Administration

Users, Roles & Permissions

Create and manage user accounts, assign module-level roles, configure two-factor authentication, and audit user activity.

User Accounts

Each person who accesses BlueRockTEL has a user account with:

  • A unique email address (used for login and notifications)
  • A display name
  • One or more roles
  • A status: Active, Invited (not yet logged in), or Suspended

Manage users at Settings → Users.

Roles

A role is a named set of permissions. BlueRockTEL ships with five built-in roles:

Role Access
Administrator Full access to all modules, settings, and user management
Sales CRM, Deployments (read-only)
Operations Deployments, Helpdesk
Billing Billing, Debt Recovery
Support Helpdesk, Customer Satisfaction

Custom Roles

Administrators can create custom roles with fine-grained permissions:

  1. Navigate to Settings → Roles
  2. Click New Role
  3. Name the role and select which modules it can access
  4. For each module, set the access level: None, View, Edit, or Manage
  5. Save and assign to users

Assigning Multiple Roles

A user can have multiple roles. Their effective permissions are the union of all assigned roles' permissions. For example, a user with both Sales and Support roles can access CRM, Deployments, Helpdesk, and Customer Satisfaction.

Inviting a New User

  1. Navigate to Settings → Users
  2. Click Invite User
  3. Enter the user's email address
  4. Assign one or more roles
  5. Click Send Invitation

The user receives an email with a link to set their password. The link is valid for 72 hours. If it expires, you can resend from the user's detail page.

Two-Factor Authentication (2FA)

2FA can be enforced at the organisation level for all users, or left as optional for individuals.

To enforce 2FA:

  1. Navigate to Settings → Security
  2. Enable Require 2FA for all users
  3. Users are prompted to configure 2FA on their next login

Supported 2FA methods:

  • TOTP (Google Authenticator, Authy, etc.)
  • Email OTP (one-time code sent to the user's email)

Audit Log

Every significant action in BlueRockTEL is recorded in the Audit Log (Settings → Audit Log):

  • User logins and logouts
  • Data creation, edits, and deletions
  • Billing runs and invoice generation
  • Permission and role changes

The audit log is immutable and retained for a minimum of 12 months. It can be exported as CSV for compliance or investigation purposes.

Suspending a User

If a team member leaves:

  1. Navigate to Settings → Users
  2. Open the user's profile
  3. Click Suspend

Suspended users cannot log in. Their data (tickets, deals, activities) is retained and remains visible. You can reactivate a suspended user at any time.