User Management - MLM (Manteniendo la Misión)

Overview

The User Management module allows administrators to create, edit, activate/deactivate, and delete users. Users can be assigned to roles, locations, and have their credentials managed centrally.

User management requires the users:full_access permission. Viewing users only requires users:read.

Accessing User Management

Navigate to Administration → Users from the sidebar to access the user management interface.

User Data Model

Each user in MLM CMMS has the following properties:

Field	Type	Description
`id`	UUID	Unique identifier (from Supabase Auth)
`email`	String	User’s email address (login credential)
`name`	String	First name
`last_name`	String	Last name
`phone`	String	Optional phone number
`location_id`	Integer	Associated location/facility
`rol_id`	Integer	Assigned role (defines permissions)
`is_active`	Boolean	Whether the user can log in
`created_at`	Timestamp	Account creation date
`password_reset_at`	Timestamp	Last password reset (if available)
`password_reset_by`	UUID	Admin who reset the password

User Management Workflows

Creating a New User

Open the Create User Dialog

Click the “Nuevo usuario” button in the user management toolbar.

Fill in Required Fields

Name: User’s first name
Last Name: User’s surname
Email: Must be unique across the system
Password: Use the “Generar segura” button to create a secure password
Role: Select a role (requires rbac:manage_roles permission)
Location (optional): Assign the user to a location

Submit the Form

Click “Crear usuario”. The system will:

Create the user in Supabase Auth
Insert the user record in public.users
Sync metadata to auth.users.user_metadata
Assign the selected role via user_roles table

The email address cannot be changed after user creation due to Supabase Auth constraints.

Editing a User

Locate the User

Use the search bar or location filter to find the user.

Open Edit Modal

Click the “Editar” action button on the user’s row.

Modify Fields

You can update:

Name and last name
Phone number
Location assignment
Role assignment (if you have rbac:manage_roles)

Email cannot be changed in the edit modal.

Save Changes

Click “Guardar cambios”. The system calls the admin_update_user_profile RPC function to update both the database and auth metadata.

Resetting a User’s Password

Administrators with users:full_access can reset user passwords:

Open the Edit Modal

Click “Editar” on the user’s row.

Generate a New Password

Use the “Generar segura” button in the password reset section.

Confirm Reset

Click “Restablecer contraseña”. The system invokes admin_reset_user_password RPC, which:

Updates the password in Supabase Auth
Records password_reset_at and password_reset_by for audit purposes

Password resets are immediate and cannot be undone. Ensure you communicate the new password securely to the user.

Activating/Deactivating Users

Deactivating a user prevents them from logging in without deleting their account:

Single User
Bulk Deactivation

Click the “Desactivar” or “Activar” button on the user’s row
Confirm the action in the confirmation dialog
The is_active flag is toggled in the database

Select multiple users using the checkboxes
Click “Desactivar selección” in the toolbar
Confirm the bulk operation
All selected users are set to is_active = false

Requires users:cancel permission for activation/deactivation.

Deleting a User

User deletion is permanent and cannot be undone. All associated records may be affected.

Confirm Prerequisites

Ensure the user has no critical dependencies (e.g., active work orders, tickets).

Initiate Deletion

Click the “Eliminar” button on the user’s row.

Confirm

Confirm the deletion in the warning dialog.

Requires users:delete permission.

Filtering and Search

The user management interface supports:

Search: By name, last name, or email (minimum 2 characters)
Location Filter: Show only users from a specific location
Include Inactive: Toggle to include deactivated users

Pagination

Users are paginated with 8 records per page. Use the “Anterior” and “Siguiente” buttons to navigate pages.

Search results disable pagination and show all matching users.

Permissions Required

Action	Permission Code
View users	`users:read`
Create/edit users	`users:full_access`
Assign roles	`rbac:manage_roles`
Activate/deactivate	`users:cancel`
Delete users	`users:delete`

Technical Implementation

Service Layer

User management operations are handled by:

userService.ts: Current user profile operations
userAdminService.ts: Admin-level user management

Key functions:

// Paginated list with filters
getUsersPaginated({
  page: number,
  pageSize: number,
  search?: string,
  location_id: number | null,
  includeInactive?: boolean
})

// Update user profile and role
updateUser(userId: string, patch: Partial<DbUser>)

// Admin password reset
resetUserPassword(userId: string, newPassword: string)

// Activation control
setUserActive(userId: string, active: boolean)
bulkSetUserActive(ids: string[], active: boolean)

// Deletion
deleteUser(userId: string)

Database Functions

`admin_update_user_profile`

Updates user profile and synchronizes metadata to Supabase Auth:

admin_update_user_profile(
  p_id uuid,
  p_email text,
  p_name text,
  p_last_name text,
  p_location integer,
  p_rol_id integer,
  p_update_role boolean
)

`admin_reset_user_password`

Resets a user’s password and records audit information:

admin_reset_user_password(
  p_id uuid,
  p_new_password text
)

These RPC functions may not be available in older deployments. The frontend includes backward-compatible fallback logic.

Best Practices

Use Strong Passwords

Always use the password generator (16+ characters) when creating users or resetting passwords.

Assign Roles Immediately

Users without roles have no permissions. Always assign a role during user creation.

Deactivate Instead of Delete

Prefer deactivation over deletion to preserve audit trails and historical data.

Review Location Assignments

Ensure users are assigned to the correct location for proper data access and filtering.

Troubleshooting

”No tienes permiso para crear/editar usuarios”

Cause: Missing users:full_access permission. Solution: Contact an administrator to grant the required permission through role assignment.

Email Already Exists

Cause: The email address is already registered in Supabase Auth. Solution: Use a different email or delete/reactivate the existing user.

Password Reset Not Available

Cause: The admin_reset_user_password RPC function is not deployed. Solution: Deploy the latest SQL migrations from sql/modules/ or use the Supabase dashboard to reset passwords manually.

User Cannot Log In After Creation

Possible causes:

User is marked as is_active = false
User has no role assigned
Email confirmation is required (check Supabase Auth settings)

​Overview

​Accessing User Management

​User Data Model

​User Management Workflows

​Creating a New User

​Editing a User

​Resetting a User’s Password

​Activating/Deactivating Users

​Deleting a User

​Filtering and Search

​Pagination

​Permissions Required

​Technical Implementation

​Service Layer

​Database Functions

​admin_update_user_profile

​admin_reset_user_password

​Best Practices

Use Strong Passwords

Assign Roles Immediately

Deactivate Instead of Delete

Review Location Assignments

​Troubleshooting

​”No tienes permiso para crear/editar usuarios”

​Email Already Exists

​Password Reset Not Available

​User Cannot Log In After Creation

​Related Topics

Overview

Accessing User Management

User Data Model

User Management Workflows

Creating a New User

Editing a User

Resetting a User’s Password

Activating/Deactivating Users

Deleting a User

Filtering and Search

Pagination

Permissions Required

Technical Implementation

Service Layer

Database Functions

`admin_update_user_profile`

`admin_reset_user_password`

Best Practices

Troubleshooting

”No tienes permiso para crear/editar usuarios”

Email Already Exists

Password Reset Not Available

User Cannot Log In After Creation

Related Topics