User management

Create, edit, deactivate, and assign roles to users. Manage the seven built-in roles and any custom roles your company has defined.

Required role

Admin (full access). Mapper can view users and assign existing roles but can't create custom roles.

Overview

User management lives under Users and Roles in the sidebar. Users is the list of people with accounts; Roles is the list of permission sets those people can be assigned to.

A user can hold one or more roles. Their effective permissions are the union of all their role's permissions — there's no subtraction or priority ordering.

Users

Open the users list

Users in the sidebar. The table shows:

• Name, email, username.
• Assigned roles (as chips).
• Active / inactive status.
• Last sign-in time.

Sort, filter, and paginate like any other table in the portal. See Navigating the portal.

Create a user

1. Click New user.

2. Fill in:

   Field	Required	Notes
   Name	Yes	Display name shown in assignments, reports, and the audit log.
   Email	Yes	Used for password reset and email notifications. Must be unique.
   Username	No	Alternative sign-in identifier. Useful if the user doesn't have a personal email.
   Password	Conditional	Set directly or tick Send password reset email to have the user set their own.
   Roles	Yes	Pick one or more from the role dropdown.
   Production sites	No	Scope the user to specific sites (optional). Leave blank for company-wide access.

3. Save.

If you ticked Send password reset email, the user receives an email from noreply@sm-tm.app with a link to set their password. The link expires in 24 hours.

Edit a user

Users → (row) → Edit.

You can change everything except the email address — changing email requires a support case (to prevent account takeover). Role changes take effect on the user's next token refresh (usually within a minute).

Deactivate a user

Users → (row) → three-dot menu → Deactivate.

The user can't sign in; their data is preserved. Deactivation is reversible — click Reactivate in the same menu to restore access.

Use deactivation when:

• Someone has left the organisation.
• Someone is on extended leave.
• Access needs to be suspended pending investigation.

Delete a user

Users → (row) → three-dot menu → Delete.

Only use this for accounts created by mistake that have no task history. Deleting a user with real task history is destructive — task authorship becomes ambiguous in the audit log.

Don't delete the last Admin

If you delete the only user with the Admin role, nobody can manage users anymore. You'll need Pegotec support to intervene. Always keep at least two active Admins.

Reset a password

Users → (row) → Reset password. The user receives an email with a reset link. The link expires in 24 hours.

Bulk actions

Select multiple users via checkboxes, then use the bulk action bar:

• Deactivate selected.
• Assign role to selected — adds the chosen role to every selected user.
• Export selected as CSV.

Import users from CSV

When onboarding tens or hundreds of users at once, manual creation is painful. Import instead.

Steps

1. Users → Import.
2. Download the template CSV from the link at the top of the import page.
3. Fill in the template in a spreadsheet tool.
4. Upload the completed CSV.
5. The portal shows a preview — rows it can import, rows with errors, rows it'll skip as duplicates.
6. If the preview looks right, click Import.
7. On completion, the portal shows a success / error summary; errors list the specific row and reason.

Large imports (>1,000 rows) run as a background job; you'll get an email when it's done.

CSV format

Required columns (header row must match exactly):

name,email,username,roles,production_sites,active
Alice Smith,alice@example.com,alice.smith,Technician;Mapper,"Bandung Plant;Medan Plant",1
Bob Jones,bob@example.com,,Supervisor,Bandung Plant,1

Column	Required	Notes
name	Yes	Display name.
email	Yes	Unique across the company.
username	No	Optional alt identifier. Leave blank for email-only sign-in.
roles	Yes	One or more, separated by semicolons. Names must match existing role names (built-in or custom).
production_sites	No	Optional scoping. Semicolon-separated. Leave blank for company-wide access.
active	Yes	1 = active, 0 = inactive (rarely useful in import — usually always 1).

Encoding: UTF-8 (with or without BOM). Delimiter: comma. Quoting: only fields containing commas or semicolons. Line terminator: any.

Validation rules

The import rejects rows where:

• An email is missing or malformed.
• An email already exists on a different user (duplicate detection).
• A role name doesn't match an existing role.
• A production site name doesn't match an existing site.
• A required column is blank.

Valid rows import; invalid rows are skipped with a row-level reason in the summary. Re-upload only the corrected rows; you don't need to re-process the successful ones.

Password handling on import

The CSV doesn't carry passwords. Imported users receive the account-created email with a password-reset link. They set their own password on first sign-in.

If you need to bulk-assign initial passwords (e.g. for a training cohort), create users first via import, then use the bulk Reset password action to send fresh reset links at a coordinated time.

Limits

• Row cap per upload: 5,000.
• File size cap: 5 MB.
• Rate limit: one import running per company at a time.

For larger bulk loads, split into multiple files or contact Pegotec support.

Roles

The seven built-in roles

Pre-seeded on every installation:

• Technician — executes tasks in the field.
• Mapper — builds and maintains asset hierarchy, tasks, safety procedures.
• Supervisor — assigns and approves work.
• Manager — read-only consumption of reports.
• Admin — company-level administration.
• Viewer — read-only for audit / compliance.
• PegotecUser — cross-tenant, Pegotec staff only.

Full permission breakdown: Permissions matrix.

Create a custom role

1. Roles → New role.
2. Name the role (descriptive: Safety Officer, Contractor Auditor, Night Shift Supervisor).
3. Tick the permissions from the matrix.
4. Save.

Start from a duplicate

Right-click an existing role → Duplicate — then trim permissions from a known-good starting point. Much faster and more consistent than building from scratch.

Edit a role

Roles → (row) → Edit. You can change the name and permission set of any custom role. You can't edit the built-in roles directly — duplicate first.

Delete a custom role

1. Roles → (row) → Delete.
2. The portal warns you if users are still assigned to the role.
3. Reassign those users first, or the deletion is blocked.

You can't delete the built-in roles.

Assigning roles to users

Two ways:

From the user's sideFrom the role's side

1. Users → (user) → Edit.
2. Open the Roles multi-select.
3. Add / remove roles.
4. Save.

1. Roles → (role) → Members.
2. Add or remove users from the membership list.
3. Save.

Changes propagate immediately.

Multi-role users

A user can hold any combination of roles. Their effective permission set is the union of all the roles they hold:

• Alice is a Mapper + Admin → she has every Mapper permission plus every Admin permission.
• Bob is a Technician + Supervisor → he can both execute tasks and assign tasks (unusual but supported).

There's no conflict resolution. More roles = more access.

Production-site scoping

Optional. If your organisation has multiple sites and you want to limit a user to one of them:

1. Users → (user) → Edit.
2. In the Production sites field, pick one or more sites.
3. Save.

The user will see only data scoped to those sites. Leave the field blank for company-wide access.

The audit log

Every user management change leaves a record in the audit log:

• User created.
• Role added / removed.
• User deactivated / reactivated.
• Password reset triggered.
• Email / name changed.

See Settings → Audit log (admin only).

Common patterns

Onboarding a new technician

1. Create the user with Send password reset email ticked.
2. Assign the Technician role.
3. Optionally scope to their production site.
4. Send them the QR code for mobile pairing.

Promoting a technician to supervisor

1. Users → (user) → Edit.
2. Add Supervisor role (don't remove Technician unless they've stopped executing).
3. Save.

Handling a leaver

1. Users → (user) → Deactivate.
2. Do not delete — their task history stays attached to the account.
3. Note the date in your offboarding checklist.

Auditing access

1. Reports → Audit log.
2. Filter by user or by action type.
3. Export to CSV for your audit file.

Things to watch for

Don't share accounts

Accounts are per-person. Shared accounts break the audit trail. If a whole shift needs dashboard access, create a shared read-only account rather than sharing Alice's.

Rotate passwords on role changes

When you promote a user to a much more privileged role (e.g. to Admin), prompt them to reset their password as a light security measure.

Email is the identity

If two users happen to have the same email (because one person is administering another's account), things get confusing quickly. One account, one person, one email.

Troubleshooting

Problem	Fix
New user can't sign in	I can't log in — usually reset email lost in spam
Role changes don't take effect	Ask the user to sign out and back in; tokens refresh on next sign-in
Can't delete a role	Users are still assigned — reassign first
User sees permissions they shouldn't	They have multiple roles — review their role list
Custom role is missing	You may have deleted it; it's in the audit log

Related topics

• Permissions matrix — the 40+ permissions underlying roles.
• Admin handbook — role overview for the person running this page.
• Companies (web portal) — managing tenants (PegotecUser only).
• Pairing and setup (mobile) — what a new technician does next.
• Contact support — for issues outside Admin authority.