Section 10: Admin (Users & Roles)
The Admin section manages user access and permissions for Auxia Console. This section covers user management, roles, and access control.
10.1 Admin Overview
What Can Admins Do?
| Capability | Description |
|---|---|
| User Management | Add, edit, remove users |
| Role Management | Create and configure roles |
| Permission Assignment | Control feature access |
| Access Audit | Review who has access to what |
Accessing Admin
- Click Admin in the sidebar
- Select Users & Roles
Admin Permissions Required
You need admin-level permissions (IAM_USER_VIEW, IAM_ROLE_VIEW, etc.) to access these features.
10.2 Users
User List
View all users with Console access:
| Column | Description |
|---|---|
| Name | User's display name |
| Login email | |
| Role | Assigned role |
| Status | Active or inactive |
| Last Login | Most recent access |
Adding Users
Step 1: Click + Add User
Step 2: Enter user details:
- Name
- Email address
Step 3: Assign role:
- Select from available roles
- User inherits role permissions
Step 4: Send invitation:
- User receives email invitation
- They set up their password
Editing Users
- Click user in the list
- Modify details:
- Name
- Role assignment
- Save changes
Removing Users
- Select user
- Click Remove/Deactivate
- Confirm action
- User loses Console access
User Status
| Status | Meaning |
|---|---|
| Active | Can log in and use Console |
| Inactive | Cannot log in |
| Pending | Invitation sent, not yet accepted |
10.3 Roles
What are Roles?
Roles are collections of permissions that define what users can do in Console.
Standard Roles
Most organizations have these default roles:
| Role | Description | Typical Use |
|---|---|---|
| Viewer | Read-only access | Stakeholders, observers |
| Editor | Create and edit content | Marketers |
| Analyst | Full analytics access | Data analysts |
| Admin | Full access including user management | System administrators |
Viewing Roles
- Go to Admin > Users & Roles
- Switch to Roles tab
- See all configured roles
Role Details
Each role shows:
- Role name
- Description
- Assigned permissions
- Number of users with this role
Creating Custom Roles
If you have permission:
- Click + Create Role
- Enter role name and description
- Select permissions
- Save role
Editing Roles
- Select role
- Modify permissions
- Save changes
- Changes affect all users with this role
10.4 Permissions
Permission Categories
| Category | Covers |
|---|---|
| Treatment | Create, edit, view treatments |
| Journey | Create, edit, view journeys |
| Analytics | Access analytics dashboards |
| Agent and AI Insights | Use Analyst Agent |
| Configuration | Manage settings |
| QA | Testing capabilities |
| Admin | User and role management |
Common Permissions
Treatment Permissions:
| Permission | Allows |
|---|---|
| TREATMENT_VIEW | View treatments |
| TREATMENT_EDIT | Create and edit treatments |
Journey Permissions:
| Permission | Allows |
|---|---|
| PROGRAM_VIEW | View journeys |
| PROGRAM_EDIT | Create and edit journeys |
Analytics Permissions:
| Permission | Allows |
|---|---|
| ANALYZE_OBJECTIVE_VIEW | View goal analytics |
| ANALYZE_PROGRAM_VIEW | View journey analytics |
Other Permissions:
| Permission | Allows |
|---|---|
| Agent External Use | Use Agent and AI Insights |
| DATAFIELD_VIEW | View data fields |
| QA_USER_EDIT | Manage QA users |
| IAM_USER_VIEW | View users |
| IAM_USER_EDIT | Manage users |
| IAM_ROLE_VIEW | View roles |
| IAM_ROLE_EDIT | Manage roles |
Permission Inheritance
Users inherit all permissions from their assigned role. Multiple role assignments combine permissions.
10.5 Access Management Best Practices
Principle of Least Privilege
Grant only the permissions needed for each role:
- Viewers don't need edit access
- Editors don't need admin access
- Analysts don't need configuration access
Role-Based Access
Recommended Structure:
| Team Member | Role | Rationale |
|---|---|---|
| Marketing Manager | Editor | Creates and manages content |
| Marketing Coordinator | Editor | Day-to-day operations |
| Data Analyst | Analyst | Performance analysis |
| Stakeholder | Viewer | Oversight without editing |
| IT Admin | Admin | Technical management |
Regular Access Reviews
Periodically review access:
- Remove departed employees
- Adjust roles for changed responsibilities
- Audit who has admin access
Documentation
Maintain records of:
- Who has access
- Why they have access
- When access was granted
10.6 User Lifecycle
Onboarding New Users
Checklist:
- Determine appropriate role
- Create user account
- Send invitation
- User accepts and sets password
- Verify access works
- Provide training/documentation
Role Changes
When responsibilities change:
- Review current vs. needed permissions
- Assign new role or modify current
- Communicate change to user
- Verify new access works
Offboarding Users
When someone leaves:
- Immediately deactivate account
- Document removal date/reason
- Review any content they created
- Consider data retention needs
10.7 Security Considerations
Password Requirements
Users should:
- Use strong, unique passwords
- Enable multi-factor authentication (if available)
- Not share login credentials
Session Security
- Sessions expire after inactivity
- Log out when finished
- Don't use shared computers for Console
Audit Trail
Admin actions are logged:
- User additions/removals
- Role changes
- Permission modifications
Use audit logs for compliance and security review.
10.8 Troubleshooting Access Issues
"User Can't Log In"
Check:
- User status is Active
- Email address is correct
- Password reset if needed
- Account not locked
"User Can't See Feature"
Check:
- User's role includes required permission
- Permission is correctly configured
- Feature is available in their project
"Permission Not Working"
Check:
- Permission is in user's role
- Role is assigned to user
- Changes have been saved
- User has refreshed/re-logged
"Can't Add User"
Check:
- You have IAM_USER_EDIT permission
- User doesn't already exist
- Email format is valid
10.9 Admin FAQ
How many admins should we have?
- At least 2 (backup for availability)
- Not too many (security risk)
- Recommendation: 2-3 per organization
Can users have multiple roles?
Configuration varies by organization. Ask your system administrator.
How do I know who has access?
Admin > Users & Roles shows all users and their roles. Export for reporting if needed.
What happens when I remove a user?
- Immediate loss of access
- Historical data preserved
- Content they created remains
Can I restore a removed user?
Typically yes, by reactivating their account. Verify with your admin.
10.10 Requesting Access
For Users Needing Access
- Contact your Console admin
- Explain what you need to do
- Request appropriate role
- Complete any required training
Access Request Template
Access Request
Name: [Your name]
Email: [Your email]
Requested Access:
[What do you need to do in Console?]
Business Justification:
[Why do you need this access?]
Manager Approval:
[Manager name/approval]
10.11 Admin Tools Summary
| Tool | Purpose | Permission Required |
|---|---|---|
| View Users | See who has access | IAM_USER_VIEW |
| Add User | Grant Console access | IAM_USER_EDIT |
| Edit User | Change user settings | IAM_USER_EDIT |
| Remove User | Revoke access | IAM_USER_EDIT |
| View Roles | See role configurations | IAM_ROLE_VIEW |
| Create Role | Define new roles | IAM_ROLE_EDIT |
| Edit Role | Modify permissions | IAM_ROLE_EDIT |
Next Section
Continue to Appendices for glossary, permissions reference, and additional resources.