organized by category:- Inventory: View, adjust, cycle count permissions
- Shipments: Create, receive, track shipments
- Forecasting: Create scenarios, apply events
- Planning: View and execute recommendations
- Admin: Organization administration
- Finance: Financial data access
- Trust: Trust and traceability features
Assigning Permissions
- Open role configuration
- Navigate to Permissions tab
- Select permissions to assign:
- Category: Select permission category
- Permissions: Check permissions to assign
- Save permissions
People Directory
Managing People
The People directory manages:- People Records: Person information
- User Links: Links people to user accounts
- Contact Information: Phone, email, address
People vs Users
- People: Person records (can exist without user account)
- Users: User accounts (must link to person)
Role Assignment Patterns
Organization-Wide Roles
Assign roles at organization level:- Applies to all locations
- User has same permissions everywhere
- Simplest pattern
Location-Specific Roles
Assign roles at location level:- Applies only to specific location
- User has different permissions per location
- More granular control
Mixed Roles
Combine organization and location roles:- Default org-wide role
- Additional location-specific roles
- System uses highest permission level
What Success Looks Like
User Management Success
- ✅ All users have appropriate roles
- ✅ Users can access needed features
- ✅ Location-scoped roles properly assigned
- ✅ User access changes take effect immediately
- ✅ User management process documented
Role Configuration Success
- ✅ Roles align with business needs
- ✅ Permissions properly assigned
- ✅ Role hierarchy clear
- ✅ Custom roles documented
- ✅ Role templates used when appropriate
Common Pitfalls
1. Not Understanding Role Scopes
Problem: Assigning SYSTEM roles or not understanding TENANT vs LOCATION scopes. Solution: Understand role scopes:- SYSTEM roles are SuperAdmin only (not available to tenants)
- TENANT roles apply organization-wide
- LOCATION roles apply to specific locations
2. Over-Permissioning Users
Problem: Giving users more permissions than needed. Solution: Follow principle of least privilege:- Assign minimum permissions needed
- Use role hierarchy appropriately
- Review permissions regularly
3. Not Using Location Roles
Problem: Using only organization-wide roles when location roles would be better. Solution: Use location roles when:- Users need different permissions per location
- Location-specific access control needed
- Granular permission control required
4. Not Documenting Custom Roles
Problem: Creating custom roles without documenting purpose and permissions. Solution: Document all custom roles:- Purpose of role
- Permissions assigned
- When to use role
- Who should have role
Troubleshooting
User Can’t Access Features
Symptoms: User has role but can’t access expected features. Possible causes:- Role doesn’t have required permissions
- Location role not assigned for specific location
- Permissions not properly configured
- Role assignment not active
- Check user’s role assignments
- Verify role has required permissions
- Check location-specific role assignments
- Verify role assignment is active
- Review effective permissions
Role Changes Not Taking Effect
Symptoms: Role or permission changes not reflected for user. Possible causes:- Changes not saved
- User session not refreshed
- Cache issue
- Database sync issue
- Verify changes were saved
- Have user log out and back in
- Clear browser cache
- Check database for role assignments
- Contact support if issue persists
Can’t Create Custom Role
Symptoms: Unable to create custom role or assign permissions. Possible causes:- Insufficient permissions
- Role creation not enabled
- System constraint
- Validation error
- Check user has tenant admin permissions
- Verify role creation is enabled
- Review validation errors
- Check system constraints
- Contact support if needed