Skip to main content

User Management

What User Management Does

User Management in GCXONE controls who can access the platform, what they can see, and which entities they can interact with. Every user is scoped to a tenant and inherits access from their assigned role — with the option to override or extend that access per user without modifying the shared role.

Why It Matters

Without properly configured users, operators may see entities they shouldn't, or be blocked entirely. User Management ensures the right people have the right access — and that access is immediately revocable when needed.

How It Works

note

ℹ️ INFO — Prerequisites: Complete your role structure before inviting users. See Roles & Permissions.

Inviting a New User

Navigate to Settings → Users → Invite New User.

  1. Enter the user's email address.
  2. Select their role from the dropdown (must exist before invitation).
  3. Optionally set a custom entity access override at invitation time.
  4. Click Send Invitation.

GCXONE dispatches an invitation email from no-reply@nxgen.cloud. The invitation link expires after 7 days. Resend via Settings → Users → [User Row] → Resend Invitation.

What Happens When a User Accepts

  1. User clicks the invitation link.
  2. They are prompted to set a password (token expires after 24 hours).
  3. On first login, they land on the default module their role grants.
  4. If no role was assigned, they see a blocked screen — assign a role immediately.

Configuring Entity Access Per User

A user inherits entity access from their assigned role. You can override or extend this per user without modifying the shared role.

Navigation: Settings → Users → [User] → Edit Entity Access

  • Override Mode — Replaces the user's role-inherited entity access entirely. Example: Operator role grants Customer A. Override with Customer B → user can only see Customer B.
  • Merge Mode — Adds entity access on top of what the role grants. Example: Operator role grants Customer A. Merge in Customer B → user can see both. Use for temporary cross-coverage or one-off access.
tip

Best Practice: Prefer Merge over creating a new role when the access requirement is temporary or user-specific. Use Override only when you need to fully restrict to a different entity set.

Editing an Existing User

  1. Navigate to Settings → Users.
  2. Click Edit on the user row.
  3. Changeable fields: role assignment, entity access override, email, and account status.
  4. Changes take effect immediately — the user's next action reflects the new access.

Managing a Departed User

  1. Settings → Users → [User] → Deactivate — immediately revokes all access.
  2. Audit their recent activity in Configuration → Audit before deactivating if there's a security concern.
  3. Reassign any open alarms or tickets they owned.
info

ℹ️ INFO — Do Not Delete User Records: Historical audit log entries reference the user ID. Deactivation preserves the record while blocking access. Deleting removes forensic traceability.

Key Capabilities

User Status Reference

StatusMeaning
ActiveUser accepted invitation and can log in.
PendingInvitation sent but not yet accepted. Resend if expired.
BlockedUser exists but has no role assigned. Assign a role.
InactiveAccount disabled by admin. Re-enable if needed.

Bulk User Management via CSV

Export the Template: Navigate to Settings → Users → Import → Download Template. Required columns: email (required), role_name (must exactly match an existing role name, case-sensitive), first_name, last_name (optional but recommended).

Prepare the CSV:

  • One user per row.
  • Role names must match exactly — NL Operator not nl operator.
  • Duplicate emails are skipped (existing user records are not overwritten).

Upload and Review:

  1. Upload the completed CSV.
  2. The pre-flight parser highlights rows with errors (unknown role names, invalid emails).
  3. Fix errors and re-upload, or proceed with valid rows only.
  4. All valid users receive invitation emails simultaneously.

Multi-Tenant User Management

Users are scoped per tenant. A user in Tenant A has no visibility into Tenant B unless a separate account is created in Tenant B.

To switch tenants as an admin: Settings → Switch Tenant.

Real-World Use Cases

  • A new operator joins the team — admin invites them, assigns the Operator role, and they're operational within minutes.
  • A guard needs temporary access to a second site during staff shortage — admin uses Merge Mode instead of creating a new role.
  • A service provider onboards 200 users across multiple customers using BulkImport CSV in a single upload.
  • A departed employee's access is revoked instantly via Deactivate — audit trail remains intact for forensic review.

Best Practices

  • Always complete role configuration before inviting users — a user with no role lands on a blocked screen.
  • Use Merge Mode for temporary or user-specific access rather than creating one-off roles.
  • Use BulkImport CSV for any onboarding involving more than 10 users.
  • Never delete user records — deactivate instead to preserve audit trail integrity.
  • Review departed users' recent activity in Configuration → Audit before deactivating if there's a security concern.
Download PDF
Loading...