User Management

---

• User Management Overview
• User Types
• Company Roles
• Admin Panel User Controls
• App Panel User Controls
• Location Assignment
• Policy-Based Permissions
• Current Limits

User Management Overview

User management is split across the two panels.

Admin panel

The admin panel is shop-scoped and mainly reviews users through company relationships.

App panel

The app panel is company-scoped and is where day-to-day company user management happens.

User Types

The current codebase defines two user types:

• admin
• company

Admin users

• access /admin
• use email and password login
• are typically created during Shopify installation

Company users

• access /app
• use OTP login
• must be assigned to one or more companies

Company Roles

The current role enum defines:

• Requester
• Orderer
• OrdererAdmin
• BudgetAdmin
• CompanyAdmin

These roles are used by resource policies and order workflow actions.

Admin Panel User Controls

Inside the admin panel, user actions are available from a company's related users list.

Current capabilities

• view company users
• impersonate a user
• change a user's stored role

The admin panel is not the primary place for creating and maintaining all company users in bulk.

App Panel User Controls

The Users resource in the app panel is the main user-management screen for a company tenant.

Current list columns

• First Name
• Last Name
• Email
• Role
• Active

Current actions

• Create
• Edit
• Delete
• Force Delete
• Restore

Important behavior

• the create screen checks Shopify for an existing customer email before creating the user
• new users are sent an email verification notification
• the edit screen prevents removing the last CompanyAdmin from a company
• force delete attempts to remove the user from Shopify first

Who can manage users

The current UserPolicy makes the main Users resource effectively a CompanyAdmin tool for write actions:

• any signed-in company user can pass the basic viewAny and view policy checks
• only CompanyAdmin can create users
• only CompanyAdmin can edit users
• only CompanyAdmin can delete, restore, or force delete users

Location Assignment

Location assignment does not happen on the user form itself.

Instead, users are attached from the Location Users relation manager on a location record.

This means the normal sequence is:

1. create the user in Users
2. open the relevant location
3. attach the user from Location Users

Policy-Based Permissions

When read directly from the policy classes, the current permission model is:

• CompanyAdmin: full write access in the Users resource
• BudgetAdmin: no create, edit, delete, restore, or force-delete rights in the main Users resource
• OrdererAdmin, Orderer, and Requester: no write access in the main Users resource

There is also an updateLocationUser helper method in UserPolicy, but the main user-management screens are governed by the resource-level create, update, delete, restore, and force-delete checks above.

Current Limits

The current build does not expose several older documented features, including:

• bulk CSV user import
• invitation status tracking
• SSO or directory sync
• per-user spending-limit fields in the UI
• advanced activity-monitoring dashboards

The implemented user-management experience is centered on:

• company-user creation
• role maintenance
• activation status
• location assignment