User Management
Source file: 2026-06-08-user-manual-user-management.html
User Manual
| Field | Value |
|---|---|
| Document Type | User Manual |
| Portal | GRINEA – Internal Operations Portal |
| Module | User Management |
| Version Number | 1.0 |
| Document Date | Jun 5, 2026 |
| Prepared by | Christian Canlubo |
Version History
| Version Number | Version Details | Author | Date Published |
|---|---|---|---|
| 1.0 | Initial Version | Christian Canlubo | Jun 5, 2026 |
1.0 Introduction
This document is the official user manual for the User Management module of the GRINEA Internal Operations Portal. It covers all operational procedures required to create, view, modify, and manage user accounts within the Backoffice portal. Administrators and authorized Backoffice users should read this document before performing any user management tasks on the platform.
1.1 Purpose of the Document
This manual documents the operating procedures, field definitions, access rules, and system behaviors of the User Management module in the GRINEA Internal Operations Portal. It is the primary reference for anyone responsible for creating or maintaining user accounts on the platform.
The User Management module is the administrative hub for all platform user accounts. It allows authorized Backoffice users to create new accounts for both Backoffice and Frontoffice roles, view and update existing user profiles, manage invitation links, and configure per-user preferences such as display language. All account changes take effect immediately upon saving and are reflected across the platform without requiring a page reload.
This manual enables authorized users to perform all user management tasks independently, including creating accounts, editing profiles, resending invitation links, and understanding system-enforced account states. This document complements, but does not replace, organizational policies and procedures. Users experiencing platform issues should contact the system administrator.
1.2 Scope of the Document
This document covers the User Management module located in the Backoffice section of the GRINEA Internal Operations Portal. Specifically, this document covers the following areas:
- Navigating to the User Management module
- Viewing and searching the user list
- Creating new Backoffice and Frontoffice user accounts
- Viewing user profile details
- Editing existing user profiles
- Resending invitation links to users with expired invitations
- Managing language preferences per user profile
- Understanding account status lifecycle (Active & Inactive)
- Error handling and troubleshooting for common scenarios
The following areas are out of scope for this document and are addressed in separate documentation:
- Role-Based Access Control (RBAC) configuration and permission management
- Email notification templates and the Notification Service
- Authentication service configuration and token management
- Supplier user profiles (excluded from the User Management list view)
- Password reset procedures
This document applies to the production environment of the GRINEA Internal Operations Portal. Screen layouts and field arrangements may change as the platform evolves; core procedures documented here reflect confirmed system behavior as of the document date.
1.3 Intended Audience
This manual is written for Backoffice users who are responsible for creating and managing user accounts in the GRINEA Internal Operations Portal. It is accessible regardless of the reader's technical experience, provided they have been granted the appropriate module permissions.
Backoffice Administrator
The Backoffice Administrator is the primary user of this module. This role holds full access to User Management, including the ability to view all platform users, create new accounts, edit existing profiles, and resend invitation links. All actions described in Sections 2.2 through 2.3 are available to this role by default. The Backoffice Administrator must be assigned User Management access within the RBAC module before the User Management navigation item becomes visible in their portal session.
Other Roles with RBAC Access
The User Management module is governed by the platform's Role-Based Access Control system. Access is not limited to the Backoffice Administrator role by title. Any Backoffice user whose RBAC profile includes User Management permissions may perform the actions corresponding to their assigned access level: Read, Create, Update, or Delete. Users without a given action permission will not see the corresponding UI controls. The procedures in this manual apply to any user who has been granted the relevant permission, regardless of their role name.
2.0 Module Overview
2.1 Description
2.1.1 The User Management module is located in the Backoffice section of the GRINEA Internal Operations Portal. It appears as a menu item in the main left navigation pane. The item is visible only to Backoffice users whose RBAC profile includes User Management access; it is hidden for all other users.
2.1.2 The module landing state is the user list table, which displays all active and inactive platform user accounts excluding supplier profiles. The list is paginated and includes a real-time search bar at the top. All users with Read access to the module can view the list; only users with the corresponding Create, Update, or Delete permissions can perform those actions.
2.2 Key Features and Functionalities
2.2.1 User List (Landing Page)
The User List is the landing page of the User Management module. It displays all platform user accounts (excluding supplier profiles) in a paginated table. Users with Read access to the module can view this list; no modification actions are available to read-only users from this view.
The table supports pagination with the following page size options: 10, 20, 50, or 100 users per page. The default display is 100 rows per page. Pagination controls are located at the bottom-right of the table.
| Column | Description |
|---|---|
| User ID | Unique identifier for the user account |
| First Name | User's first name |
| Last Name | User's last name |
| Email Address | User's registered email address |
| User Role | Role assigned to the user (e.g., Admin, Buyer) |
| TLA | Three-letter acronym representing the user's office, defined at account creation |
| Account Status | Displays "Active" or "Inactive" |
| Actions | Includes a "View Details" button on the right side of each row |
[Screenshot: User Management List]
2.2.2 Search Users
The search bar is located at the top of the User List. It filters the displayed list in real time as the user types; no form submission is required. Clearing the search field restores the full unfiltered list. The search function respects the current user's Read access permissions.
The search bar queries across the following fields:
- First Name
- Last Name
- Email Address
- TLA (Three Letter Acronym)
- User ID
- User Type Role
If the query returns no matching users, the table displays a "No users found" message. Search functionality is available to all users with Read access to the User Management module.
2.2.3 Create User Account
Authorized users with Create access see the "+ New User Account" button on the User Management landing page. Clicking this button opens the account creation form. All fields on this form are mandatory unless noted as optional.
Step 1: Open the account creation form. Click the "+ New User Account" button on the User Management landing page. The account creation form opens. No data is pre-populated.
Step 2: Complete all mandatory fields. Enter values in all required fields:
- First Name (required)
- Last Name (required)
- Email Address (required): must be unique; duplicate email addresses are rejected with an inline error
- Three Letter Acronym / TLA (required): used as the default profile photo
- Default Language (required): toggle defaults to PL; options are PL and EN
- Phone Number (required): format +48 XXX XXX XXX; the system auto-formats numbers entered without spaces; invalid format displays error "Invalid mobile number. Please enter a valid mobile number (+48 XXX XXX XXX)."
- User Role (required): single-select dropdown populated with the roles configured in the RBAC module. Each role defines a set of module access permissions and determines whether the account is a Backoffice or Frontoffice account. Refer to the RBAC module documentation for the current list of available roles and their associated permissions.
- Division (required): single-select dropdown
- User Position (required): single-select dropdown; activates and populates only after a Division is selected; grayed out by default; values sorted alphabetically and scoped to the selected Division
- Organizational Unit / OU (required): multi-select dropdown; at least one OU must be selected before the Save Account button becomes clickable; duplicate OUs cannot be selected; the first selected OU is the default OU on the PR-OU dropdown
- Account Status toggle (required): defaults to Active
Step 3: Validate entries before saving. The platform validates all required fields before allowing submission. If any required field is missing or contains an invalid value, the system displays an inline validation error and blocks submission.
Step 4: Click "Save Account." If validation passes, the system creates the account record with Account Status set to Active and dispatches an invitation email to the provided email address. The new user appears in the User Management list immediately. If a duplicate email address is detected, the system displays an error and does not create the account.
Step 5: Confirm account creation. Verify that the new user appears in the User Management list with Account Status set to Active. The invitation email has been sent to the user's registered email address. The user must click the link in that email to set their password and complete their first login.
2.2.4 View User Profile
Clicking the "View Details" button in the Actions column of any user row opens the User Profile Details page for that user. This page is read-only for users who have Read access but not Update access. No edit or delete actions are available to read-only users on this page.
All assigned fields are displayed on the View page in a structured, readable format. The page does not degrade in performance when a user has a large number of OUs assigned.
Fields displayed on the User Profile Details page:
- User ID (read-only)
- First Name
- Last Name
- Email Address
- User Role
- Account Status (Active or Inactive)
- Date and Time Created
- Profile Photo (displays TLA as default if no photo has been uploaded)
- Office TLA
- Phone Number
- Preferred Language Translation
- Division
- User Position
- Organizational Units (all assigned OUs listed)
[Screenshot: View User Profile]
2.2.5 Edit User Profile
Users with Update access can edit an existing user profile. From the User Profile Details page, click the "Update Details" button. The edit form opens pre-populated with all current profile values.
The following fields are read-only in the edit form and cannot be modified:
- User ID
- Email Address
The following fields are editable:
- First Name
- Last Name
- Phone Number (required; prevents saving if missing or invalid)
- User Role
- Account Status toggle
- Office Acronym / TLA
- Preferred Language Translation
- Division
- User Position (dependent on Division selection; both are required)
- Organizational Units (admin can add or remove OUs; duplicate selection is prevented; already-linked OUs are excluded from the dropdown)
On save: click "Save Changes." The platform validates all required fields. If validation passes, changes are persisted immediately and a toast message is displayed. Updated values are reflected immediately on the User Profile details page and propagate across all other platform modules that reference this user's data. If a required field is missing or a phone number format is invalid, the system displays an inline error and blocks saving.
On cancel: click "Cancel." No changes are saved. All fields revert to their previous values.
[Screenshot: Edit User Profile]
2.2.6 Resend Invitation Link
The "Resend Invitation Link" button appears on the User Profile page for users whose invitation has expired. It is visible to roles with User Management module access.
Conditions for visibility
- The "Resend Invitation Link" button is visible when the user's account has an expired invitation status.
- The button remains visible after a link has been successfully re-sent, to allow re-triggering if the user did not receive the email.
Conditions under which the button is not visible
- The user has already defined their password and completed a first successful login. Activated users use the Forgot Password feature for credential recovery; the Resend Invitation Link option is not shown for them.
Behavior when clicked
- The platform generates a new unique invitation link valid for 24 hours from the point of resend.
- The new link is sent automatically via email to the user's registered email address.
- The email template is the same as the original invitation email, updated to reflect the new expiration details.
- A toast message is displayed to the Backoffice admin once the invitation link has been re-sent.
- An audit log entry is created recording: who resent the link, the timestamp, and the status of the action.
2.2.7 Language Preference
Each user account has a Preferred Language setting that controls the portal UI language for all sessions of that user. This setting is configured at account creation and can be updated through the profile edit form.
- At account creation, the language toggle defaults to PL (Polish).
- The setting can be changed by a Backoffice user with Update access via the "Update Details" form, or by the Frontoffice user themselves via their own profile edit page.
- Available options: PL (Polish) and EN (English).
- The language change takes effect on the user's next login session. The current active session is not affected.
- The User Position and Division display in the portal UI respects the user's preferred language setting; PL is prioritized.
- The invitation email and password reset email are sent in the language matching the user's default language setting. If the user's setting is PL, the system sends the Polish-language version of those emails.
2.3 Status Lifecycle
Account statuses reflect the current state of a user's access to the platform. The table below defines each status, the condition that triggers it, and the next action available.
| # | Status | Description |
|---|---|---|
| 1 | ACTIVE | Default state for all newly created accounts. The Account Status toggle defaults to Active when the Administrator creates a user profile. A user with Active status can log in to the platform and access modules per their assigned role, provided they have completed password setup via the invitation email. The Administrator can set this to Inactive at any time via the profile edit form. |
| 2 | INACTIVE | Set by the Administrator via the Account Status toggle on the profile edit form. The user cannot log in to the platform. All profile data, role assignment, and linked records are retained. The account can be restored to Active at any time by setting the toggle back to Active and saving. |
Note: Note: The invitation link sent on account creation has a validity window of 24 hours. If a user has not completed password setup and their link has expired, the Administrator resends the link from the User Profile page. The Account Status remains Active throughout this process; invitation link expiry is a separate system condition and is not reflected in the Account Status field.
3.0 FAQs
The questions below address common situations encountered when using the User Management module.
| Question | Answer |
|---|---|
| A new user says they never received the invitation email. What should I do? | Open the user's profile in User Management and click Resend Invitation Link. A new invitation email is sent to the registered address. Ask the user to check their spam or junk folder. If the email address on the account is incorrect, edit the profile to correct it before resending. The invitation link is valid for 24 hours from the point it is issued. |
| Can I change a user's email address after the account has been created? | No. The Email Address field is read-only in the profile edit form and cannot be modified after account creation. If the email address needs to change, contact the system administrator to determine the appropriate remediation procedure. |
| A user's portal interface is displaying in the wrong language. How do I fix it? | Open the user's profile in User Management, click "Update Details," and set the Preferred Language field to the correct value (PL or EN). Click "Save Changes." The change takes effect on the user's next login session; the user must log out and log back in for the new language setting to apply. |
| I can see the User Management menu item but the "New User Account" button is not visible. What does this mean? | The User Management menu item is visible to all users with Read access to the module. The "New User Account" button is visible only to users who also have Create access. Your current RBAC profile includes Read access but not Create access. Contact your system administrator to request Create access if your role requires it. |
| How do I disable a user without deleting their account? | Open the user's profile in User Management, click "Update Details," and set the Account Status toggle to Inactive. Click "Save Changes." The user is immediately prevented from logging in. Their profile data, role assignment, and all linked records are retained. The account can be reactivated at any time by setting the toggle back to Active and saving. |