Inviting users
- Navigate to Organisation → Users
- Click Invite user
- Enter their work email and select an organisation role
- Click Send invite
The user receives an email with a time-limited invitation link (72 hours). If it expires, you can resend from the Users table.
Organisation roles
| Role | Description |
|---|
| Owner | Full organisation control |
| Domain Admin | Manages all Org Units and users |
| Department Admin | Manages their Org Units only |
| Security Officer | Audit log access only |
| Member | Standard user |
| Auditor | Compliance reports only |
The Owner role has full control including the ability to delete the organisation. Assign it only to primary administrators.
Setting clearance
Each user’s effective clearance is the higher of their role default and any explicit override.
| Role | Default clearance |
|---|
| Owner | C4 |
| Domain Admin | C4 |
| Security Officer | C4 |
| Department Admin | C3 |
| Member | C2 |
| Auditor | C2 |
Deactivating users
Deactivating a user:
- Immediately invalidates all their sessions
- Removes them from all room memberships
- Removes them from all Org Unit memberships
- Retains their activity in the audit log (for compliance)
The user’s account is retained but they cannot log in. Deactivation is reversible — reactivate from the same menu.
Bulk operations
Use the Import users feature to provision multiple users at once via CSV:
email,role,org_unit
alice@company.com,Member,Legal
bob@company.com,Member,Engineering
carol@company.com,Department Admin,Finance
