Skip to main content

Overview

Managing users involves changing roles and handling account status changes. This guide covers all user management operations after initial invitation - for both members and staff.

Managing Roles

Roles determine what permissions a user has in your organization.

Adding a Role

1

Open user details

Click on user name
2

Navigate to Roles tab

Or click Manage Roles button
3

Click 'Assign Role'

Opens role assignment form
4

Select role to add

Choose from available roles (Member, Treasurer, etc.)
5

Optionally set assignment date

Backdate the role assignment if needed
6

Save changes

New permissions take effect immediately
Special case - Member role: When you assign the “Member” role, a savings ledger account is automatically created for the user.
Administrator role: The Administrator role cannot be assigned through the normal role assignment process. Contact a system administrator to use the special admin assignment function.

Removing a Role

1

Open user details

Click on user name
2

Navigate to Roles tab

View current roles
3

Click 'Remove' on the role

Or uncheck the role to remove
4

Confirm removal

Verify user should lose these permissions
5

Save changes

Permissions revoked immediately
Removing the Member role: If you remove the Member role:
  • User can no longer participate in savings and loans
  • Their savings ledger account is NOT automatically deleted
  • Only do this for staff who are not members
Administrator role: The Administrator role cannot be removed through the normal role removal process. Contact a system administrator.

Permission Required

Role management requires the organization_user_roles:assign permission (separate from user invitation permission).

Deactivating Accounts

Deactivating removes a user’s access to the organization while preserving all their data and transaction history.

When to Deactivate

  • Member leaves the organization (and has financial history)
  • Staff member’s employment ends
  • Security concern requires immediate access removal
  • User should lose access but data must be preserved
Before you can deactivate: You must remove ALL roles first. The system prevents deactivation of users who still have assigned roles.

Deactivation Process

1

Remove all roles

Navigate to user’s Roles tab → Remove all assigned roles (Member, Treasurer, etc.)
2

Navigate to user details

Click on user name
3

Click 'Deactivate Account'

Or change status to Inactive
4

Confirm deactivation

Access restrictions apply immediately

What Happens When Deactivated

Access:
  • ✅ User CAN still log in to Agatabo
  • ❌ User CANNOT access organization resources
  • ❌ User CANNOT perform any operations
  • User sees “Deactivated” status when attempting to access
Data:
  • ✅ All historical data preserved
  • ✅ Appears in reports for historical periods
  • ✅ Transaction history unchanged
  • ✅ Savings balance preserved
Reversibility:
  • ✅ Can be reactivated at any time
  • No data loss occurs

Reactivating Accounts

1

Navigate to Organization Users

Filter by Inactive status (if available)
2

Find deactivated user

Click on user name
3

Click 'Reactivate Account'

Or change status to Active
4

Assign appropriate roles

Navigate to Roles tab and re-assign necessary roles
5

Confirm reactivation

User can access organization again immediately
Reactivation restores access: The user can immediately access the organization again, but you must re-assign their roles manually.

Deleting Users

Deleting completely removes a user from the organization. This is only possible for users with NO financial history.

When You Can Delete

  • User was invited but never activated
  • User activated but has no transactions
  • User has no entry fee recorded
  • Duplicate account created by error (before any activity)

When You CANNOT Delete

❌ User has ANY of the following:
  • Savings deposits
  • Loan transactions
  • Dividend distributions
  • Entry fee recorded
  • Any other financial transactions
Financial history is immutable: Once a user has ANY financial activity, they cannot be deleted. You must deactivate them instead. This preserves audit trails and financial integrity.

Deletion Process

1

Verify no financial history

Confirm user has no transactions or entry fee
2

Navigate to user details

Click on user name
3

Click 'Delete User'

Option only available if no financial history
4

Confirm deletion

User and all related data removed permanently

What Gets Deleted

When you delete a user:
  • ✅ Organization user record
  • ✅ All role assignments
  • ✅ All invitations
  • ✅ Savings ledger account (if exists and empty)
  • ✅ User record (if this was their only organization)
  • ✅ User sessions
Deletion is permanent: Unlike deactivation, deletion cannot be reversed. Only delete when you’re certain the user should never have existed in the system.

Delete vs Deactivate

OperationUse WhenReversible?Data Preserved?Financial History?
DeleteNo financial activity❌ No❌ NoNot allowed
DeactivateHas financial activity✅ Yes✅ YesRequired
Business Rule:
  • If user has transactions/entry fee → Must deactivate (delete blocked)
  • If user has no activity → Should delete (clean removal)

Resending Invitations

If a user’s activation link expired or they never received it:
1

Navigate to Organization Users

Find users with Pending status
2

Find pending user

Click on user name
3

Click 'Resend Invitation'

Generates new activation link
4

New invitation sent

User receives fresh invitation (72-hour expiry)

How Resending Works

  1. Revokes all pending invitations for this user
  2. Creates new invitation with fresh 72-hour expiration
  3. Sends automatically (if email/SMS enabled) or provides manual link
  4. Only one active invitation at a time per user
Cannot resend after acceptance: Once a user has activated their account, you cannot resend invitations. They should use the password reset process if they can’t log in.

Resetting Passwords

If a user forgets their password:
1

User clicks 'Forgot Password'

On the login page
2

Enters email address

System sends reset link
3

Clicks reset link

Opens password reset page
4

Sets new password

Must meet security requirements
Self-service only: Administrators cannot see or reset user passwords directly. Users must use the self-service password reset process for security.

Permissions Required

OperationPermission Needed
Edit user info (name, email, phone)organization_users:write
Assign/remove rolesorganization_user_roles:assign
Deactivate/reactivate usersorganization_users:write
Delete usersorganization_users:write
Resend invitationsorganization_users:write

Best Practices

User management tips:
  • Remove roles before deactivation - required by the system
  • Use delete only for mistakes - deactivate for legitimate exits
  • Verify financial balances before deactivating members with transactions
  • Document role changes - keep notes on why roles were added/removed
  • Test email/phone changes - verify user can still log in after updates
  • Regular audits - review active vs inactive users quarterly
  • Keep contact info current - update phone/email promptly for notifications
  • Consider impact of email changes - affects all organizations user belongs to

Need Help?

Inviting Users

Add new organization users

Member Roles

Understanding roles and permissions

Viewing Member Details

Access member account information

Permissions Matrix

Full permission reference