JewelTrak Help
All articles

Settings

Adding & Managing Users

Create user accounts, assign permission groups, set per-store access, and manage password resets. For the underlying permission model, see Permissions & Roles.

The Users page (Settings → Users) is where you create and manage staff accounts. Each user has a login, a permission group that controls what they can see and do, and a list of stores they can operate in.

For the conceptual permission model — how the three layers of enforcement work, what each flag does — see Permissions & Roles.

Adding a user

  1. Go to Settings → Users → + New.
  2. Enter the user’s First Name, Last Name, Email (this is their login).
  3. Pick a Permission Group — Admin, Sales, Counter Staff, etc. The group decides what permissions are granted.
  4. Pick the Stores this user can access (multi-store orgs only — single-store orgs default to the only store).
  5. Save. The user receives an email with a link to set their password.

The user can log in as soon as they set their password. If they don’t get the email, check spam, then use Resend Invite on their detail page.

Editing a user

Open any user’s detail page to update:

  • Permission group (changes effective immediately on their next page load)
  • Store access (multi-store)
  • Personal details (name, email, phone)
  • Active flag — toggle off to disable login without deleting the user (preserves their audit trail)

Password resets

Two ways:

  • User-initiated: from the login page, “Forgot password?” sends a reset email.
  • Admin-initiated: on the user’s detail page, click Send Password Reset — they get the same email.

Both use the same token-based flow with rate limiting.

Permission groups vs individual flags

By default, a user inherits everything from their permission group. Permission groups are the right place to make changes that affect a role (e.g. “Sales staff can now void payments” — change the group once, not 8 users).

For a one-off override on a single user, individual flags on their detail page take precedence. Use sparingly; group changes are easier to audit.

Single-session enforcement

JewelTrak enforces one active session per user — logging in from a second device automatically signs the first device out. This protects against shared credentials and gives admins one place to see active sessions.

(There’s a planned admin sessions viewer that lists who’s currently logged in across all users; not yet shipped.)

Account unlock

If a user fails password attempts too many times, their account is locked for 15 minutes (rate-limit on sign-in). Either:

  • Wait for the lockout to expire, or
  • Admin reset — open the user’s detail page, click Send Password Reset; they set a new password and the lockout clears.

Tips

  • Use permission groups for the default 80% of role permissions; only set individual flags for the 20% of users who need exceptions.
  • A user who leaves the company should be deactivated (Active flag off), not deleted — keeps their name on past invoices and audit log entries.
  • Cross-store users (someone who covers multiple locations) get all those stores in their access list and can switch between them via the store picker in the top nav.