User management in ERP B2B Premium is handled through theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ency07/B2B/llms.txt
Use this file to discover all available pages before exploring further.
users and user_roles tables backed by Supabase Auth. Administrators can create users, assign one or more roles, update profile data, and revoke roles — all through Server Actions that enforce users.* permissions.
Available Server Actions
All user management actions live insrc/erp/actions/users.ts and are marked "use server". Permission checks are enforced server-side via requireAction() before any database operation is performed.
| Action | Permission Required | Description |
|---|---|---|
listUsers(tenantCode) | — | List all users with their assigned roles |
listRoles(tenantCode) | — | List all active roles in the tenant |
createUser(tenantCode, data) | users.create | Create auth user + DB row + optional role assignment |
updateUser(tenantCode, userId, data) | users.edit | Update firstName, lastName, phone |
assignRole(tenantCode, userId, roleId) | users.permissions | Assign a role (idempotent) |
removeRole(tenantCode, userId, roleId) | users.permissions | Revoke a role assignment |
UserListItem Interface
BothlistUsers and role-assignment operations operate on the following shape:
roleIds and roleCodes are parallel arrays — index 0 in both refers to the same assignment. A user with no roles returns empty arrays.
RoleListItem Interface
listRoles returns an array of the following shape:
status = 'Activo' in the roles table are returned.
Creating a User
createUser executes a three-step transactional flow with partial rollback:
- Creates the Supabase Auth user via
auth.admin.createUserwithemail_confirm: true. The user receives a confirmed email address and can sign in immediately once a password is set. - Inserts a row in the
userstable with anauth_user_idforeign key linking back to the Supabase Auth identity. - Assigns the initial role — if
roleIdis provided, inserts a row intouser_roles. This step is optional; a user can be created without a role and have roles assigned later.
users insert fails after the Auth user has already been created, the Auth user is deleted via auth.admin.deleteUser to prevent orphaned auth accounts. If the users insert succeeds but the role assignment fails, the user row is kept and the action returns success: true with a partial error message describing the role failure — the user account itself is not rolled back at that stage.
Updating a User
OnlyfirstName, lastName, and phone are editable via updateUser. Email and auth credentials are managed directly in Supabase Auth.
data object.
Assigning and Removing Roles
assignRole silently succeeds on duplicate key violations (error.code === "23505"), making it safe to call in idempotent scenarios such as re-provisioning scripts.
Available Role Codes
The followingrole_code values are resolved by the dashboard category mapper in src/erp/actions/kpis.ts resolveCategory(). Only role codes that appear in that function are listed here.
| Role Code | Dashboard Category |
|---|---|
SUPER_ADMIN | admin |
ADMIN_EMPRESA | admin |
ADMIN_DEV | admin |
GERENTE_GENERAL | director |
DIRECTOR_FINANCIERO | director |
JEFE_FINANZAS | director |
AUXILIAR_FINANZAS | director |
DIRECTOR_COMERCIAL | comercial |
EJECUTIVO_COMERCIAL | comercial |
INGENIERO_COMERCIAL | comercial |
DIRECTOR_OPERACIONES | operaciones |
JEFE_PROYECTOS | operaciones |
TECNICO_CAMPO | tecnico |
JEFE_MANTENIMIENTO | tecnico |
ALMACENISTA | almacenista |
JEFE_INVENTARIO | almacenista |
AUDITOR | auditor |
Users can hold multiple roles simultaneously. A user assigned
ADMIN_EMPRESA receives the admin dashboard view, which is the most comprehensive across all modules. Roles are additive — there is no role negation or deny list. If a user has any role that grants a permission, that permission applies regardless of other role assignments.