User Management

This guide covers how to manage user access, assign roles, and handle user lifecycle events in your Workspace Platform workspace using the RBAC system.

Overview

User management in Workspace Platform revolves around:

Adding users to your workspace
Assigning appropriate roles based on their job function
Managing access changes as users' responsibilities evolve
Removing access when users leave or change roles

Accessing User Management

Navigate to Settings
- Click your workspace name in the top navigation
- Select "Settings" from the dropdown
Go to User Assignments
- Click "Roles & Permissions" in the settings sidebar
- Select the "User Assignments" tab

Here you'll see all users in your workspace and their current role assignments.

Adding New Users

Inviting Users to Your Workspace

Click "Invite Users"
- Look for the "Invite Users" button in the User Assignments tab
- Or find it in the main workspace settings
Enter User Information
- Email addresses: Enter one or more email addresses
- Invitation message: Add a welcome message (optional)
- Default roles: Pre-assign roles for new users
Set Initial Access
- Choose starter roles based on their expected job function
- You can always modify roles after they accept the invitation
- Consider starting conservative and adding permissions as needed
Send Invitations
- Review the invitation details
- Click "Send Invitations"
- Users receive email invitations with account setup instructions

Bulk User Invitation

For larger teams:

Use CSV Import (if available)
- Download the CSV template
- Fill in user details and desired roles
- Upload the completed file
Multiple Email Entry
- Enter multiple email addresses separated by commas
- Assign the same default roles to all invitees
- Customize individual access after they join

Assigning Roles to Users

Individual Role Assignment

Find the User
- Browse the user list or use the search function
- Click on the user's name or use "Manage Roles"
Select Roles
- Check boxes for roles you want to assign
- Users can have multiple roles simultaneously
- Consider role combinations that make sense together
Set Expiration (Optional)
- Add expiration dates for temporary access
- Useful for contractors, interns, or project-specific access
- System automatically revokes expired roles
Apply Changes
- Click "Update User Roles"
- Changes take effect immediately
- User is notified of role changes

Multiple Role Assignment Patterns

Common Combinations

New Developer: Project Developer + Team Member
Team Lead: Team Lead + Project Admin + Team Member
Manager: Workspace Manager + Team Lead + Project Admin
Contractor: Project Developer + time-limited access

Avoid These Combinations

Conflicting levels: Don't assign both Workspace Admin and Project Viewer
Redundant roles: Workspace Admin already includes most other permissions
Temporary + Permanent: Don't mix roles with and without expiration dates

Bulk Role Assignment

For managing many users at once:

Select Multiple Users
- Use checkboxes to select users with similar needs
- Or select by filters (department, join date, current roles)
Choose Bulk Action
- Click "Bulk Actions" button
- Select "Assign Roles" or "Remove Roles"
Select Roles
- Choose roles to assign to all selected users
- Set expiration dates if appropriate
- Review the impact before confirming
Apply to All Selected
- Double-check your selections
- Click "Apply to Selected Users"
- All selected users receive the same role changes

Managing User Access Changes

Role Updates for Promotions

When users get promoted or change responsibilities:

Review Current Access
- Check what roles and permissions they currently have
- Identify what access they need in their new position
Plan the Transition
- Add new roles for expanded responsibilities
- Keep overlapping roles that still apply
- Remove outdated roles that no longer fit
Implement Changes Gradually
- Add new access first (so they can start new responsibilities)
- Remove old access after transition period
- Monitor to ensure they have everything needed

Project-Based Access Changes

For users moving between projects:

Project Assignment Changes
- Add Project Developer role for new projects
- Keep or remove access to previous projects based on ongoing needs
Team Membership Updates
- Add to new project teams
- Remove from teams they're no longer active in
- Update Team Lead assignments if applicable

Temporary Access Management

For special projects or temporary needs:

Use Time-Limited Roles
- Set clear expiration dates
- Document why temporary access was granted
- Plan for access review before expiration
Create Project-Specific Roles
- Design roles for specific temporary needs
- Example: "Q4 Campaign Access" with 3-month expiration
- Delete role after project completion

Team-Based User Management

Adding Users to Teams

Navigate to Teams
- Go to your workspace dashboard
- Click "Teams" in the sidebar
Select Target Team
- Choose the team to add users to
- Go to the "Members" tab
Add Team Members
- Click "Add Members"
- Select from existing workspace users
- Or invite new users directly to the team
Assign Team Roles
- Set team-specific roles (Team Lead, Team Member)
- Team roles work alongside workspace and project roles

Team Permission Inheritance

Understanding how team membership affects access:

Team roles apply to all team members
Team-level permissions cascade down
Project teams can have different permission sets
Users inherit from all teams they belong to

Removing User Access

Temporary Access Suspension

For users who need temporary access removal:

Disable Instead of Delete
- Remove all roles but keep the user account
- Preserves audit history and previous work attribution
- Easy to restore access when needed
Document Suspension
- Note reason for access removal
- Set reminder for access review
- Communicate with affected teams

Permanent User Removal

When users leave the organization:

Access Removal Process
- Remove all role assignments immediately
- Remove from all teams
- Transfer ownership of critical resources
Resource Ownership Transfer
- Projects: Transfer ownership to new project lead
- Workflows: Assign new maintainer
- Bots: Update ownership and access keys
- Teams: Assign new team lead if necessary
Account Deactivation
- Deactivate the user account
- Preserve account for audit purposes
- Consider legal requirements for data retention

Exit Checklist

Remove all role assignments
Remove from all teams
Transfer ownership of projects/workflows/bots
Update team leadership if user was a team lead
Review and transfer any direct permissions
Document access removal with date and reason
Notify affected teams of ownership changes
Deactivate user account

User Self-Service Features

Permission Requests

Allow users to request additional access:

Enable Self-Service Requests
- Configure which permissions users can request
- Set up approval workflows
- Define who can approve different types of requests
Request Management
- Users submit requests through the interface
- Approvers get notifications
- Automatic role assignment upon approval

Profile Management

Users can manage some aspects of their own access:

View Current Permissions
- Users can see their current roles and permissions
- Understand what they can and cannot do
- See expiration dates on temporary access
Team Membership
- View team memberships
- Request to join additional teams
- Leave teams they no longer need access to

Monitoring and Auditing User Access

Regular Access Reviews

Establish regular review cycles:

Monthly Reviews
- Check new user role assignments
- Review temporary access expiration dates
- Remove unused accounts
Quarterly Audits
- Full review of all user permissions
- Check for role creep (users accumulating too many permissions)
- Verify access matches current job responsibilities
Annual Assessments
- Complete overhaul of permission structure
- Review and update role definitions
- Assess effectiveness of current access patterns

Access Reporting

Generate reports to understand access patterns:

User Access Reports
- Who has access to what resources
- Permission distribution across the organization
- Identification of over-privileged users
Role Usage Reports
- Which roles are most commonly assigned
- Unused or rarely-used roles
- Effectiveness of role design
Team Access Reports
- Team permission patterns
- Cross-team access patterns
- Team membership overlap

Troubleshooting User Access Issues

User Can't Log In

Check Account Status
- Verify user account is active
- Confirm they've completed account setup
- Check for any account locks or suspensions
Invitation Issues
- Resend invitation if it expired
- Check if invitation email went to spam
- Verify email address is correct

User Missing Expected Permissions

Verify Role Assignments
- Check user's current roles in User Assignments
- Confirm roles contain expected permissions
- Look for expired role assignments
Check Team Membership
- Verify user is member of required teams
- Check team-level permissions
- Confirm team roles are assigned
Review Permission Inheritance
- Check if permissions should come from workspace level
- Verify project-level access
- Review visibility settings on resources

Permission Changes Not Taking Effect

Browser Issues
- Ask user to refresh the page
- Clear browser cache
- Try logging out and back in
System Propagation
- Allow a few minutes for changes to propagate
- Check if there are any system maintenance issues
- Verify changes were saved correctly

Advanced User Management

Automated User Provisioning

For larger organizations:

Directory Integration
- Connect with Active Directory or other identity providers
- Automatically sync user accounts and basic information
- Map AD groups to Workspace platform roles
Role Automation Rules
- Assign roles based on user attributes (department, job title)
- Automatic role updates when user information changes
- Bulk role assignments for new employee onboarding

Compliance and Security

Access Certification
- Regular formal reviews of user access
- Manager approval for subordinate access
- Documentation for compliance audits
Segregation of Duties
- Ensure no single user has conflicting roles
- Implement approval workflows for sensitive operations
- Regular monitoring for compliance violations

Next Steps: Explore common scenarios to see how these user management principles apply in real-world situations, or check troubleshooting for solutions to specific issues.

Overview​

Accessing User Management​

Adding New Users​

Inviting Users to Your Workspace​

Bulk User Invitation​

Assigning Roles to Users​

Individual Role Assignment​

Multiple Role Assignment Patterns​

Common Combinations​

Avoid These Combinations​

Bulk Role Assignment​

Managing User Access Changes​

Role Updates for Promotions​

Project-Based Access Changes​

Temporary Access Management​

Team-Based User Management​

Adding Users to Teams​

Team Permission Inheritance​

Removing User Access​

Temporary Access Suspension​

Permanent User Removal​

Exit Checklist​

User Self-Service Features​

Permission Requests​

Profile Management​

Monitoring and Auditing User Access​

Regular Access Reviews​

Access Reporting​

Troubleshooting User Access Issues​

User Can't Log In​

User Missing Expected Permissions​

Permission Changes Not Taking Effect​

Advanced User Management​

Automated User Provisioning​

Compliance and Security​