Users
User management allows administrators to control access, assign roles, and manage permissions within FluxGate.
Users represent individuals who access the FluxGate system. Each user has a role that determines their permissions.
FluxGate supports three primary roles:
Permissions:
- View features and configurations
- Create new features
- Submit feature changes
- View analytics and metrics
- Approve others' requests (peer review)
Cannot:
- Approve own requests
- Manage users or teams
- Configure system settings
Use Case: Developers, product managers
Permissions:
- All Requester permissions
- Review and approve/reject feature changes
- Add detailed approval comments
- Track approval metrics
Cannot:
- Manage users or teams
- Configure approval policies
- Modify system settings
Use Case: Engineering leads, release managers
Permissions:
- All Approver permissions
- Manage users and teams
- Configure approval policies
- Modify system settings
- Override approvals (if configured)
Use Case: Team leads, system administrators
- Navigate to Users → Create User
- Enter user details:
- Username: Unique identifier
- Email: User email address
- Name: Full name
- Role: Requester, Approver, or Team Admin
- Set initial password
- Click CREATE
- User receives welcome email (if configured)
- Open user details
- Modify fields:
- Email address
- Full name
- Role assignment
- Save changes
- Navigate to user settings
- Select new role from dropdown
- Confirm role change
- User permissions update immediately
Admin-Initiated Reset:
- Open user settings
- Click RESET PASSWORD
- Generate temporary password
- Share with user securely
Self-Service Reset:
- Users can reset via login page
- Password reset link sent to email
Instead of deleting, deactivate users to preserve audit history:
- Open user settings
- Toggle ACTIVE status to OFF
- User cannot log in
- Historical data preserved
- Deactivate user first
- Verify no active approvals or requests
- Click DELETE USER
- Confirm deletion
Track user actions:
- Feature creations and modifications
- Approval decisions
- Login history
- Setting changes
Monitor user engagement:
- Active users per day/week
- Feature evaluations by user
- Approval response times
- Most active contributors
FluxGate uses JWT (JSON Web Token) for authentication:
- Token Expiry: Configurable (default: 24 hours)
- Refresh Tokens: Auto-renewal before expiry
- Logout: Invalidates current token
Default password policy:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
Administrators can customize requirements in Settings.
Principle of Least Privilege: Assign minimum necessary role
Regular Audits: Review user list and roles periodically
Deactivate Promptly: Disable accounts for departing team members
Strong Passwords: Enforce password complexity requirements
Monitor Activity: Track unusual user behavior
Documentation: Document role assignments and rationale