# Users, Roles & Permissions AutoRABIT (ARM) organizes access with **users**, **roles**, and **permissions**. Understanding these layers helps you grant just-right privileges while keeping administrative tasks manageable. *** ## Users in ARM ### Super Administrator The **Super Administrator** (Super Admin) has the highest privileges in ARM. * Create other admins * Install and configure agents * Add users to admin groups > **Super Admin safeguards**\ > \&#xNAN;*Super Admin* and **the currently logged-in user** are locked for **all** user-management actions: they cannot be added, deleted, suspended, edited, or delegated. ### Org Administrators **Org Administrators** (Admins) access the **Admin Dashboard** to manage users, roles, and modules. An admin can hold multiple roles; ARM always applies the most permissive combination. Admin-level capabilities include: * Add, edit, or delete users * Export user lists to CSV * Enforce SSO * Manage roles and permissions ### General Users General users work in ARM modules according to permissions their Admin assigns. They **do not** see the Admin Dashboard. *** ## Create a New User Account 1. Log in to ARM. 2. Go to **Admin › Users** and click **Add User**.
Add User button in the Users list
3. Fill **User Details** and assign **Role Permissions**. 4. Choose **Save & Activate** (immediate) or **Save Now & Activate Later**.
User details form with role selection
5. The new user receives an email to set a password. 6. The user appears in **Admin › Users**. *** ## Edit a User Account 1. In **Admin › Users**, locate the user and click **Edit**.
Edit icon for user row
2. Update fields (Username and Email are immutable). 3. Click **Save**. *** ## Delete or Suspend a User * **Delete User** – permanently remove the account.
Trash-can icon to delete a user
* **Activate / De-activate** – toggle suspension.
Activate/De-activate toggle button
Confirm the action to proceed. *** ## Enforce Single Sign-On (SSO) 1. Open **My Account** › **SSO Configuration**. 2. Check **Disable login with AutoRABIT credentials** and click **Save**. Admins can still log in with username/password.\ To override SSO for select users, uncheck **Enforce SSO** next to their names.
Override Enforce SSO checkboxes for selected users
> When you disable standard login, **Enforce SSO** auto-checks for all users. *** ## Export Users Admins can download all user data as CSV. 1. In **Admin › Users**, click **Export All Users**.
Export All Users button
2. Select fields and click **Export**.
Field-selection dialog for CSV export
3. A CSV downloads to your computer. > **Location privacy** – If a user blocks location sharing, ARM uses IP-based location. *** ## Creating and Editing Roles 1. Go to **Admin › Roles**.
Roles option in Admin menu
2. Click **Create Role**.
Create Role button
3. Provide a **Role Name**, **Description**, and tick permissions.
Role permissions checklist
4. Click **Save**. > *The default **Admin** role has full permissions and cannot be edited or renamed.* *** ## User Permissions 1. Open **Admin › Permissions**.
Permissions tab in Admin menu
2. Select two or more users and click **Bulk Assignment**.
Bulk Assignment button
Admins are hidden on this screen because they already hold full access.
Assign roles and modules to selected users
Save confirmation after assigning permissions
*** ## FAQ ### I’m an admin but can’t see certain branches or commits. Your ARM account may belong to a different organization than those resources. ### Why can’t I see the User Management section anymore? Your roles/permissions were changed. Contact another Org Administrator. ### Deleted users still appear in lists. * Their **credentials** may still exist in **Admin › Credential Manager**. * Repositories may reference those credentials—update or re-register. ### Why do some users lack access to certain ARM features? Check their roles in **Admin › Roles**; only Admins have unrestricted access.