User Management

User Management provides control over who can access InsightMaps and what actions they can perform. Administrators manage user accounts, assign admin privileges, and monitor user activity.

Overview

User Management Capabilities:

• User account creation: Create new users with email and password
• Admin control: Toggle admin and system admin privileges
• Account status: Activate or suspend user accounts
• Email verification: Manually verify user emails
• Bulk operations: Select and delete multiple users at once
• Search and filter: Find users by name, email, or verification status
• Sortable list: Sort by name, status, email verified, or last login

---

Access User Management

Location: InsightMaps Console → Users

How to Open:

1. Log in to console.insightmaps.app
2. Navigate to Users in left sidebar
3. User list and management tools appear

Permission Required: Admin role

---

User Roles and Permissions

Role System

InsightMaps uses a simple role system based on boolean flags rather than named role levels:

Flag	Purpose
IsAdmin	Grants admin access to the console (manage users, data sources, categories, layers, settings)
IsSystemAdmin	Grants unrestricted access. System admins can modify other system admins and perform destructive operations
IsActive	Controls whether the user can log in. Set to false to suspend an account

Effective Permission Levels

Level	IsAdmin	IsSystemAdmin	Capabilities
System Admin	Yes	Yes	Full platform access. Can manage all users including other system admins. Cannot be modified by regular admins
Admin	Yes	No	Manage users (except system admins), data sources, categories, layers, settings, view audit logs
User	No	No	Access the map application. View published maps and layers, use mapping tools, save private layers ("My Layers")

Note: There are no "Editor" or "Viewer" sub-roles. All non-admin users have the same base permissions in the map application.

Permission Rules

• System admins can modify any user, including other system admins
• Regular admins cannot modify or delete system admin accounts
• Users cannot remove their own admin privileges (prevents lockout)
• Admin and system admin flags are shown as toggles in the user edit form

---

Creating User Accounts

Create New User

How:

1. Navigate to Users page
2. Click "Add User" button (top right)
3. User creation form appears
4. Fill in required fields:
   • Username: Unique username
   • Email: User's email address (used for login)
   • Password: Initial password
   • Display Name: Full name shown in UI (optional)
5. Set permission toggles:
   • Is Active: Whether the account is enabled (default: yes)
   • Is Admin: Whether the user has admin access (default: no)
   • Is System Admin: Only visible to system admins (default: no)
6. Click "Create"

What Happens:

• User account created in database
• User can log in immediately with the provided credentials
• Audit log entry created

[insert image later]

---

Managing Existing Users

Edit User Profile

How:

1. Navigate to Users page
2. Find target user (search or browse)
3. Click user row or Edit icon
4. User edit form appears
5. Update fields:
   • Username
   • Email
   • Display Name
   • Is Active toggle
   • Is Admin toggle
   • Is System Admin toggle (system admins only)
   • Email Verified toggle
6. Click "Save"

[insert image later]

---

Toggle Admin Access

How:

1. Navigate to Users page
2. Find target user
3. Click the admin toggle directly in the user row
4. Admin status updates immediately (optimistic update)

Restrictions:

• Cannot toggle admin on system admin accounts (unless you are a system admin)
• Cannot remove your own admin privileges

---

Suspend User Account

When to Suspend:

• Employee on leave
• Investigating suspicious activity
• Temporary access removal

How:

1. Navigate to Users page
2. Find target user
3. Toggle the Is Active status to off (either in user list or edit form)
4. User is immediately prevented from logging in

What Happens:

• User cannot log in (login attempts fail)
• Data and "My Layers" preserved
• Appears in user list with inactive status
• Audit log entry created

To Reactivate:

1. Find suspended user
2. Toggle Is Active back to on
3. User can log in again

---

Verify User Email

How:

1. Navigate to Users page
2. Edit target user
3. Toggle Email Verified to on
4. Save changes

Use Case: Manually verify a user's email when the verification email was not received or expired.

---

Delete User Account

Caution: Permanent action!

How:

1. Navigate to Users page
2. Find target user
3. Click Delete action
4. Confirmation dialog appears
5. Confirm deletion

What Happens:

• User account deleted from database
• User can no longer log in
• Audit logs preserved (user info denormalized — username and email kept in log entries even after deletion)

Recommendation: Suspend first by toggling Is Active to off, wait 30 days, then delete if confirmed needed.

---

Bulk Operations

Bulk Delete

How:

1. Navigate to Users page
2. Select multiple users using checkboxes (shift-click for range selection)
3. Click "Delete Selected" button
4. Confirmation dialog appears showing number of users to delete
5. Confirm deletion
6. Progress feedback shown as users are deleted

Restrictions:

• Cannot bulk delete system admin accounts (unless you are a system admin)

---

Search and Filtering

Search Users

How:

1. Use the search box at top of Users page
2. Type to search by:
   • Username
   • Email
   • Display name
3. Results filter in real-time
4. Clear search with X icon

---

Filter by Verification Status

How:

1. Click filter controls
2. Filter by email verified status (verified / unverified)
3. User list updates

---

Sort Users

Sortable Columns:

• Name (alphabetical)
• Status (active / suspended)
• Email Verified
• Last Login (most recent first)

Click column header to sort. Click again to reverse order.

---

Keyboard Navigation

The user list supports keyboard navigation:

• Arrow keys: Move between users
• Enter: Open edit form for selected user
• Space: Toggle selection (for bulk operations)

---

Authentication

Supported Login Methods

Method	Description
Local	Email and password authentication
Google OAuth	Sign in with Google account
GitHub OAuth	Sign in with GitHub account

How Authentication Works

• Tokens are stored in HTTP-only cookies (not accessible via JavaScript for security)
• Access tokens expire after 60 minutes
• Refresh tokens are valid for 7 days
• Email verification is supported with token-based verification links
• Password reset uses token-based reset links sent via email

---

Responsive Design

The Users page adapts to screen size:

• Desktop: Table layout with sortable columns and inline actions
• Mobile: Card layout with key information and action buttons

---

Troubleshooting

"User cannot log in"

Possible Causes:

• Account suspended (Is Active = false)
• Incorrect password
• Email not verified (if email verification is enforced)
• Account does not exist

Solutions:

• Check user account status (Is Active toggle)
• Reset user password
• Manually verify email (toggle Email Verified)
• Verify user exists in user list

---

"Cannot modify admin account"

Causes:

• Trying to modify a system admin account without system admin privileges
• Trying to remove your own admin privileges

Solutions:

• System admin accounts can only be managed by other system admins
• You cannot demote yourself (prevents lockout)

---

"Bulk delete not working"

Causes:

• Selection includes system admin accounts
• No users selected

Solutions:

• System admin accounts are protected from bulk delete (unless you are a system admin)
• Ensure at least one user is selected (checkboxes)

---

Integration with Other Console Features

Works With

Audit Logs:

• All user management actions are logged
• User info preserved in logs even after account deletion
• Filter audit logs by user to see their activity

Data Sources:

• Admin users can manage data sources and layers
• Regular users can only access the map application

Categories:

• Admin users can create, edit, and publish categories
• Regular users see published categories in the map application

---

Summary

User Management provides account administration:

• Roles: Simple two-level system (Admin / User) with optional System Admin flag
• Account Lifecycle: Create, edit, suspend, reactivate, delete
• Authentication: Local email/password, Google OAuth, GitHub OAuth
• Bulk Operations: Multi-select and batch delete
• Search & Sort: Find users by name/email, sort by multiple columns
• Security: HTTP-only cookies, email verification, password reset tokens
• Responsive: Desktop table and mobile card layouts

Key Points:

• Assign minimum necessary permissions (not all users need admin access)
• Suspend accounts before deleting (allows recovery period)
• System admin accounts are protected from modification by regular admins
• All actions are recorded in the audit log