User Management

---

• User Management Overview
• User Roles and Permissions
• Inviting Users
• Managing User Accounts
• Location Assignments
• Permission Management
• User Onboarding
• Security and Access Control
• User Activity Monitoring

User Management Overview

Budgeting Pro features two distinct user management systems designed for different administrative levels:

Company User Management

• Scope: Team management within individual companies
• Access: Available through the Company Dashboard (/app)
• Users: CompanyAdmin role
• Capabilities:
  • Invite and manage company team members
  • Assign users to specific locations
  • Set role-based permissions and spending limits
  • Location-based access control

For detailed information, see: Company Dashboard - Company User Management

This Guide's Focus

This guide provides comprehensive information about user management in the Company Panel (/app).

User Roles and Permissions

User Types

Before discussing roles, it's important to understand Company users in Budgeting Pro:

Company Users (UserType::Company)

• Business users within companies
• Access to Company Panel (/app) only
• Restricted to assigned companies and locations
• Subject to role-based permissions

Available User Roles

The following roles apply to Company Users within the company panel:

CompanyAdmin

• Full company management rights
• Manage all company users and settings
• Access to all locations and budgets
• Can assign roles to other users
• Full reporting and analytics access

BudgetAdmin

• Budget management and oversight capabilities
• Can manage budgets across locations
• Can approve budget-related requests
• Access to financial reports and analytics
• Cannot create, edit, or delete users

OrdererAdmin

• Advanced order management and approval rights
• Can approve orders within authority limits
• Manage order workflows and processes
• Access to order analytics and reports
• Can guide and support other orderers

Orderer

• Can view draft orders for assigned locations
• Can send eligible orders to rework for assigned locations
• Can confirm eligible orders to Shopify for assigned locations (budget rules apply)
• Cannot create, update, or delete users

Requester

• Can view and work on own orders
• Can submit own orders for approval (only when status and budget rules pass)
• Can edit own orders only in Needs Rework status
• Cannot manage users, locations, or budgets

Permission Matrix (View & Functions)

This matrix is based on current app policies and Filament resource actions.

Quick Summary

Feature	CompanyAdmin	BudgetAdmin	OrdererAdmin	Orderer	Requester
View users	✅	✅	✅	✅	✅
Manage users (create/edit/delete)	✅	❌	❌	❌	❌
Create/edit/delete locations	✅	❌	❌	❌	❌
Manage location users	✅	❌	✅*	❌	❌
Manage location budgets	✅	✅*	❌	❌	❌
Send order to rework	✅*	❌	❌	✅*	❌
Confirm order to Shopify	✅*	❌	✅*	✅*	❌
Edit order lines	✅*	❌	❌	❌	✅*

Scope/status/location/budget conditions apply based on policy rules.

CompanyAdmin

• View: Users, locations, budgets, and all company draft orders
• Functions:
  • Create/update/delete users
  • Create/update/delete locations
  • Manage budgets for all locations
  • Send eligible orders to rework
  • Confirm eligible orders to Shopify
  • Edit orders (except restricted final statuses)

BudgetAdmin

• View: Users, locations, and draft orders available in assigned scope
• Functions:
  • Manage budgets for assigned locations
  • Cannot create/update/delete users
  • Cannot send orders to rework or Shopify by default

OrdererAdmin

• View: Users, locations, and draft orders (role/location rules apply)
• Functions:
  • Manage location users for assigned locations
  • Confirm eligible orders to Shopify for assigned locations
  • Cannot create/update/delete users
  • Cannot manage location budgets by default

Orderer

• View: Users, locations, and draft orders for assigned locations
• Functions:
  • Send eligible orders to rework for assigned locations
  • Confirm eligible orders to Shopify for assigned locations (budget rules apply)
  • Cannot create/update/delete users
  • Cannot manage location budgets

Requester

• View: Own orders and allowed company data in app scope
• Functions:
  • Submit own order for approval when:
    • status is Draft or Needs Rework
    • requester is assigned to the order location
    • order is within budget
  • Edit own order only in Needs Rework
  • Cannot send to rework
  • Cannot confirm to Shopify
  • Cannot manage users, locations, or budgets

Inviting Users

Sending Invitations

1. Navigate to Users → Invite User
2. Enter the user's email address
3. Select appropriate role and permissions
4. Assign to relevant locations
5. Set spending limits (if applicable)
6. Click Send Invitation

Invitation Email Content

Users receive an email containing:

• Welcome message and company information
• Link to create their account
• Temporary access instructions
• Getting started guide
• Support contact information

Invitation Management

• Track invitation status (sent, accepted, expired)
• Resend invitations if needed
• Cancel pending invitations
• Set invitation expiration times
• Note: User create/edit/delete actions are restricted to CompanyAdmin.

Managing User Accounts

User Profile Management

Personal Information:

• Name and contact details
• Job title and department
• Profile picture
• Notification preferences
• Language and timezone settings

Account Settings:

• Email address (username)
• Password requirements
• Two-factor authentication
• Session timeout settings
• API access tokens (if applicable)

Account Status Management

Active Users:

• Full access according to their role
• Can log in and use all assigned features
• Receive notifications and updates

Suspended Users:

• Temporarily restricted access
• Cannot log in or perform actions
• Existing orders remain visible
• Can be reactivated by administrators

Deactivated Users:

• Permanently disabled accounts
• No system access
• Historical data retained for auditing
• Cannot be reactivated (new account required)

User Account Actions

• Edit Profile: Update user information
• Change Role: Modify user permissions
• Reset Password: Force password reset
• Suspend Account: Temporarily disable access
• Deactivate Account: Permanently disable user
• View Activity: Check user action history
• Current Access Rule: Only CompanyAdmin can create, edit, delete, restore, or permanently delete users.

Location Assignments

Assigning Users to Locations

Users can be assigned to one or multiple locations with different permission levels:

Single Location Assignment:

• User has access to one specific location
• Simplest permission structure
• Clear budget and approval boundaries
• Easy to manage and understand

Multiple Location Assignment:

• User can access several locations
• Different roles possible per location
• Flexible for multi-department users
• Requires careful permission management

Permission Levels per Location

For each location assignment, define:

• Role Level: What the user can do
• Budget Access: View/edit budget information
• Approval Authority: Order approval limits
• Reporting Access: Available reports and data
• Administrative Rights: User management capabilities

Location-Specific Settings

Spending Limits:

• Set per-location spending limits for users
• Define approval thresholds
• Configure emergency override permissions

Product Access:

• Restrict access to certain product categories
• Define allowed vendors or suppliers
• Set quantity limits for specific items

Permission Management

Granular Permissions

Permissions are enforced by Laravel policies and role checks in the app panel.

Core User/Location/Budget Rules

• Users: all roles can view; only CompanyAdmin can create/update/delete
• Locations: all roles can view; only CompanyAdmin can create/update/delete
• Location Users: CompanyAdmin can manage all; OrdererAdmin can manage assigned locations
• Location Budgets: CompanyAdmin can manage all; BudgetAdmin can manage assigned locations

Core Draft Order Rules

• View Order: creator can view; Orderer and OrdererAdmin can view assigned location; CompanyAdmin can view all
• Submit for Approval: requester-only, own order, allowed status, assigned location, within budget
• Send to Rework: CompanyAdmin or location Orderer (with status checks)
• Confirm to Shopify: CompanyAdmin, location OrdererAdmin, or location Orderer (budget checks apply)
• Edit Order Lines: CompanyAdmin, and Requester only for own Needs Rework orders

User Onboarding

New User Setup Process

1. Invitation Sent: User receives invitation email
2. Account Creation: User creates password and profile
3. Guided Tour: Introduction to the system
4. Permission Review: Understanding their access level
5. First Actions: Completing initial tasks
6. Support Access: Connecting with help resources

Onboarding Checklist

Ensure new users complete:

• [ ] Profile setup with accurate information
• [ ] Understanding of their role and permissions
• [ ] Familiarity with location assignments
• [ ] Knowledge of budget constraints
• [ ] Training on order approval process
• [ ] Contact information for support

Training Resources

Provide users with:

• Video Tutorials: Step-by-step guidance
• Documentation: Written guides and FAQs
• Live Training: Scheduled training sessions
• Practice Environment: Safe space to learn
• Mentor Assignment: Experienced user support

Progress Tracking

Monitor new user progress:

• Track completion of onboarding steps
• Monitor early system usage
• Identify users who need additional help
• Measure time to productivity
• Gather feedback on onboarding experience

Security and Access Control

Authentication Methods

Standard Authentication:

• Email and password combination
• Strong password requirements
• Regular password updates
• Password complexity rules

Two-Factor Authentication (2FA):

• Additional security layer
• SMS or app-based verification
• Required for sensitive roles
• Backup codes for recovery

Single Sign-On (SSO):

• Integration with company identity systems
• Simplified user experience
• Enhanced security controls
• Centralized user management

Access Control Measures

IP Restrictions:

• Limit access to specific IP ranges
• Restrict access to office locations
• VPN requirements for remote access
• Geo-location restrictions

Session Management:

• Automatic session timeout
• Concurrent session limits
• Device registration requirements
• Session activity monitoring

API Access:

• Token-based authentication
• Limited scope permissions
• Usage monitoring and limits
• Regular token rotation

Security Policies

Password Policies:

• Minimum length requirements
• Character complexity rules
• Regular update schedules
• Prevention of password reuse

Account Lockout:

• Failed login attempt limits
• Automatic account suspension
• Administrator notification
• Unlock procedures

User Activity Monitoring

Activity Tracking

Monitor user activities including:

• Login Activity: Login times, locations, devices
• Order Actions: Orders created, modified, approved
• Budget Activities: Budget views, modifications
• Administrative Actions: User management, settings changes
• Report Access: Reports viewed, exported, shared

Audit Logs

Comprehensive audit trails showing:

• User Actions: What was done and when
• Data Changes: Before and after values
• Permission Changes: Role and access modifications
• System Events: Login, logout, errors
• Integration Activities: Shopify synchronization events

Monitoring Reports

Regular reports on:

• User Engagement: Activity levels and patterns
• Security Events: Failed logins, suspicious activities
• Performance Metrics: User productivity and efficiency
• Compliance Status: Adherence to policies and procedures

Alerts and Notifications

Set up alerts for:

• Unusual activity patterns
• Failed security events
• Policy violations
• High-value transactions
• System access issues

Best Practices

User Management Best Practices

1. Principle of Least Privilege: Grant minimum necessary permissions
2. Regular Access Reviews: Periodically review and update user permissions
3. Proper Onboarding: Ensure thorough training for all new users
4. Clear Documentation: Maintain up-to-date role descriptions
5. Security Awareness: Regular security training and updates

Organizational Tips

• Role Standardization: Create consistent role definitions
• Permission Templates: Use templates for common permission sets
• Delegation Procedures: Clear procedures for temporary permission elevation
• Deprovisioning Process: Proper procedures for user departure
• Regular Audits: Periodic reviews of user access and permissions

Troubleshooting

Common User Management Issues

User Cannot Login:

• Verify account is active
• Check password reset requirements
• Confirm email address spelling
• Review IP restrictions and security policies

Permission Errors:

• Verify role assignments
• Check location-specific permissions
• Confirm budget access rights
• Review recent permission changes

Invitation Problems:

• Check email delivery status
• Verify email address accuracy
• Confirm invitation hasn't expired
• Review spam/junk folder instructions

Getting Help

For user management issues:

• Use the admin help center
• Contact support with specific user details
• Schedule training sessions for complex scenarios
• Access video tutorials for common tasks