Users and Roles
Manage who can log in to your organization and what they can do.
Users and Roles#
The Users and Roles page (Settings › Users and Roles) is where an admin invites people, assigns them roles, and — for custom roles — defines what permissions those roles hold.
The page has two tabs: Users and Roles. The two work together — a user is someone with a login; a role is a bundle of permissions; each user carries one or more roles.
For a comprehensive list of all permissions and suggested role templates, see the Roles and Permissions reference.
Users tab#
Users list#
Columns:
- Name (with "Owner" and "You" badges where relevant)
- Email (also the login)
- Roles (badge list)
- Actions — Edit Roles, Delete (when you have manage permission)
Add User#
Click + Add User to invite someone.
| Field | Required | Notes |
|---|---|---|
| First Name | Yes | |
| Last Name | No | |
| Yes | Must be unique within the organization | |
| Roles | Yes | Tick at least one |
What happens after Save depends on whether the email already belongs to a Neriyam account:
New user (email not yet in Neriyam)#
- The system generates a temporary password automatically.
- The user receives an email with their email address and temporary password.
- On first sign-in, they are prompted to change the password before they can use the app.
- You don't see the password — you don't need to share anything manually.
Existing user (already a Neriyam user in another organization)#
- No new password is generated.
- The user receives an invitation email saying they've been added to your organization.
- They sign in with their existing credentials.
- After signing in, they switch to your organization using the Organization switcher in the header.
See Switching Organizations for how to move between organizations after sign-in.
If the new user reports they did not receive the email, ask them to check their spam folder. If still missing, verify the email address on the user record and either re-add or contact support.
Edit Roles#
Change the set of roles assigned to a user. Must have at least one role.
Owner and the current user#
The owner is set when your organization is created and is special in three ways:
- The owner is automatically assigned the Administrator role and cannot have it taken away. They can pick up additional roles, but the Administrator role itself stays attached.
- The owner cannot be deleted from the organization — they are the ultimate fallback so the organization is never left with nobody who can change settings.
- Ownership cannot be transferred to another user. The original owner stays the owner for the lifetime of the organization. Contact support if you have a real need to change this — it is not a self-service operation.
You cannot delete yourself — only another user can remove your access. If you are the only Administrator and want out, add another Administrator first, then have them remove you.
You can have more than one user with the Administrator role. The owner is special only in that they are always in it; other users can be added to or removed from Administrator like any other role.
Delete#
Removes a user's access to the organization entirely. Their user account may still exist (for multi-org users), but this organization's data is no longer accessible to them. A confirmation dialog appears first.
Roles tab#
Roles list#
Columns:
- Role Name
- Permissions (count)
- Users (count — how many people have this role)
- Type — System or Custom badge
- Actions — View / Edit / Delete
Administrator and Custom Roles#
When a new organization is created, Neriyam provisions a single default role: Administrator, which holds every permission for every module activated in your organization. The owner is automatically assigned this role. From there, the admin creates additional Custom Roles to match the organization's structure.
The Administrator role carries a System badge. It is locked:
- It cannot be edited — you cannot add or remove permissions from it. It always reflects the full permission set for your active modules.
- It cannot be deleted — you would lock yourself out of the organization.
Roles you create yourself are tagged Custom and are fully editable.
Create a custom role#
Click + New Role.
| Field | Required | Notes |
|---|---|---|
| Role Name | Yes | Up to 50 characters |
| Permissions | Yes | Tick at least one. Grouped by module with expand/collapse. |
The permission selector shows every available permission grouped by module (Sales, Purchase, Inventory, Manufacturing, Organization, User, Tax, Subcontracting). Expand a module to see its permissions (e.g., SALES.VIEW_CUSTOMERS, SALES.MANAGE_CUSTOMERS, SALES.APPROVE_CUSTOMERS).
Need help deciding which permissions to grant? The Roles and Permissions reference lists every permission with descriptions and provides templates for common roles (Purchase Manager, Sales Executive, Stores In-charge, etc.) you can copy.
Edit a custom role#
Same fields. Changes take effect immediately — users with that role see their access change on their next page load (or organization switch).
View a role (any role, including System)#
Read-only view listing every permission the role has, grouped by module.
Delete a custom role#
Blocked while any user still has that role. The dialog shows how many users, so you can go reassign them first.
Permissions — how the model works#
- A permission is a single atomic capability — e.g.,
SALES.MANAGE_SALES_ORDER,INVENTORY.APPROVE_ITEMS - A role is a named set of permissions
- A user has one or more roles; their effective permissions are the union of everything across their roles
- Permissions themselves are defined by the platform — you cannot invent new permissions; you can only compose existing ones into roles
Permission naming#
Permissions follow a consistent MODULE.ACTION_RESOURCE pattern:
VIEW_*— read-only accessMANAGE_*— create, edit, delete, submit, recallAPPROVE_*— approve and reject workflow itemsSEND_*— (POs only) mark as sent to supplier
For example, the Sales Order permission set is:
SALES.VIEW_SALES_ORDERSALES.MANAGE_SALES_ORDERSALES.APPROVE_SALES_ORDER
Role templates#
Eleven practical templates — Purchase Manager, Purchase Executive, Sales Manager, Sales Executive, Stores In-charge, Stores Operator, Production Supervisor, Tax Setup Admin, Auditor / Read-Only, Subcontracting Coordinator, and Customer/Supplier Master Data Manager — live in the Roles and Permissions reference, each with the exact list of permissions to grant and segregation-of-duties caveats. Copy a template into a new Custom Role to get started.
Permissions for this page#
| Action | Permission |
|---|---|
| View Users and Roles | USER.VIEW_USERS |
| Invite users, edit roles, delete users, create/edit/delete custom roles | USER.MANAGE_USERS |
Related#
- Roles and Permissions reference — every permission described, plus role templates
- Approval workflow — manage vs. approve permissions
- Getting Started — signing in — what new users see on their first login
- Managing your account — what happens to a user's session when you remove them or change their access
Last updated