Skip to main content

Understanding Tontine Users

Your tontine has two types of people with access to Agatabo:
  1. Members - People who save money and may take loans (the core participants)
  2. Staff - People who operate the system (treasurers, accountants, administrators) but don’t necessarily save or borrow
Both are “users” in the system, but they have different roles and permissions.

User vs Member

Any person with login credentials to your tontine
  • Has login credentials (email or phone number)
  • Has one or more assigned roles
  • Can log in and perform permitted actions
  • May or may not be a member
  • Email is optional; phone number is required
Examples: Treasurer, Accountant, Administrator, Loan Officer, Manager, Member

User Lifecycle

1

Invitation

Administrator creates user and sends invitation (via email, SMS, or manual link sharing)
2

Account Activation

Person clicks activation link and sets password
3

Active User

Can log in with email or phone number and perform assigned tasks
4

Role Updates

Administrator adds/removes roles as needed
5

Deactivation (optional)

User leaves tontine, account disabled

Common Operations

Inviting Users

Add new members or staff to your tontine

Managing Users

Edit info, deactivate accounts, update roles

Roles & Permissions

Understand roles and what each can do

Viewing User Details

Access user profiles and account history

Default Roles

Your tontine comes with two default roles:
RolePurposeTypical Permissions
MemberSaves and borrowsView own savings, view own loans
AdministratorManages systemAll permissions including user management
Administrators can create additional custom roles as needed (Treasurer, Accountant, Loan Officer, Manager, etc.) with specific permissions configured per role.
Common pattern: In many tontines, the treasurer and accountant are also members (they save and borrow). In this case, they would have multiple roles assigned: “Member + Treasurer” or “Member + Accountant”. Other tontines hire staff who are NOT members - they just operate the system.
Detailed role information →

Organization User Information

Basic Information

  • Name: Full name (single field)
  • Account Number: Auto-generated unique identifier
  • Email: Optional - used for login and notifications if provided
  • Phone: Required - mobile number for SMS notifications
  • Join Date: Date the user joined the organization

Financial Information (for Members)

  • Savings Balance: Total deposits minus withdrawals
  • Active Loans: Current outstanding loans
  • Loan History: Past loans and repayment status
  • Entry Fees: Joining fees and payments
  • Dividend Allocations: Share of distributed profits
View user details guide →

User Status

StatusMeaningCan Log In?Can Access Organization?
ActiveAccount enabled✅ Yes (if password set)✅ Yes
InactiveAccount deactivated✅ Yes (if password set)❌ No (permissions denied)
How it works:
  • An inactive user can technically log in but won’t be able to access any organization features
  • Permissions are only resolved for active users (isActive = true)
  • To fully prevent access, deactivate the organization user
Invitation status: Tracked separately with values PENDING, ACCEPTED, REVOKED

Permissions System

Agatabo uses role-based access control (RBAC):

Permission Format

Permissions use the format: resource:action Examples:
  • organization_users:read - Can view organization users
  • organization_users:write - Can create/edit organization users
  • savings:read - Can view savings data
  • savings:write - Can record deposits
  • loans:read - Can view loans
  • loans:write - Can create loans

Permission Scopes

Each permission can be scoped to control access level: SELF scope: User can only access their own data
  • A member with savings:read (SELF scope) can only view their own savings
ANY scope: User can access all organization data
  • A treasurer with savings:write (ANY scope) can record deposits for any member
Full permissions matrix →

Member Management Best Practices

User management tips:
  • Verify phone numbers before sending invitations (phone is required)
  • Email is optional but recommended for login and notifications
  • Assign minimum necessary permissions (principle of least privilege)
  • Review user permissions quarterly
  • Deactivate former staff immediately
  • Use consistent naming conventions
  • Note that Name, Phone, and Email cannot be easily changed after creation

Common Scenarios

Adding a New Organization User

1

Collect user information

Name, phone (required), email (optional), join date
2

Add to Agatabo

Organization Users → Click “Add Organization User”
3

Fill in form

Complete Name, Join Date, Phone, and optional Email fields
4

Choose invitation option

Toggle “Send Invitation” on/off (sends invite via email or SMS)
5

User activates account

User clicks invitation link, sets password, and is automatically logged in
6

Assign roles

After creation, navigate to user’s Roles tab to assign member or other roles
Full workflow →

Adding a Role to an Existing User

1

Navigate to Organization Users

Find the user
2

Click on user name

Opens user details
3

Go to Roles tab

Click the “Roles” tab
4

Click Assign role

Opens role assignment dialog
5

Select role from dropdown

Choose the role to assign (e.g., Treasurer, Member)
6

Save changes

User now has the additional role and its permissions

Deactivating a User

1

Remove all roles

User must have no assigned roles before deactivation
2

Navigate to user details

Organization Users → Click user name
3

Click Deactivate

In Account Actions section, click “Deactivate Organization User”
4

Confirm deactivation

Confirm in the dialog
5

User account disabled

User can no longer log in; data retained for audit purposes

Integration with Other Features

Savings

Members with savings have savings ledger accounts:
  • Tracks deposit balance
  • Shows transaction history
  • Appears on balance sheet as liability

Loans

Loans are created for members by loan officers:
  • Loan history tracked per member
  • Guarantors can be other organization users with member role
  • Loan securities can include savings balances

Dividends

Members can receive dividend allocations from dividend pools:
  • Distribution methods: equal or by contribution
  • Administrators create dividend pools and distribute to members

Reports

Tontine users appear in the following reports:
  • Balance Sheet
  • Profit & Loss
  • Shares Report (members only)
  • Loans Outstanding (members only)

Security and Privacy

Data protection:
  • Member financial data is confidential
  • Only users with appropriate permissions can view data
  • Members can only view their own data (unless given additional permissions)
  • Staff with appropriate roles can view all member data
  • Email and phone numbers are used for login and notifications

Need Help?

Inviting Users

Step-by-step invitation guide

Managing Users

Edit, deactivate, update roles

Roles Explained

Understanding roles and permissions

Permissions Matrix

Full permission reference