> ## Documentation Index
> Fetch the complete documentation index at: https://afrizon-admin.tunzaa.co.tz/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage users and roles in your Meneja organization

> Invite team members, assign roles like admin or support, and control which sections each user can access using Meneja role-based access control.

Meneja uses a role-based access system to control what each person in your organization can see and do in the dashboard. Every user has a set of roles assigned to them, and each role carries a specific set of permissions. Understanding how roles and permissions map to dashboard capabilities lets you set up your team without granting more access than needed.

## User fields

Each user account in Meneja contains the following information:

| Field          | Description                               |
| -------------- | ----------------------------------------- |
| `first_name`   | The user's first name                     |
| `last_name`    | The user's last name                      |
| `email`        | The user's email address, used to sign in |
| `phone_number` | The user's contact phone number           |

## Roles

Meneja defines four roles. Each role is additive — higher roles carry the capabilities of lower ones plus additional access.

| Role        | Description                                                                                                             |
| ----------- | ----------------------------------------------------------------------------------------------------------------------- |
| `super`     | Full access to all tenants, billing configuration, and platform-level settings. Typically reserved for platform owners. |
| `admin`     | Full access within a tenant, including managing users, branding, modules, and billing.                                  |
| `sub_admin` | Access to day-to-day operations such as products and orders, but cannot change tenant settings or billing.              |
| `support`   | Read-only access to tenant data to assist customers. Cannot make changes to settings or records.                        |

<Note>
  A user can hold multiple roles simultaneously. The permissions granted are the union of all roles assigned to that user.
</Note>

## Permissions

Permissions follow the format `resource:action`, for example `tenants:create` or `products:read`. The dashboard checks these permissions before allowing access to specific pages or actions. You do not assign individual permissions directly — they are determined by the role or roles a user holds.

Common permission patterns include:

| Permission        | What it controls                               |
| ----------------- | ---------------------------------------------- |
| `tenants:create`  | Creating new tenant accounts                   |
| `tenants:read`    | Viewing the tenant list and tenant details     |
| `tenants:update`  | Editing tenant settings, branding, and modules |
| `products:read`   | Viewing product listings                       |
| `products:create` | Adding new products                            |
| `products:update` | Editing existing products                      |

## View users

To see a list of users in your organization, navigate to **Administration → Users** in the sidebar. The list shows each user's name, email, and assigned roles.

## Invite a user

<Steps>
  <Step title="Open the Users page">
    Go to **Administration → Users** and click **Invite user**.
  </Step>

  <Step title="Enter user details">
    Fill in the user's `first_name`, `last_name`, `email`, and `phone_number`.
  </Step>

  <Step title="Assign a role">
    Select one or more roles from the role picker. Choose the most restrictive role that still lets the user do their job.
  </Step>

  <Step title="Send the invitation">
    Click **Send invite**. The user receives an email with a link to set up their account.
  </Step>
</Steps>

## Update a user or change their role

<Steps>
  <Step title="Find the user">
    Go to **Administration → Users** and locate the user you want to update.
  </Step>

  <Step title="Open their profile">
    Click on the user's name or the edit icon to open their profile.
  </Step>

  <Step title="Edit details or roles">
    Update any fields — name, phone number, or assigned roles — as needed.
  </Step>

  <Step title="Save changes">
    Click **Save**. Changes take effect immediately on the user's next dashboard action.
  </Step>
</Steps>

<Warning>
  Removing the `admin` or `super` role from a user takes effect immediately. Make sure at least one user retains `super` or `admin` access to avoid locking your organization out of critical settings.
</Warning>

## Role access summary

The table below shows which dashboard areas each role can typically access:

| Dashboard area         | `support` | `sub_admin` | `admin` | `super` |
| ---------------------- | :-------: | :---------: | :-----: | :-----: |
| View tenants           |     ✓     |      ✓      |    ✓    |    ✓    |
| Edit tenant settings   |           |             |    ✓    |    ✓    |
| Manage branding        |           |             |    ✓    |    ✓    |
| Toggle modules         |           |             |    ✓    |    ✓    |
| View products          |     ✓     |      ✓      |    ✓    |    ✓    |
| Create / edit products |           |      ✓      |    ✓    |    ✓    |
| Manage users           |           |             |    ✓    |    ✓    |
| Configure billing      |           |             |         |    ✓    |
| View billing metrics   |           |             |    ✓    |    ✓    |

<Tip>
  When in doubt, start a new team member on `support` so you can observe what they need access to before expanding their role.
</Tip>