User Management
ProxCenter provides centralized user management for your platform. Administrators can invite team members, assign roles, and control access to the dashboard from a single interface.
In multi-tenant deployments, provider administrators can also review users across every tenant from one cross-tenant view.
User Listing
Navigate to Security > Users to view all users in your ProxCenter instance. The user list displays:
| Column | Description |
|---|---|
| Name | Full name of the user |
| Email address used for authentication | |
| Role | Assigned role determining their permissions |
| Status | Active, invited, or disabled |
| Last Login | Timestamp of the user's most recent login |
| Created | Date the user account was created |
Use the search bar to filter users by name or email. You can also sort by any column.
Cross-Tenant Users
Provider administrators can view all users across all tenants from a single page. This view shows:
- User identity and account status
- Tenant assignments
- Effective role propagation
- Last login and invitation state
Tenant administrators only see users assigned to their own tenant.
Inviting Users
To add a new user to your ProxCenter instance:
- Navigate to Security > Users
- Click Invite User
- Enter the user's email address
- Select a role to assign
- Click Send Invitation
The invited user will receive an email with a link to set up their account and create a password. The invitation appears in the user list with a status of Invited until accepted.
You can invite multiple users at once by entering several email addresses separated by commas.
User Roles
Every user must be assigned a role that defines their level of access within ProxCenter. By default, the following system roles are available:
- Admin -- Full access to all features and settings
- Operator -- Can manage infrastructure and perform operations, but cannot modify users or security settings
- Viewer -- Read-only access to dashboards and inventory
With the Enterprise edition, you can create custom roles with fine-grained permissions and tenant-aware assignments. See RBAC for details.
Editing a User
To modify an existing user:
- Click on the user in the user list
- Update their name, role, or status as needed
- Click Save Changes
Administrators can also:
- Reset password -- Send a password reset link to the user's email
- Disable account -- Temporarily prevent the user from logging in without deleting their account
- Remove user -- Permanently delete the user account and revoke all access
Removing a user is irreversible. Their actions will still appear in the audit log, but they will no longer be able to access ProxCenter.
Two-Factor Authentication
The user list shows a 2FA column indicating whether each user has TOTP enrolled. A super_admin can act on this column from the row action menu:
- Require 2FA -- Force the target user to enroll TOTP on their next sign-in. Available when the target has not enrolled and no requirement is currently active.
- Cancel 2FA requirement -- Lift the requirement before the user enrolls. Available when the requirement is active.
- Disable 2FA -- Remove TOTP and all recovery codes from the target account. Available when the target has 2FA enrolled. Use this as a recovery path when a user has lost both their authenticator app and their recovery codes. The action is refused on the actor's own row to prevent self-lockout, and is refused when the policy "Require 2FA for super_admin" would force the actor to immediately re-enroll.
All three actions emit audit events under category auth (2fa_required_for_user, 2fa_requirement_cleared, 2fa_disabled) with resourceId set to the target user id.
See Two-Factor Authentication for the user-facing flow and the global policy.
Permissions Overview
User permissions in ProxCenter are determined by their assigned role. Each role contains a set of permissions organized by category:
| Category | Examples |
|---|---|
| VM | vm.view, vm.start, vm.stop, vm.create, vm.delete |
| Storage | storage.view, storage.manage |
| Node | node.view, node.manage |
| Backup | backup.view, backup.create, backup.restore |
| Admin | admin.users, admin.rbac, admin.audit, admin.settings |
A user can only perform actions for which their role grants the corresponding permission. Menu entries and UI elements are automatically hidden when the user lacks the required permission.
Permissions
Access to User Management requires the following RBAC permission:
| Permission | Description |
|---|---|
admin.users | View, invite, edit, and remove users |