User roles
CEMAC has two primary user roles with different permission levels:Administrator
Admins have full system access:User management
Create, edit, and deactivate user accounts
System configuration
Modify settings, thresholds, and business rules
Full data access
View, modify, and delete all records
Reports & exports
Export data and generate comprehensive reports
Employee
Employees have operational access:Sales processing
Process customer transactions
Inventory viewing
View product information and stock levels
Customer service
Access customer information and history
Basic reporting
View analytics and dashboards
Employees cannot modify inventory, change settings, or access financial reports. This separation ensures data integrity and security.
User list
The user management dashboard displays all team members:User table columns
Each user entry shows:| Column | Information |
|---|---|
| User ID | Unique identifier (first 10 characters) |
| Login email address | |
| Name | First and last name |
| Role | Administrator or Employee badge |
| Status | Active or Inactive indicator |
| Actions | Quick action buttons |
Status indicators
Active users
Active users
- Green badge
- Can log in to the system
- Permissions are enforced
- Counted in license/subscription
Inactive users
Inactive users
- Red badge
- Cannot log in
- Previous work remains in system
- Not counted in active user limit
Create new users
Add team members to your CEMAC account:Enter user details
Required information:
- First name
- Last name
- Email address (must be unique)
- Password (minimum 6 characters)
- Role (Administrator or Employee)
Email validation
Email addresses must:- Be properly formatted ([email protected])
- Be unique in the system
- Not be from disposable email providers
Password requirements
Passwords must meet these criteria:- Minimum 6 characters
- Recommended: Mix of letters and numbers
- No maximum length
Edit user profiles
Modify existing user information:Editable fields
Name changes
Name changes
Update first name and last name if:
- User gets married/divorced
- Name was entered incorrectly
- User preferences change
Email restrictions
Email restrictions
Email addresses cannot be changed after account creation. This prevents:
- Accidental lockouts
- Security issues
- Data integrity problems
How to edit
- Click the edit icon (pencil) next to any user
- Modify allowed fields
- Click Save Changes
- Changes take effect immediately
Manage user status
Activate or deactivate users as needed:Deactivate users
Reasons to deactivate:- Employee leaves the company
- Temporary suspension
- Role change pending
- Account security concern
- Click the deactivate icon (user with slash) next to active user
- Confirm the action
- User immediately loses access
- Historical data remains intact
Reactivate users
Restore access to inactive users:- Click the activate icon (user with check) next to inactive user
- Confirm the action
- User can log in with existing password
- All previous settings restored
Reactivating a user restores their role, permissions, and preferences exactly as they were.
Change user roles
Switch users between Administrator and Employee roles:When to change roles
Promote to admin
- Employee takes on management duties
- Need additional admin coverage
- User requires advanced features
Demote to employee
- Admin transitions to operational role
- Reduce permission scope
- Temporary role adjustment
How to change roles
Search and filter users
Find specific users quickly:Search functionality
The search bar matches:- Email addresses
- First names
- Last names
- Partial matches work
Filter options
Filter by role
Filter by role
- All users
- Administrators only
- Employees only
Filter by status
Filter by status
- All statuses
- Active users only
- Inactive users only
Pagination
User list displays in pages:Default settings
- 10 users per page
- Page navigation at bottom
- Jump to specific page number
- Total user count displayed
Navigation controls
- Previous: Go to previous page (disabled on page 1)
- Page numbers: Click to jump directly
- Next: Go to next page (disabled on last page)
- Ellipsis (…): Indicates hidden page numbers
User permissions matrix
Complete breakdown of role capabilities:| Feature | Admin | Employee |
|---|---|---|
| User Management | ||
| View users | ✓ | ✗ |
| Create users | ✓ | ✗ |
| Edit users | ✓ | ✗ |
| Change roles | ✓ | ✗ |
| Activate/deactivate | ✓ | ✗ |
| Inventory | ||
| View products | ✓ | ✓ |
| Add products | ✓ | ✗ |
| Edit products | ✓ | ✗ |
| Delete products | ✓ | ✗ |
| Manage categories | ✓ | ✗ |
| Sales | ||
| Process sales | ✓ | ✓ |
| View sales history | ✓ | ✓ |
| Modify sales | ✓ | ✗ |
| Delete sales | ✓ | ✗ |
| Export sales | ✓ | ✗ |
| Customers | ||
| View customers | ✓ | ✓ |
| Add customers | ✓ | ✓ |
| Edit customers | ✓ | ✓ |
| Delete customers | ✓ | ✗ |
| Analytics | ||
| View dashboards | ✓ | ✓ |
| Export reports | ✓ | ✗ |
| Financial data | ✓ | ✗ |
| Alerts | ||
| View alerts | ✓ | ✓ |
| Manage alerts | ✓ | ✓ |
| Configure thresholds | ✓ | ✗ |
| Generate alerts | ✓ | ✗ |
| Settings | ||
| System settings | ✓ | ✗ |
| Business configuration | ✓ | ✗ |
| Integration settings | ✓ | ✗ |
Security features
Authentication
CEMAC uses secure authentication:Token-based auth
JWT tokens for session management
Secure storage
Encrypted password storage
Session timeout
Automatic logout after inactivity
Login monitoring
Track failed login attempts
Password security
Best practices enforced:- Passwords are hashed, never stored in plain text
- Minimum length requirements
- Users can change own password anytime
- Admins cannot view user passwords
If a user forgets their password, admins can create a new password for them, but cannot retrieve the old one.
Audit trail
Track user activities:Logged actions
The system records:- User logins and logouts
- Role changes
- Status changes (activate/deactivate)
- Failed login attempts
- Critical operations
Vendor tracking in sales
Every sale records:- Which user processed it
- When it was processed
- User’s role at the time
- Any modifications made
Audit logs help with accountability, troubleshooting, and compliance.
Best practices
Recommendations for user management:Minimum admins
Have at least 2 admins to prevent lockouts, but not too many to maintain security
Regular review
Quarterly review of active users and remove those who no longer need access
Strong passwords
Enforce strong password policies and regular password changes
Role appropriateness
Only grant admin access to users who truly need it for their responsibilities