# Users, Roles & Permissions

AutoRABIT (ARM) organizes access with **users**, **roles**, and **permissions**. Understanding these layers helps you grant just-right privileges while keeping administrative tasks manageable.

***

## Users in ARM <a href="#users-in-arm" id="users-in-arm"></a>

### Super Administrator <a href="#super-administrator" id="super-administrator"></a>

The **Super Administrator** (Super Admin) has the highest privileges in ARM.

* Create other admins
* Install and configure agents
* Add users to admin groups

> **Super Admin safeguards**\
> \&#xNAN;*Super Admin* and **the currently logged-in user** are locked for **all** user-management actions: they cannot be added, deleted, suspended, edited, or delegated.

### Org Administrators <a href="#org-administrators" id="org-administrators"></a>

**Org Administrators** (Admins) access the **Settings Dashboard** to manage users, roles, and modules. An admin can hold multiple roles; ARM always applies the most permissive combination.

Admin-level capabilities include:

* Add, edit, or delete users
* Export user lists to CSV
* Enforce SSO
* Manage roles and permissions

### General Users <a href="#general-users" id="general-users"></a>

General users work in ARM modules according to permissions their Admin assigns. They **do not** see the Admin Dashboard.

***

## Create a New User Account <a href="#create-a-new-user-account" id="create-a-new-user-account"></a>

1. Log in to ARM.
2. Go to **Settings › Users** and click **Add User**.<br>

   <figure><img src="/files/YTFoavxY1rXqQneYSMRn" alt=""><figcaption></figcaption></figure>
3. Fill **User Details** and assign **Role Permissions**.<br>

   <figure><img src="/files/K5cUocNzlmKd0z3Xq2uP" alt="" width="375"><figcaption></figcaption></figure>
4. Choose **Save & Activate** (immediate) or **Save Now & Activate Later**.
5. The new user receives an email to set a password.
6. The user appears in **Admin › Users**.

***

## Edit a User Account <a href="#edit-a-user-account" id="edit-a-user-account"></a>

1. In **Settings › Users**, Locate the user and Click on **Actions** and click **Edit**.<br>

   <figure><img src="/files/bWYJDHZ02nrhBMxKX9D0" alt=""><figcaption></figcaption></figure>
2. Update fields (Username and Email are immutable).
3. Click **Save**.

***

## Delete or Suspend a User <a href="#delete-or-suspend-a-users-account" id="delete-or-suspend-a-users-account"></a>

* **Delete User** – permanently remove the account.<br>

  <figure><img src="/files/Ol4DXvJRrYhglfW4HePX" alt=""><figcaption></figcaption></figure>
* **Activate / De-activate** – toggle suspension.\ <br>

  <figure><img src="/files/7Wi0GTzM4NTwyiASEg7E" alt=""><figcaption></figcaption></figure>

Confirm the action to proceed.

***

## Enforce Single Sign-On (SSO) <a href="#enforce-single-signon-sso" id="enforce-single-signon-sso"></a>

1. Open **My Account** › **SSO Configuration**.
2. Check **Disable login with AutoRABIT credentials** and click **Save**.

Admins can still log in with username/password.\
To override SSO for select users, uncheck **Enforce SSO** next to their names.\ <br>

<figure><img src="/files/FPiRTrp4RTJ1rwhhJP2h" alt=""><figcaption></figcaption></figure>

> When you disable standard login, **Enforce SSO** auto-checks for all users.

***

## Export Users <a href="#export-users" id="export-users"></a>

Admins can download all user data as CSV.

1. In **Settings › Users**, click **Export All Users**.<br>

   <figure><img src="/files/cHsR2TfHWXgTsS5n1qHU" alt=""><figcaption></figcaption></figure>
2. Select fields and click **Export**.<br>

   <figure><img src="/files/g5104g5LPcLnu7lLARCe" alt="" width="375"><figcaption></figcaption></figure>
3. A CSV downloads to your computer.

> **Location privacy** – If a user blocks location sharing, ARM uses IP-based location.

***

## Creating and Editing Roles <a href="#creating-and-editing-roles" id="creating-and-editing-roles"></a>

1. Go to **Settings › Users › Roles**.<br>

   <figure><img src="/files/vJFCYTKQl3Sw1meR7Pq5" alt="" width="375"><figcaption></figcaption></figure>
2. Click **Create Role**.<br>

   <figure><img src="/files/I0SKyu72rHO6dVE7Pfx9" alt="" width="563"><figcaption></figcaption></figure>
3. Provide a **Role Name**, **Description**, and tick permissions.\ <br>

   <figure><img src="/files/ElMz2MCwEDTiSdpZsbJ2" alt="" width="375"><figcaption></figcaption></figure>
4. Click **Save**.

> *The default **Admin** role has full permissions and cannot be edited or renamed.*

***

## User Permissions <a href="#user-permission" id="user-permission"></a>

1. Open **Settings › Permissions**.<br>

   <figure><img src="/files/lrUKgj45F4uZb01bmeoP" alt="" width="375"><figcaption></figcaption></figure>
2. Select two or more users and click **Bulk Assignment**.\ <br>

   <figure><img src="/files/lckhRdD06qQJBvGV1edL" alt=""><figcaption></figcaption></figure>
3. Go to **Roles** and select the required role\
   \- Repeat the same process for **Salesforce Orgs**, **CI Jobs**, and **Version Control**.\
   \- Once all selections are made, click **Save**.

<figure><img src="/files/hf4n7RuIrAIUemYUQCpc" alt="" width="563"><figcaption></figcaption></figure>

Admins are hidden on this screen because they already hold full access.

***

## FAQ

### I’m an admin but can’t see certain branches or commits.

Your ARM account may belong to a different organization than those resources.

### Why can’t I see the User Management section anymore?

Your roles/permissions were changed. Contact another Org Administrator.

### Deleted users still appear in lists.

* Their **credentials** may still exist in **Settings › Credential Manager**.
* Repositories may reference those credentials—update or re-register.

### Why do some users lack access to certain ARM features?

Check their roles in **Settings › Roles**; only Admins have unrestricted access.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/arm-1/getting-started-1/arm-administration/user-management/users-roles-and-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.