Users
User management covers login, registration, invitations, and access control within an account.
Login
- Login with email or username and password
- Optional two-factor authentication (2FA) — after entering the password, a one-time SMS code sent to a verified phone number is required
- The system tracks the date of last login and the number of failed attempts
Registration and Invitations
- New users can be invited by email — the invitation contains an activation link valid for 7 days
- The invitation specifies the user’s role (owner, admin, user, guest)
- If the invited user does not have an account — they must register
- If they already have a guest account — their role will be upgraded
- A single user can belong to multiple accounts
Verification
- Email — address confirmation via an activation link (token valid for 24 hours)
- Phone — number verification with an SMS code (code valid for 10 minutes)
- A verified phone is required to enable 2FA
Permissions
Each user has an assigned role that defines a set of permissions (see the Roles entry). Permissions control access to modules, features, and operations in the system.
An administrator can manage users — change their roles, deactivate accounts, reset passwords.
Guests
Guests are users with limited access. A guest account is subject to moderation — an administrator must approve or reject guest access. Moderation statuses: pending, approved, rejected.
Deleting an Account
A user can delete their account — data is anonymized (soft delete), but the activity history is preserved.