Managing Roles
Roles determine exactly what a user can see and do in Agatabo. You can add or remove roles at any time, and changes take effect immediately — there is no delay or approval step.Permission required: Managing roles requires the
organization_user_roles:assign permission. This is separate from the organization_users:write permission that allows you to invite users.Adding a Role
Open the user's profile
Go to Organization Users and click the user’s name to open their detail page.
Navigate to the Roles tab
Click the Roles tab on the user’s profile, or click the Manage Roles button if it is displayed.
Select the role
Choose the role you want to add — for example, Member, Treasurer, or any custom role your organization has created.
Set the assignment date (optional)
If needed, backdate the assignment to reflect when the person actually took on this role.
Removing a Role
Deactivating and Reactivating Accounts
Deactivation is the correct way to remove someone’s access when they leave your organization but have financial history that must be preserved. A deactivated user cannot access any part of your organization in Agatabo, but all of their data — savings history, loans, dividends — remains intact and appears correctly in historical reports.Deactivation vs. Deletion
| Deactivation | Deletion | |
|---|---|---|
| When to use | User has any financial history (deposits, loans, entry fee, dividends) | User was created by mistake and has zero financial activity |
| Reversible? | ✅ Yes — reactivate at any time | ❌ No — permanent and irreversible |
| Data preserved? | ✅ Yes — all history retained | ❌ No — all data removed |
| Appears in historical reports? | ✅ Yes | ❌ No |
| User can log in? | ✅ Yes (but cannot access organization) | N/A (account no longer exists) |
| Requires removing roles first? | ✅ Yes | ✅ Yes |
Deactivation Flow
Remove all assigned roles
Go to the user’s Roles tab and remove every role currently assigned. The system requires zero active roles before deactivation is permitted.
Click 'Deactivate Account'
Find the Deactivate Account option in the Account Actions section and click it.
- ✅ All historical data is preserved (savings, loans, dividends, entry fees)
- ✅ The user appears correctly in all historical period reports
- ✅ The account can be reactivated at any time with no data loss
- ❌ The user cannot access any organization features or data
Reactivating an Account
Find the deactivated user
In Organization Users, locate the user (filter by Inactive status if available) and click their name.
Deleting Users
Deletion is reserved for accounts created by mistake — where the person has never made a deposit, taken a loan, paid an entry fee, or received a dividend. Once any financial transaction exists, deletion is blocked and you must deactivate the user instead.When You Can Delete
- The user was invited but never activated their account
- The user activated their account but has no financial transactions of any kind
- No entry fee has been recorded for the user
- No dividend has been distributed to the user
- The account is clearly a duplicate created in error
When You Cannot Delete
- The user has any savings deposits or withdrawals
- The user has any loan records (active, closed, or defaulted)
- An entry fee has been recorded for the user
- The user has received any dividend distribution
- The user has any other financial transaction of any kind
Deletion Flow
Verify the user has no financial history
Open the user’s profile and confirm that the Savings, Loans, Entry Fee, and Dividends sections are all empty.
Click 'Delete User'
The Delete User option appears in Account Actions only when no financial history exists. Click it.
Resending Expired Invitations
If a user’s activation link has expired (links are valid for 72 hours) or they never received the original invitation, you can generate a fresh one at any time.Click 'Resend Invitation'
Agatabo automatically revokes any existing pending invitations for this user and generates a new activation link with a fresh 72-hour expiry window.
Once a user has accepted their invitation and activated their account, the Resend Invitation option disappears. If they forget their password, direct them to the Forgot Password link on the login page — this is a self-service process that does not require any action from you.
Password Resets
User clicks 'Forgot Password' on the login page
This initiates the self-service password reset flow.
User enters their email address
Agatabo sends a password reset link to the registered email address.
Administrators cannot reset passwords on behalf of users. For security reasons, Agatabo does not allow administrators to view or set another user’s password. Password resets are always self-service. If a user cannot receive a reset email (for example, they no longer have access to their email), contact Agatabo support.
Permissions Required
| Operation | Permission Required |
|---|---|
| Invite new users | organization_users:write |
| Edit user profile (name, phone, email) | organization_users:write |
| Deactivate or reactivate an account | organization_users:write |
| Delete a user | organization_users:write |
| Resend an invitation | organization_users:write |
| Assign or remove roles | organization_user_roles:assign |
Need Help?
Inviting Users
Step-by-step guide to adding new members and staff.
Roles & Permissions
Understand what each role grants and how permissions combine.