Managing users and roles is essential for controlling access and permissions. Only users with administrative privileges (typically the "Org Admin" role) can access the "Users" and "Roles" menus.
How to add new Users
To add new users, follow these steps:
Navigate to Users: Go to the bar, click on “Users” to view the current user list.
Add a New User:
Click "Add User" (top-right corner).
Fill in the required fields (Note: A mobile number is mandatory for SMS/WhatsApp alerts).
Assign Tags (Optional): Use tags to group users (e.g., by team, department, project or region) for efficient sharing or @mentions.
Select a Role: Choose a role based on the user’s required permissions (see Roles Explained below).
Invitation Email: The user will receive an email with login instructions (see Access the Platform for details).
What does each Role mean?
Roles are predefined sets of permissions that simplify user management. You can choose from three standard roles when adding a user, all of which are customizable by the org admin. New custom roles can also be created to match specific team needs.
Org Admin
Permissions: Full access to all features. Administrators can create, edit, and delete users, views, alerts, interests, context layers, and events, including items created by others. They also manage system settings and public content.
Ideal for: This role carries the highest level of responsibility and access. As such, it should be assigned sparingly to users with overall responsibility for managing the platform within your organization, and only to those selected with careful consideration.
Manager
Permissions: Can create, import, share, and export interests, as well as create and edit views and alerts. Managers can delete only the items they have created. By default, they can also participate in the community—posting events and reaching out to both internal and external users. Additional permissions can be granted upon request, depending on your organization’s needs.
Ideal For: Power users such as security managers, GSOC staff, and analysts responsible for managing situational awareness, analysis, and response.
Viewer
Permissions: View-only access to prepared views, alerts, and interest data. Viewers cannot create, share, edit, or delete any items. This role is designed with a “least privilege” approach to ensure ease of use while protecting sensitive data.
Ideal For: Stakeholders like response team members, other departments, or executives who need access to information and basic analytics without the need to modify content.
Important Note 📝
Carefully select the role based on the user’s responsibilities and training. For example, assigning the "Viewer" role helps protect your data by restricting permissions for sharing and creation.
Any user with create rights can also edit and delete their own items. Explicit permissions to edit or delete others’ content (such as interests, views, or alerts) are only required if users need this level of access. Therefore, the "Org Admin" role should be assigned carefully, with full awareness of its implications.
Bulk delete or replace operations are restricted to the original author (creator) of the content to prevent accidental data loss. For key content that must be consistent across all users—such as company locations or GSOC baseline alerts—we recommend managing it from a central admin account.
To see the roles assigned to you and your team members, navigate to the bar and click on “Roles.” This section will display the current roles and permissions of all users within your team. .
Editing roles
Depending on your role and subscription, you may have the ability to add or edit the roles. To edit a role, follow these steps:
Access Roles: Go to the bar and locate the “Roles” section.
Edit a Role:
Click on the three dots (•••) to the right of the specific user whose role you wish to edit.
Select “View Details” to display all the permissions currently assigned to that user.
Adjust Permissions: Select or deselect the permissions based on the access level you want to grant or restrict.
Important Note 📝 In the “Event Posting” section, enabling public rights allows the user to post publicly to all Creolytix users, not just within your organization. Ensure this setting aligns with your privacy and security requirements and required awareness and briefing.