PaulRentACar Docs
Administration

User Management

Create users, assign roles and access, manage profiles, reset passwords, and deactivate accounts across your organization.

User Management

User management is the foundation of your system's security and access control. Every person who interacts with the Rent a Car CRM — from branch agents to regional directors — must have a user account with the appropriate roles and access levels.

User List


User List

The user list provides a searchable, filterable view of all users in your tenant.

List Columns

ColumnDescription
NameFull display name
Username / EmailLogin identifier
StatusActive or Deactivated
RolesAssigned roles (e.g., Branch Manager, Billing Clerk)
BranchPrimary branch assignment
Last LoginTimestamp of most recent login
CreatedAccount creation date
ActionsView, Edit, Deactivate
FilterOptions
StatusActive, Deactivated
RoleAny role in the system
BranchFilter by branch assignment
Business UnitFilter by business unit
SearchName, email, or username

Creating a New User

Navigate to Admin → Users → New User — The user creation form opens.

Fill in personal information — First name, last name, display name, email, phone number.

Set login credentials — Username (email) and temporary password.

Assign tenant access — Select which tenant(s) the user can access.

Assign business unit access — Select which business units the user can access.

Assign branch access — Select which branches the user can access.

Assign roles — Select one or more roles to grant permissions.

Set profile options — Language preference, notification preferences, timezone.

Save — The user receives a welcome email with login instructions and a password reset link.

Create User Form Fields

FieldRequiredDescription
First NameYesUser's first name
Last NameYesUser's last name
Display NameYesName shown throughout the system
EmailYesLogin username and notification email
PhoneNoContact phone number
Temporary PasswordYesInitial password (user must change on first login)
Tenant AccessYesWhich tenants the user belongs to
Business Unit AccessNoWhich business units the user can access
Branch AccessNoWhich branches the user can access
RolesYesAt least one role must be assigned
LanguageNoDefault language (English or Arabic)
TimezoneNoDefault timezone (Asia/Dubai)

The temporary password must meet the tenant's password policy (minimum 8 characters, at least one uppercase, one lowercase, one number, and one special character). The user must change this password on first login.


User Detail Page

The user detail page provides a complete view of a user's profile, access, and activity.

Tabs on User Detail

TabContent
ProfilePersonal information, contact details, preferences
RolesAssigned roles with grant/revoke controls
Tenant AccessTenant-level access assignments
Business Unit AccessBusiness unit-level access assignments
Branch AccessBranch-level access assignments
Activity LogRecent actions, logins, and changes
SessionsActive sessions with revoke capability

Editing a User

Open the user — Click on a user from the user list.

Click "Edit" — The profile form becomes editable.

Modify fields — Update name, phone, status, or other profile fields.

Save changes — The system creates an audit log entry for every field changed.


Role Assignment

Roles are assigned from the user detail page's Roles tab.

Assigning a Role

Open the user's Roles tab — View currently assigned roles.

Click "Assign Role" — A role selection dialog appears.

Select one or more roles — Check the roles to assign.

Confirm — The roles are assigned immediately and take effect on the user's next page refresh.

Revoking a Role

Open the user's Roles tab — View currently assigned roles.

Click the revoke (X) icon next to the role — A confirmation dialog appears.

Confirm revocation — The role is removed. The user loses those permissions immediately.

Revoking a role takes effect immediately. If the user has an active session, the new permission set is enforced on their next API call. No session termination is required, but the user may need to refresh their browser to see UI changes.


Access Assignment

Beyond roles (which grant permissions), users must be explicitly granted access to tenants, business units, and branches. This is the multi-tenant isolation layer.

Tenant Access

ActionDescription
GrantUser can switch to and operate within the selected tenant
RevokeUser loses all access to that tenant's data
RequirementAt least one tenant must always be assigned

Business Unit Access

ActionDescription
GrantUser can view and operate on data within the selected business unit
RevokeUser loses access to that business unit's data
InheritanceBusiness unit access does not automatically grant tenant access (both are required)

Branch Access

ActionDescription
GrantUser can view and operate on data at the selected branch
RevokeUser loses access to that branch's data
WildcardSome roles (e.g., Regional Manager) may have "all branches" access

Deactivating a User

Deactivation disables a user's login without deleting their record. This preserves audit history.

Open the user detail page — Navigate to the user to deactivate.

Click "Deactivate" — A confirmation dialog appears warning about the impact.

Confirm deactivation — The system revokes all active sessions, blocks future logins, and marks the user as deactivated.

Deactivation vs. Deletion

ActionLoginDataAudit TrailReversible?
DeactivateBlockedPreserved (user references intact)PreservedYes (reactivate)
DeleteRemovedDeleted or anonymizedPartially lostNo

Deletion of user accounts is not recommended and is restricted to system administrators. Always prefer deactivation. The system retains the user's name in audit logs and historical records regardless of deactivation status.


Password Reset

Users can reset their own password via the login page, or an admin can initiate a reset for another user.

Self-Service Password Reset

  1. Click "Forgot Password" on the login screen
  2. Enter email address
  3. Receive a password reset link via email
  4. Click the link and set a new password
  5. Old password is invalidated

Admin-Initiated Password Reset

StepDescription
1Admin opens user detail page
2Clicks "Reset Password"
3System generates a temporary password
4Temporary password displayed (one-time view) or sent via secure channel
5All existing sessions for the user are revoked
6User must change password on next login

See the dedicated Password Reset page for detailed security considerations and the complete reset flow.


Required Permissions

ActionPermission
View user listadmin:manage_users
Create useradmin:manage_users
Edit useradmin:manage_users
Assign rolesadmin:manage_roles
Grant/revoke tenant accessadmin:manage_users
Grant/revoke branch accessadmin:manage_users
Deactivate useradmin:manage_users
Reset user passwordadmin:manage_users

On this page