User Management

Required Permissions: Admin or SuperUser role
Security Level: High
Estimated Time: 12 minutes

The User Management page is where you control who has access to your Booga Enterprise tenant and what they can do. You add and remove users, assign roles, activate or deactivate accounts, manage subscription seats, assign organizations, and fine-tune individual permissions — all from a single table-driven interface at Admin Portal → User Management.

Prerequisites

• Your account holds an Admin or SuperUser role.
• Your tenant has an active subscription so that seat limits and feature availability match what your organization has purchased.

Overview

When you open User Management you see a searchable table of every user in your tenant. Each row surfaces the user's email, name, role, active/inactive status, subscription seat assignments (corporate tenants), organization memberships, and a set of action buttons. The header provides a prominent Add User button and a search field that filters by name, email, or role.

Roles

Booga Enterprise uses four role levels. Each role inherits access from the level below it:

Role	What it can do
Viewer	Read-only access to features the tenant has enabled.
User	Standard access — view, create, and edit resources within assigned features.
Admin	Everything a User can do, plus tenant administration: users, subscriptions, infrastructure, site customization, audit, permissions, and support requests.
SuperUser	Everything an Admin can do, plus platform-wide management: global tenant management, product catalog, scheduler administration, user invitations, and debug tools.

When you add a new user, you choose User, Admin, or Viewer. SuperUser accounts are provisioned at the platform level and cannot be created from the tenant User Management page.

Adding a New User

1. Click Add User in the page header.
2. Enter the user's email address. The system checks whether the email already exists on the platform; if it does, you see a notice and cannot create a duplicate.
3. Fill in the first name and last name (optional but recommended for easy identification).
4. Select a role: User, Admin, or Viewer.
5. Decide whether to Notify user by email — when checked, the new user receives a welcome message with sign-in instructions.
6. Click Add User to confirm.

If the email domain does not match your tenant's domain, a Domain Mismatch Warning dialog appears. You can choose to proceed anyway or cancel.

Important: Each email address can belong to only one tenant. If the email is already associated with another tenant, the add operation is blocked.

Changing a User's Role

1. Locate the user in the table.
2. Click the Edit icon in the Actions column.
3. The behavior depends on your role and the target role:
   • Admin promoting a User to Admin: A promotion request is created and routed for approval. The user is not promoted immediately.
   • SuperUser promoting a User to Admin: The change is applied immediately after confirmation.
   • Demoting an Admin to User or changing a Viewer to User: A confirmation dialog appears and the change takes effect on confirmation.
4. Admins cannot change their own role. If you need your role adjusted, ask another Admin or SuperUser.

Tip: SuperUsers can change any non-SuperUser role directly. Admins must use the promotion request workflow when elevating someone to Admin.

Activating and Deactivating Users

• Deactivate: Click the Block icon on an active user's row and confirm. The user immediately loses access to the platform. If the user holds subscription seats, you are prompted to revoke them first.
• Activate: Click the Activate icon on an inactive user's row and confirm. Access is restored with the user's existing role.

Admins cannot deactivate their own account. SuperUsers can deactivate anyone, including themselves.

Managing Subscription Seats (Corporate Tenants)

Corporate tenants use seat-based subscriptions. When users need access to a subscribed product, you assign them a seat:

1. Click the Manage Subscriptions icon on the user's row (only available for active users on corporate tenants).
2. A dialog shows all tenant subscriptions with their product names, plan tiers, renewal dates, and status.
3. Assign a seat to give the user access or Revoke a seat to free it for someone else.
4. For subscriptions with region-specific resources, you also assign the user's default region and any additional region access they need.

Seat counts are enforced by your subscription plan. If no seats are available, upgrade the plan or revoke an unused seat before assigning a new one.

Managing Organization Memberships

Organizations group users and resources for governance and collaboration. To manage a user's organization memberships:

1. Click the Manage Organizations icon on the user's row (active users only).
2. A hierarchical list shows all organizations in your tenant, each with a checkbox.
3. Check or uncheck organizations to add or remove membership.
4. For each organization the user belongs to, you can toggle Can Manage to grant them management rights within that organization.
5. Set one organization as the user's default with the star icon.
6. Click Save to apply changes.

Managing Individual Permissions

Beyond the role-based defaults, you can grant or remove specific permissions for individual users:

1. Click the Permissions icon on the user's row (active users only).
2. A permission list shows all available permissions with checkboxes. Permissions currently granted are checked.
3. Add or remove permissions as needed and click Save Permissions.
4. If the user has a custom permission override and you want to revert to the role defaults, click Reset to Role Default.

Important: Permission overrides replace the user's entire role-based permission set. If you override permissions, the user gets exactly what you check — not the role defaults plus your additions. Make sure the override includes all permissions the user needs.

Security Considerations

User management actions affect access control, billing, and data security across your tenant. Keep these principles in mind:

• Least privilege: Assign the minimum role and permissions each user needs. Avoid giving Admin access unless the user genuinely administers the tenant.
• Prompt deactivation: When someone leaves your organization, deactivate their account and revoke subscription seats immediately.
• Audit trail: All user management actions — adds, role changes, activations, deactivations, permission changes — are recorded in the audit log accessible via Audit & Compliance.
• Promotion requests: The promotion request workflow exists to prevent unilateral privilege escalation. Admins cannot promote users to Admin directly; the request must be approved by another authorized administrator or SuperUser.

Best Practices

• Review the user list regularly to ensure active accounts match your current team.
• Use the search field to quickly find users by name, email, or role when your tenant has many members.
• On corporate tenants, monitor subscription seat usage so you are not caught short when onboarding new users.
• Assign organization memberships at onboarding time so users immediately have access to the right resources.
• Prefer role-based permissions over individual overrides. Use overrides only for exceptions, and document the reason so future admins understand why the override exists.

Troubleshooting

Cannot add a user — "email already exists" The email is associated with an existing account on the platform. Check whether the user is already in your tenant, or whether they belong to a different tenant. Contact Booga Enterprise support if the email needs to be released.

User not receiving the welcome email Verify the email address is correct. Ask the user to check spam and junk folders. You can re-add the user with the notification checkbox enabled or use the invitation flow instead.

Role change not reflected immediately If you submitted a promotion request, the change requires approval. Check the promotion request status. For other role changes, ask the user to sign out and sign back in — some permission changes require a fresh session.

Subscription seat assignment fails Your plan may have reached its seat limit. Revoke an unused seat or upgrade the plan, then try again.

Cannot deactivate a user Admins cannot deactivate their own account. Ask another Admin or SuperUser to deactivate it. Also, SuperUser accounts can only be deactivated by another SuperUser.

Next Steps

For permission configuration beyond individual users, see Permissions Management. To review actions taken by users and admins, see Audit & Compliance. For subscription plan and billing details, see Subscription Management.

Related Topics

• Admin Portal Introduction
• Admin Portal Overview

---

⏱️ Read time: 12 minutes | 📊 Difficulty: intermediate