User Management

User Management Overview

Budgeting Pro features two distinct user management systems designed for different administrative levels:

Super Admin User Management

Scope: System-wide user oversight across all shops and companies
Access: Available through the Admin Dashboard (/admin)
Users: Shop owners and super administrators
Capabilities:
- Manage both Admin and Company user types
- User impersonation for support purposes
- Cross-company user analytics and reporting
- System-wide security and access control

For detailed information, see: Admin Dashboard - Super Admin User Management

Company User Management

Scope: Team management within individual companies
Access: Available through the Company Dashboard (/app)
Users: CompanyAdmin and BudgetAdmin roles
Capabilities:
- Invite and manage company team members
- Assign users to specific locations
- Set role-based permissions and spending limits
- Location-based access control

For detailed information, see: Company Dashboard - Company User Management

This Guide's Focus

This guide provides comprehensive information about general user management concepts, security, and best practices that apply to both systems. For specific dashboard features and workflows, refer to the respective dashboard guides linked above.

User Roles and Permissions

User Types

Before discussing roles, it's important to understand that Budgeting Pro has two fundamental user types:

Admin Users (UserType::Admin)

Shop owners and system administrators
Access to Admin Panel (/admin) only
System-wide oversight capabilities
Cannot access Company Panel (/app)
Manage multiple shops and companies

Company Users (UserType::Company)

Business users within companies
Access to Company Panel (/app) only
Restricted to assigned companies and locations
Cannot access Admin Panel (/admin)
Subject to role-based permissions

Available User Roles

The following roles apply to Company Users within the company panel:

CompanyAdmin

Full company management rights
Manage all company users and settings
Access to all locations and budgets
Can assign roles to other users
Full reporting and analytics access

BudgetAdmin

Budget management and oversight capabilities
Can manage budgets across locations
Can approve budget-related requests
Access to financial reports and analytics
Can manage users within budget scope

OrdererAdmin

Advanced order management and approval rights
Can approve orders within authority limits
Manage order workflows and processes
Access to order analytics and reports
Can guide and support other orderers

Orderer

Standard order creation and management
Can place orders within budget limits
Submit orders for approval when needed
Access to order history and status
Basic reporting access for own activities

Requester

Basic order requesting capabilities
Can create order requests for approval
Limited to viewing own order history
Basic access to budget status information
Cannot approve orders or manage budgets

Viewer

Read-only access to assigned locations
View orders and budget status
Access reports (no editing capabilities)
Monitor spending and approvals
No order creation or approval rights

Permission Matrix

Admin Users (System Level)	Feature	Super Admin (Admin User Type)
Access Admin Panel	✅
Access Company Panel	❌
Manage All Shops	✅
User Impersonation	✅
System Configuration	✅

Company Users (Company Level)	Feature	CompanyAdmin	BudgetAdmin	OrdererAdmin	Orderer
Create Locations	✅	❌	❌	❌	❌
Manage Budgets	✅	✅	❌	❌	❌
Invite Users	✅	✅*	❌	❌	❌
Approve Orders	✅	✅*	✅*	❌	❌
Place Orders	✅	✅	✅	✅	✅**
View Reports	✅	✅*	✅*	✅***	✅***
Manage Users	✅	✅*	❌	❌	❌

Limited scope based on role
Request only
Own data only

Inviting Users

Sending Invitations

Navigate to Users → Invite User
Enter the user's email address
Select appropriate role and permissions
Assign to relevant locations
Set spending limits (if applicable)
Click Send Invitation

Invitation Email Content

Users receive an email containing:

Welcome message and company information
Link to create their account
Temporary access instructions
Getting started guide
Support contact information

Bulk User Invitations

For multiple users:

Use Bulk Invite feature
Upload CSV file with user information
Map columns to required fields
Review and confirm invitations
Monitor invitation status

Invitation Management

Track invitation status (sent, accepted, expired)
Resend invitations if needed
Cancel pending invitations
Set invitation expiration times

Managing User Accounts

User Profile Management

Personal Information:

Name and contact details
Job title and department
Profile picture
Notification preferences
Language and timezone settings

Account Settings:

Email address (username)
Password requirements
Two-factor authentication
Session timeout settings
API access tokens (if applicable)

Account Status Management

Active Users:

Full access according to their role
Can log in and use all assigned features
Receive notifications and updates

Suspended Users:

Temporarily restricted access
Cannot log in or perform actions
Existing orders remain visible
Can be reactivated by administrators

Deactivated Users:

Permanently disabled accounts
No system access
Historical data retained for auditing
Cannot be reactivated (new account required)

User Account Actions

Edit Profile: Update user information
Change Role: Modify user permissions
Reset Password: Force password reset
Suspend Account: Temporarily disable access
Deactivate Account: Permanently disable user
View Activity: Check user action history

Location Assignments

Assigning Users to Locations

Users can be assigned to one or multiple locations with different permission levels:

Single Location Assignment:

User has access to one specific location
Simplest permission structure
Clear budget and approval boundaries
Easy to manage and understand

Multiple Location Assignment:

User can access several locations
Different roles possible per location
Flexible for multi-department users
Requires careful permission management

Permission Levels per Location

For each location assignment, define:

Role Level: What the user can do
Budget Access: View/edit budget information
Approval Authority: Order approval limits
Reporting Access: Available reports and data
Administrative Rights: User management capabilities

Location-Specific Settings

Spending Limits:

Set per-location spending limits for users
Define approval thresholds
Configure emergency override permissions

Product Access:

Restrict access to certain product categories
Define allowed vendors or suppliers
Set quantity limits for specific items

Permission Management

Granular Permissions

Beyond basic roles, set specific permissions for:

Budget Operations:

View budget status
Edit budget allocations
Approve budget adjustments
Create budget reports

Order Management:

Create orders
Edit pending orders
Approve orders (within limits)
Cancel or modify approved orders

User Administration:

Invite new users
Edit user profiles
Manage user permissions
Deactivate accounts

Reporting and Analytics:

View standard reports
Create custom reports
Export data
Access analytics dashboard

Permission Inheritance

Permissions can be inherited from role assignments
Location-specific permissions override global settings
Administrative permissions cascade to lower levels
Emergency permissions for critical situations

Temporary Permissions

Grant temporary elevated permissions for:

Holiday coverage
Project-specific needs
Emergency situations
Training purposes

User Onboarding

New User Setup Process

Invitation Sent: User receives invitation email
Account Creation: User creates password and profile
Guided Tour: Introduction to the system
Permission Review: Understanding their access level
First Actions: Completing initial tasks
Support Access: Connecting with help resources

Onboarding Checklist

Ensure new users complete:

[ ] Profile setup with accurate information
[ ] Understanding of their role and permissions
[ ] Familiarity with location assignments
[ ] Knowledge of budget constraints
[ ] Training on order approval process
[ ] Contact information for support

Training Resources

Provide users with:

Video Tutorials: Step-by-step guidance
Documentation: Written guides and FAQs
Live Training: Scheduled training sessions
Practice Environment: Safe space to learn
Mentor Assignment: Experienced user support

Progress Tracking

Monitor new user progress:

Track completion of onboarding steps
Monitor early system usage
Identify users who need additional help
Measure time to productivity
Gather feedback on onboarding experience

Security and Access Control

Authentication Methods

Standard Authentication:

Email and password combination
Strong password requirements
Regular password updates
Password complexity rules

Two-Factor Authentication (2FA):

Additional security layer
SMS or app-based verification
Required for sensitive roles
Backup codes for recovery

Single Sign-On (SSO):

Integration with company identity systems
Simplified user experience
Enhanced security controls
Centralized user management

Access Control Measures

IP Restrictions:

Limit access to specific IP ranges
Restrict access to office locations
VPN requirements for remote access
Geo-location restrictions

Session Management:

Automatic session timeout
Concurrent session limits
Device registration requirements
Session activity monitoring

API Access:

Token-based authentication
Limited scope permissions
Usage monitoring and limits
Regular token rotation

Security Policies

Password Policies:

Minimum length requirements
Character complexity rules
Regular update schedules
Prevention of password reuse

Account Lockout:

Failed login attempt limits
Automatic account suspension
Administrator notification
Unlock procedures

User Activity Monitoring

Activity Tracking

Monitor user activities including:

Login Activity: Login times, locations, devices
Order Actions: Orders created, modified, approved
Budget Activities: Budget views, modifications
Administrative Actions: User management, settings changes
Report Access: Reports viewed, exported, shared

Audit Logs

Comprehensive audit trails showing:

User Actions: What was done and when
Data Changes: Before and after values
Permission Changes: Role and access modifications
System Events: Login, logout, errors
Integration Activities: Shopify synchronization events

Monitoring Reports

Regular reports on:

User Engagement: Activity levels and patterns
Security Events: Failed logins, suspicious activities
Performance Metrics: User productivity and efficiency
Compliance Status: Adherence to policies and procedures

Alerts and Notifications

Set up alerts for:

Unusual activity patterns
Failed security events
Policy violations
High-value transactions
System access issues

Best Practices

User Management Best Practices

Principle of Least Privilege: Grant minimum necessary permissions
Regular Access Reviews: Periodically review and update user permissions
Proper Onboarding: Ensure thorough training for all new users
Clear Documentation: Maintain up-to-date role descriptions
Security Awareness: Regular security training and updates

Organizational Tips

Role Standardization: Create consistent role definitions
Permission Templates: Use templates for common permission sets
Delegation Procedures: Clear procedures for temporary permission elevation
Deprovisioning Process: Proper procedures for user departure
Regular Audits: Periodic reviews of user access and permissions

Troubleshooting

Common User Management Issues

User Cannot Login:

Verify account is active
Check password reset requirements
Confirm email address spelling
Review IP restrictions and security policies

Permission Errors:

Verify role assignments
Check location-specific permissions
Confirm budget access rights
Review recent permission changes

Invitation Problems:

Check email delivery status
Verify email address accuracy
Confirm invitation hasn't expired
Review spam/junk folder instructions

Getting Help

For user management issues:

Use the admin help center
Contact support with specific user details
Schedule training sessions for complex scenarios
Access video tutorials for common tasks

Get Started

Dashboard Guides

Management Guides

Support