Admin Users (System)

The Admin Users screen provides system administrators with a centralized view of all users across all organizations. This feature is only accessible to users with the System role.

System Role Required

This screen is only visible and accessible to users with the admin:access permission, which is exclusive to the System role.

Overview

The Admin Users screen allows platform administrators to:

• View all users registered in the system
• See which organizations each user belongs to
• Manage user organization memberships and roles
• Delete users from both the application database and Cognito

Accessing Admin Users

1. Navigate to Admin → Users in the left sidebar
2. The "Users" link only appears for System role users

User List

The main view displays a sortable, paginated data table of all users:

Column	Description
Email	User's email address (primary identifier)
Name	User's display name
System User	Badge indicating if user has system-level access
Created	Account creation date
Actions	Edit and delete buttons

Server-Side Sorting

Click any column header to sort the table. Sorting is performed server-side for optimal performance with large user bases.

Pagination

Use the pagination controls at the bottom to navigate through users. Default page size is 25 users.

Managing User Organizations

Double-click any user row to open the Organization Membership dialog. This allows you to:

View Organization Memberships

See all organizations the user belongs to, including:

• Organization name
• User's role in that organization
• Membership status

Add to Organization

1. Click Add to Organization
2. Select an organization from the dropdown
3. Choose a role (Admin, User, or Guest)
4. Click Add

Change Role

1. Find the organization in the membership list
2. Click the role dropdown
3. Select the new role
4. Changes are saved automatically

Remove from Organization

1. Find the organization in the membership list
2. Click the Remove button (trash icon)
3. Confirm the removal

warning

Removing a user from an organization immediately revokes their access. They will no longer be able to access that organization's resources.

Deleting Users

To permanently delete a user:

1. Click the Delete icon (trash) in the row actions
2. Confirm the deletion in the dialog

What Gets Deleted

When you delete a user:

1. Cognito Account — The user's authentication record is removed from AWS Cognito
2. Database Record — The user record is removed from the application database
3. Organization Memberships — All organization role assignments are cascade-deleted

danger

User deletion is permanent and cannot be undone. The user will need to sign up again if they need access in the future.

API Reference

List All Users (System)

GET /api/admin/users?page=1&limit=25&sortBy=email&sortOrder=asc

Query Parameters:

Parameter	Type	Default	Description
page	integer	1	Page number
limit	integer	25	Users per page
sortBy	string	createdAt	Column to sort by (email, name, createdAt)
sortOrder	string	desc	Sort direction (asc, desc)

Response:

{
  "data": [
    {
      "id": "uuid",
      "email": "user@example.com",
      "name": "John Doe",
      "cognitoUserId": "cognito-sub-id",
      "isSystemUser": false,
      "createdAt": "2025-01-15T10:00:00Z",
      "updatedAt": "2025-01-15T10:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 25,
    "total": 150,
    "totalPages": 6
  }
}

Get User Organizations

GET /api/admin/users/{userId}/organizations

Response:

{
  "data": [
    {
      "organizationId": "uuid",
      "organizationName": "Acme Corp",
      "roleId": "uuid",
      "roleName": "admin"
    }
  ]
}

Update User Organizations

PUT /api/admin/users/{userId}/organizations
Content-Type: application/json

{
  "memberships": [
    {
      "organizationId": "uuid",
      "roleId": "uuid"
    }
  ]
}

Delete User

DELETE /api/admin/users/{userId}

Response:

{
  "success": true,
  "message": "User deleted from database and Cognito"
}

note

If the user doesn't exist in Cognito (already deleted), the API will still succeed and only remove the database record.

Permissions

Action	Required Permission
View Admin Users	admin:access (System only)
Manage Organization Memberships	admin:access (System only)
Delete Users	admin:access (System only)

Related Topics

• Role-Based Access Control — Understanding roles and permissions
• Settings - Users — Organization-level user management
• Authentication — How authentication works