Managing Users

Control who has access to your Define.wtf workspace and manage their permissions. This guide covers user invitations, role assignment, permission management, and activity monitoring.

Accessing User Management

From the main navigation, click Admin → Members
Or navigate directly to /admin/members

User Directory

The user management interface displays all workspace members in a searchable, filterable table.

User List Columns

Column	Description
Name	User's full name from their profile
Email	Work email address
Role	Current permission level (Viewer, Editor, Admin, Owner)
Status	Active, Invited, Disabled, or Stale indicator
Last Active	When user last accessed the workspace
Acronyms Created	Count of acronyms authored by user
Edits	Total definitions edited or created
Actions	Menu with options to edit, remove, or change role

Roles & Permissions

Define.wtf uses a hierarchical role system. Each role has default permissions, but specific permissions can be customized per-user.

Role Hierarchy

Owner (highest authority)
  ↓
Admin
  ↓
Editor
  ↓
Viewer (lowest authority, read-only)

Role Definitions

Viewer

Read-only access to all acronyms, categories, collections
Search and browse the full knowledge base
Permitted actions:
- View acronyms, definitions, categories
- Search across all content
- Access collections
- View public comments
- Use Slack /define command
Cannot:
- Create, edit, or delete acronyms
- Modify categories
- Access admin features
- Export data (unless custom permission granted)
Use case: Stakeholders, read-only reference users, external partners

Editor

Create and edit content in the knowledge base
Inherits all Viewer permissions plus:
- Create new acronyms
- Edit existing acronyms (except locked ones)
- Create tags and categories
- Create and manage personal collections
- Comment on acronyms
- Suggest changes to locked terms
- Use advanced search filters
Cannot:
- Delete acronyms or categories
- Lock or deprecate acronyms
- Manage other users
- Access admin dashboard
- Export data (unless custom permission granted)
Use case: Team members, subject matter experts, content contributors

Admin

Full content and workspace management
Inherits all Editor permissions plus:
- Delete (soft-delete) acronyms
- Restore deleted acronyms
- Lock and unlock acronyms
- Deprecate acronyms
- Manage categories (create, edit, delete)
- Manage collections
- Create bulk imports
- Export workspace data
- View admin dashboard and metrics
- View activity logs
- Invite users (role limited to Editor)
Cannot:
- Change user roles
- Remove users (owner-level action)
- Permanently delete acronyms
- Modify workspace settings
- Configure integrations
Use case: Department leads, knowledge managers, content moderators

Owner

Full administrative authority (only 1-2 per workspace)
Inherits all Admin permissions plus:
- Change user roles (including promoting to Admin)
- Remove or disable users
- Permanently delete (hard-delete) acronyms
- Modify workspace settings (name, logo, branding)
- Configure integrations (Slack, webhooks, SSO)
- Manage API tokens and keys
- Access billing and subscription settings
- Delete entire workspace
- Configure compliance and audit settings
Use case: Workspace administrators, billing contacts

Permission Table

Permission	Viewer	Editor	Admin	Owner
`acronym:view`	✓	✓	✓	✓
`acronym:create`	✗	✓	✓	✓
`acronym:edit`	✗	✓	✓	✓
`acronym:delete`	✗	✗	✓	✓
`acronym:delete_permanent`	✗	✗	✗	✓
`acronym:lock`	✗	✗	✓	✓
`acronym:deprecate`	✗	✗	✓	✓
`category:create`	✗	✓	✓	✓
`category:edit`	✗	✗	✓	✓
`category:delete`	✗	✗	✓	✓
`user:invite`	✗	✗	✓	✓
`user:change_role`	✗	✗	✗	✓
`user:manage`	✗	✗	✗	✓
`tenant:export`	✗	✗	✓	✓
`tenant:manage_settings`	✗	✗	✗	✓
`admin:view`	✗	✗	✓	✓

User Provisioning

Users are automatically created when they access your workspace via SSO or SCIM provisioning:

SSO Provisioning

When SSO is enabled:

User navigates to your workspace login page
User clicks "Sign in with [Company]"
User authenticates with your identity provider
User is automatically created in the workspace (if not already present)
User is assigned the default role (typically Viewer)

SCIM Provisioning

When SCIM is enabled:

Admin adds user to your identity provider
Your identity provider automatically sends a SCIM request
User is created in the workspace
User can immediately log in via SSO

No manual invitations are required; users are provisioned automatically.

Assigning & Changing Roles

Change User Role

Click the Actions menu (⋮) for the user
Select Change Role
Choose new role from dropdown
(Optional) Add reason: "Promotion", "Cross-team assignment", etc.
Click Change

Important Notes:

Only owners can change user roles
You cannot demote an owner (only way is to remove and re-invite as Admin)
Role changes take effect immediately
User receives notification of role change
Audit log records the change

Bulk Role Assignment

Assign the same role to multiple users:

Select users using checkboxes
Click Bulk Actions → Change Role
Select new role
Confirm

User Status & Activity

Status Indicators

Status	Meaning
Active	User has accessed workspace in past 30 days
Invited	Invitation sent; awaiting acceptance
Stale	No access in 60+ days
Disabled	Admin has deactivated; cannot log in
Inactive	Removed from workspace

Stale User Indicator

Users who haven't accessed the workspace in 60+ days show a Stale badge:

Action: Consider removing inactive users
Outreach: Send re-engagement message
Permission: Auto-suspend stale users after 90 days (enterprise only)

Last Active Timestamp

Shows when user last:

Logged in
Viewed an acronym
Performed a search
Created/edited content

Click the timestamp to view detailed activity history for that user.

Removing Users

Remove a user from your workspace:

Remove a User

Click Actions → Remove
Review impact:
- Acronyms they created are not deleted (remain in workspace)
- Their edit history is preserved
- They lose all workspace access immediately
Confirm Remove User

The removed user:

Cannot access the workspace
Cannot log in (gets 403 error)
Receives notification of removal
Can request re-invitation (requires owner approval)

Disable vs. Remove

Action	Effect
Disable	User cannot log in but remains in directory (recoverable)
Remove	User is deleted from workspace permanently

To disable instead (without removal):

Click Actions → Disable
User cannot access but can be re-enabled

Bulk Remove

Remove multiple users at once:

Select users using checkboxes
Click Bulk Actions → Remove Selected
Review count
Confirm

Custom Permissions

Admins can grant custom permissions beyond the default role:

Grant Custom Permission

Click Actions → Manage Permissions (owner only)
In the modal, toggle specific permissions on/off
Custom permissions are shown with a Custom badge next to the role
Click Save

Example:

Grant an Editor the tenant:export permission to export data (normally Admin-only)
Grant a Viewer the acronym:edit permission to modify specific definitions

Reset to Default Role

Click Actions → Reset Permissions
Confirm to remove all custom overrides
User reverts to standard role permissions

User Profile & Settings

View and manage individual user settings:

View User Profile

Click the user's name or row
See detailed profile:
- Full name, email, avatar
- Role and custom permissions
- Date joined
- Last login
- Acronyms created, edits made
- Collections authored
- Activity breakdown by month

User Settings (Self)

Each user can update their own settings:

Name & Avatar: Update profile picture and display name
Email: Change email address (verification required)
Password: Update password (if using password auth)
Notifications: Email digest preferences
Display Preferences: Theme, language, timezone

Activity Monitoring

Monitor what users are doing in your workspace:

User Activity Report

Click Actions → View Activity
See timeline of user's actions:
- Acronyms created with dates
- Definitions edited (shows before/after)
- Categories created or modified
- Collections managed
- Comments posted
- Search history (optional, privacy-sensitive)