Users
Create, enable, lock, reset. Every change audit-logged into the HMAC chain.
What you can do
- Create — username, email, role (
viewer/analyst/admin/super_admin), temp password auto-generated. User must change on first login. - Enable / Disable — toggles
users.enabled. A disabled user's sessions are revoked. - Lock / Unlock —
users.locked. Locked accounts can't log in; fail2ban flips this automatically on brute force. - Reset password — admin-driven reset. User gets a temp password + forced change at next login.
Roles
viewer— read access to dashboards, monitors, directory lookups. No tool runs.analyst— tool runs, runbooks, monitor creation. No admin access.admin— add to above: integrations, scope, webhooks, branding, vuln management, updates.super_admin— add to above: users, system-level repairs, licensing, sensitive audit queries.
Gotchas
- You cannot disable your own account. Super admins must demote themselves first by handing the role to another super admin.
- Deleting a user is soft (
deleted_atis set). Audit rows remain to preserve history.