GC SurgeDocsUser Management & Invitations
7 min read

User Management & Invitations

The Users module is where Super Admins manage the full lifecycle of platform access for their organization. This includes: Inviting new users. Covers: What User Management Does, Navigating the Users Module, Inviting a New User.

What User Management Does

  • Inviting new users.
  • Assigning and updating roles.
  • Monitoring invitation status.
  • Removing users.

Effective user management is both an operational and a security responsibility.

user-management-and-invitations-01.png

Roles in GC Surge

You assign a role to every user when you invite them, and a Super Admin can change it later from the Edit User dialog. Two roles are :

  • Super Admin — full access: site creation, user management, NOVA99x configuration, and subscription/billing.
  • Operator — scoped to operational work only: Video Search, ZenMode, and the Home Dashboard. An Operator cannot open My Subscription, see invoices or per-camera cost figures, or enable/disable NOVA99x — those are Super Admin-only. Operators do see the Home Dashboard KPI cards (alarms, time saved, capacity headroom) because those are operationally relevant.

By least privilege, default new users to Operator — it covers everyone who handles alarms — and reserve Super Admin for people who genuinely need administrative control. If unsure, invite as Operator and promote later.

Navigating the Users Module

At the top of the Users module, four summary cards give a quick count of your organization’s access: Total Users, Active Users, Inactive Users, and Roles.

13_user-management.png
  1. Open the Users section from the sidebar navigation.
  2. The main view displays a table of all users associated with your account, including: Avatar, name, and email address.Assigned role.Account status: Active.Actions available per user: Edit User, Edit User Entities, and Remove User.

Above the user table you have three controls for working with large rosters:

  • Columns — show or hide columns in the table. Your selection is saved per user (against your own account) and doesn't change anyone else's view. Hidden columns aren't removed — they're still included when you Export.
  • Density — set the row spacing. Compact fits 30+ users on screen without scrolling, which helps when auditing for stale accounts; Standard or Comfortable is easier to read for day-to-day management of smaller teams. This is also saved per user.
  • Export — download the user list as CSV, including any columns you've hidden: first name, last name, email, phone, role, status, date invited, date last active, entity-group assignments, invited-by, and last-login timestamp. The export reflects your current filters and is a point-in-time snapshot of access rights — useful as compliance evidence, so store it securely.

Inviting a New User

  1. Navigate to the Users module.
  2. Click Invite New User.
  3. Fill in the invitation form: First name and last name (both required).Email address.Country code and phone number (optional).Most accounts use email-based invitation and recovery, so phone is nice-to-have. It matters in two cases: if the user is also an on-site contact whose Site Key is sent over WhatsApp, or if you want SMS as a password-reset fallback. Desk-bound operators can usually skip it.Role — select from the dropdown. Default to Operator unless the person needs administrative control; you can promote to Super Admin later.Profile photo (optional) — purely cosmetic and skippable. New users can upload their own on first sign-in; only set it here when pre-populating the directory for a large team. The uploader recommends a square image, at least 200×200px.
  4. Click Send Invitation.

What the invited user receives. An email titled “You’re invited to GC Surge” with a single Accept Invitation button. The button opens a password-setup page; once they set a password they’re signed in and land on the Home Dashboard (or Operator onboarding if they were invited as an Operator). The link is single-use and expires after 72 hours — a Super Admin can resend it from the Users list if it’s missed. The role and any entity assignments apply the moment the invite is accepted; there’s no extra approval step.

Cancel discards the invite form without sending anything — no email goes out, no user is created, and nothing is saved as a draft. If you cancel by mistake, re-open Invite New User and re-fill. CSV-based bulk invitations are on the roadmap; today each user is invited individually.

user-management-and-invitations-02.png

Editing a User

  1. Locate the user in the Users table.
  2. Click the Actions menu (…) next to their name.
  3. Select Edit User.
  4. Choose the new role from the GCSurge Role dropdown (under Account Settings).
  5. Click Update User. The user’s permissions update immediately.

What you can change. Editable fields: first name, last name, phone number, GC Surge role, profile photo, and entity-group assignments (see Edit User Entities below). The email address is locked — it’s the user’s account identity. To change an email you invite a new user with the new address, transfer their role and entity assignments, then deactivate the old account once the new one is verified. Audit history doesn’t carry over, by design, since audit entries point to the account that performed them.

How a role change applies. After you click Update User, the user is not signed out; on their next page navigation or login their sidebar updates — a downgrade hides modules they no longer have, an upgrade reveals new ones. The change is recorded in the audit trail with who made it, when, and a before/after diff of the fields. There’s no notification email by default, so let the user know out-of-band if the change affects their workflow.

Edit User Entities

Entities are a user’s scoped access — the specific sites or customers they can see, within their role’s permissions. Without entity assignments, an Operator sees every site their role grants. With entities you can narrow that to, say, “only these 12 sites” — useful for multi-customer monitoring stations where operators are assigned to specific customers, or where a contractor needs temporary access. The dialog lets you add, remove, override, or merge those assignments.

Removing a User

Removing a user is a soft delete: it deactivates the account rather than erasing it. Access is revoked immediately — all active sessions end and any in-progress alarms the user was handling are released back to the queue — but their historical actions remain in the audit trail under their name and account ID for traceability. A Super Admin can reactivate them later from the Users list, restoring their role and entity assignments. Use this when a team member leaves or changes responsibilities. For a hard delete (GDPR data removal), contact GC Surge support.

  1. Open the Users module from the sidebar.
  2. Locate the user in the table.
  3. Click the Actions menu (…) next to their name.
  4. Select Remove User. The user’s access is revoked immediately.

Best Practices

  • Remove access promptly when a team member leaves or changes responsibilities.
  • Invitations expire after 72 hours. If a recipient did not receive the email, re-invite them rather than waiting for the link to expire.
  • Limit the number of Super Admin accounts — roughly two or three for a small monitoring station, five or six for a larger one. Every Super Admin account is a potential attack surface: if one is compromised, the attacker gains every administrative power on the platform. Operators who only need event access should be invited as Operator, not promoted for convenience. Audit the Super Admin list at least quarterly and downgrade or deactivate anyone who no longer needs it.
  • Use business email addresses. Personal email addresses make account recovery harder and create risk if a user leaves but retains access to their personal email.
GC Surge