Skip to main content

User Management

What User Management Does​

User Management in GCXONE controls who can access the platform, what they can see, and which entities they can interact with. Every user is scoped to a tenant and inherits access from their assigned role β€” with the option to override or extend that access per user without modifying the shared role.

Why It Matters​

Without properly configured users, operators may see entities they shouldn't, or be blocked entirely. User Management ensures the right people have the right access β€” and that access is immediately revocable when needed.

How It Works​

note

ℹ️ INFO β€” Prerequisites: Complete your role structure before inviting users. See Roles & Permissions.

Inviting a New User​

Navigate to Settings β†’ Users β†’ Invite New User.

  1. Enter the user's email address.
  2. Select their role from the dropdown (must exist before invitation).
  3. Optionally set a custom entity access override at invitation time.
  4. Click Send Invitation.

GCXONE dispatches an invitation email from no-reply@nxgen.cloud. The invitation link expires after 7 days. Resend via Settings β†’ Users β†’ [User Row] β†’ Resend Invitation.

What Happens When a User Accepts​

  1. User clicks the invitation link.
  2. They are prompted to set a password (token expires after 24 hours).
  3. On first login, they land on the default module their role grants.
  4. If no role was assigned, they see a blocked screen β€” assign a role immediately.

Configuring Entity Access Per User​

A user inherits entity access from their assigned role. You can override or extend this per user without modifying the shared role.

Navigation: Settings β†’ Users β†’ [User] β†’ Edit Entity Access

  • Override Mode β€” Replaces the user's role-inherited entity access entirely. Example: Operator role grants Customer A. Override with Customer B β†’ user can only see Customer B.
  • Merge Mode β€” Adds entity access on top of what the role grants. Example: Operator role grants Customer A. Merge in Customer B β†’ user can see both. Use for temporary cross-coverage or one-off access.
tip

Best Practice: Prefer Merge over creating a new role when the access requirement is temporary or user-specific. Use Override only when you need to fully restrict to a different entity set.

Editing an Existing User​

  1. Navigate to Settings β†’ Users.
  2. Click Edit on the user row.
  3. Changeable fields: role assignment, entity access override, email, and account status.
  4. Changes take effect immediately β€” the user's next action reflects the new access.

Managing a Departed User​

  1. Settings β†’ Users β†’ [User] β†’ Deactivate β€” immediately revokes all access.
  2. Audit their recent activity in Configuration β†’ Audit before deactivating if there's a security concern.
  3. Reassign any open alarms or tickets they owned.
info

ℹ️ INFO β€” Do Not Delete User Records: Historical audit log entries reference the user ID. Deactivation preserves the record while blocking access. Deleting removes forensic traceability.

Key Capabilities​

User Status Reference​

StatusMeaning
ActiveUser accepted invitation and can log in.
PendingInvitation sent but not yet accepted. Resend if expired.
BlockedUser exists but has no role assigned. Assign a role.
InactiveAccount disabled by admin. Re-enable if needed.

Bulk User Management via CSV​

Export the Template: Navigate to Settings β†’ Users β†’ Import β†’ Download Template. Required columns: email (required), role_name (must exactly match an existing role name, case-sensitive), first_name, last_name (optional but recommended).

Prepare the CSV:​

  • One user per row.
  • Role names must match exactly β€” NL Operator not nl operator.
  • Duplicate emails are skipped (existing user records are not overwritten).

Upload and Review:​

  1. Upload the completed CSV.
  2. The pre-flight parser highlights rows with errors (unknown role names, invalid emails).
  3. Fix errors and re-upload, or proceed with valid rows only.
  4. All valid users receive invitation emails simultaneously.

Multi-Tenant User Management​

Users are scoped per tenant. A user in Tenant A has no visibility into Tenant B unless a separate account is created in Tenant B.

To switch tenants as an admin: Settings β†’ Switch Tenant.

Real-World Use Cases​

  • A new operator joins the team β€” admin invites them, assigns the Operator role, and they're operational within minutes.
  • A guard needs temporary access to a second site during staff shortage β€” admin uses Merge Mode instead of creating a new role.
  • A service provider onboards 200 users across multiple customers using BulkImport CSV in a single upload.
  • A departed employee's access is revoked instantly via Deactivate β€” audit trail remains intact for forensic review.

Best Practices​

  • Always complete role configuration before inviting users β€” a user with no role lands on a blocked screen.
  • Use Merge Mode for temporary or user-specific access rather than creating one-off roles.
  • Use BulkImport CSV for any onboarding involving more than 10 users.
  • Never delete user records β€” deactivate instead to preserve audit trail integrity.
  • Review departed users' recent activity in Configuration β†’ Audit before deactivating if there's a security concern.
Download PDF
Loading...