Manage users and roles
Organization Admin · Event Coordinator (limited — view users only)
This guide covers how organization admins invite new members, assign roles, manage invitations, and work with custom roles in StandShare. There are two separate user management surfaces — this page covers both.
Two user management surfaces
StandShare has two distinct places where users can be managed:
- Tenant Admin Users page (
/admin/users) — for organization admins managing their own members. This is what most admins use day to day. - Platform Admin portal — for StandShare staff managing users across all organizations. Platform admin actions are outside the scope of this guide.
The rest of this guide covers the tenant admin users page.
The Admin Users page
Navigate to Admin in the sidebar and select Users. This page has three tabs:
- Users — the list of everyone currently in your organization, plus the Pending Invitations section below it
- Roles — manage the roles available in your organization
- Groups — manage operator groups within your organization
You need the admin_panel.view_users permission to access this page. Most actions (inviting, editing, changing roles) additionally require admin_panel.manage_users.
View and search the user list
The Users tab shows a paginated list of all members. You can:
- Search by name or email using the search bar
- Filter by status — Active, Inactive, or Suspended
- Filter by role — narrow the list to users holding a specific role
Click any row to open the inline edit options for that user.
Add a user who already has an account
Use Add User when the person already has a StandShare account (they have signed in before, possibly for another organization).
- From the Users tab, click Add User.
- Enter the user's email address, first name, last name, and phone number.
- Select the role or roles to assign to this user.
- Click Add.
The user is added to your organization immediately and can sign in with their existing account.
Not sure whether someone has an existing account? Use Invite User instead — if they already have an account, they can accept the invitation and their existing profile carries over.
Invite a new user
Use Invite User when the person does not yet have a StandShare account. This sends them an email with a link to create their account and join your organization.
- From the Users tab, click Invite User.
- Enter the person's email address, first name, and last name.
- Select the role or roles to assign when they accept.
- Click Send Invitation.
The invitation appears in the Pending Invitations section at the bottom of the Users tab. Once the person accepts and creates their account, they move to the active user list.
To cancel a pending invitation before it is accepted, click Revoke next to the invitation in the Pending Invitations list.
Invitations do not expire automatically. If someone hasn't received the email, ask them to check their spam folder, then revoke and resend the invitation.
Edit a user's profile
- Click the user's row to open their options.
- Click Edit.
- Update the first name, last name, phone number, or email address.
- Click Save.
Change a user's status
You can set a user's status to Active, Inactive, or Suspended. Status changes require step-up authentication — you will be prompted to re-verify your identity before the change is saved.
- Click the user's row to open their options.
- Click Change Status.
- Select the new status and enter a reason.
- Complete the step-up verification prompt.
- Click Save.
| Status | What it means |
|---|---|
| Active | User can sign in and access features matching their roles |
| Inactive | User cannot sign in; account and history are preserved |
| Suspended | User cannot sign in; typically used for policy violations |
Assign or change a user's roles
Role changes require step-up authentication and the system_admin.assign_roles permission. The step-up prompt appears automatically when you try to save.
- Click the user's row to open their options.
- Click Manage Roles.
- Select or deselect roles as needed.
- Complete the step-up verification prompt.
- Click Save.
A user can hold multiple roles simultaneously. Their effective permissions are the union of all roles they hold. For example, a user with both Event Coordinator and Treasurer can do everything both roles allow.
Role changes take effect within 5 minutes. The permission cache clears on the user's next request after the change is saved. If you need someone's access revoked urgently, changing their status to Inactive takes effect immediately.
Removing the Admin role from the last remaining admin will lock you out of admin features. StandShare prevents this by requiring at least one active Admin at all times.
Manage roles (the Roles tab)
The Roles tab renders the full role management interface. Here you can:
- View all roles available in your organization
- Create new custom roles
- Edit an existing role's permissions
- Delete roles that are no longer needed (except Admin and Venue Admin, which are system roles)
Create a custom role
- Click the Roles tab.
- Click Create Role.
- Enter a role name and description.
- Select permissions from the category list.
- Click Save.
The new role is immediately available to assign to users.
Edit a role's permissions
- Click the Roles tab.
- Click on the role you want to modify.
- Adjust the permission checkboxes.
- Click Save Changes.
Editing a role's permissions updates every user who holds that role. All user permission caches are cleared when you save, so the change takes effect on users' next requests — no sign-out required.
Saving role permission changes requires step-up authentication. You will be prompted to re-verify your identity before changes are applied.
Manage groups (the Groups tab)
The Groups tab renders the operator group management interface. Groups are used to organize users for operator-level workflows. See Manage Dynamic Groups for full instructions.
Best practices
- Assign the least privilege necessary. Give users only the roles they need for their actual responsibilities.
- Review roles at the start of each season. Deactivate accounts for people who are no longer active, and audit role assignments for accuracy.
- Use invitations for new users. Even if you think someone might have an existing account, invitations are safe — they handle both new and returning users correctly.
- Use custom roles sparingly. The built-in role templates cover most use cases. Create additional custom roles only when the templates don't fit.
Next Steps
- User Roles reference — detailed breakdown of every built-in role and its permissions
- Permission Matrix — full table of role capabilities at a glance
- Understanding Roles and Permissions — how the RBAC system works conceptually