Administration & System Setup
      Back to home
      1. SurePact | Knowledge Base
      2. Administration & System Setup

      Managing Users & User Types

      Introduction

      Managing users effectively in SurePact ensures that the right team members have the appropriate level of access to records and system functions. SurePact uses a combination of User Types and Record Roles to define permissions at both the organisation-wide and record-specific levels.

      This guide explains User Types, how they differ from Record Roles, and how to add, edit, and manage users within your SurePact tenancy.

      πŸ“Œ For assigning members to specific records, please see Understanding Default Members, Roles & Permissions.

      User Types vs. Record Roles

      User Types (Organisation-Wide Access)

      User Types define what a person can access across all of SurePact, including administrative features, user management, and system-wide settings. These are assigned by an Administrator and apply to the entire tenancy.

      User Type Description Who Typically Has This?
      Active Standard user with access to SurePact based on their assigned Record Roles. All general users
      View Only Can view records but cannot edit them. Oversight roles, executives
      Locked Cannot log into SurePact. Used for offboarding users. Former employees, inactive users
      Default Member Automatically assigned to all records unless manually removed. Senior staff needing full visibility
      Hide Financial Data Cannot view financial fields within records. Contractors, external stakeholders
      Customer Administrator Can manage users and system configurations. IT leads, finance leads, strategic sponsors
      System Administrator Reserved for SurePact Support Team. SurePact internal use only
      SSO Enabled Indicates if the user logs in via Single Sign-On (SSO). Organisations using SSO
      Contractor Identifies external contractors (does not impact permissions). Contractors, vendors

      πŸ’‘ Tip: Most users are Active Users, with access limited by their Record Roles rather than their User Type.

      Record Roles (Access Within Specific Records)

      Unlike User Types, Record Roles define what a user can do within a specific record (e.g., grant, project, contract, or portfolio). Record Roles are managed at the record level by the Record Manager.

      βœ” Record Roles include:

      • Record Owner (Oversight, no edit rights)

      • Record Manager (Day-to-day execution, can assign members)

      • Record Member (Limited editing, can complete tasks)

      • Approver (Can approve but not edit records)

      πŸ“Œ For a detailed breakdown of Record Roles & Permissions, see Understanding Default Members, Roles & Permissions.

      Adding & Managing Users

      How to Add a New User

      1. Navigate to Administration > Users.

      2. Click Add User (βž•).

      3. Enter the user’s details (Name, Email, Department, and Business Unit).

      4. Assign a User Type (e.g., Active, Customer Administrator).

      5. If applicable, select Default Member to provide automatic access to all records.

      6. Click Save Changes.

      πŸ’‘ Tip: Users receive an email invitation once added.

      GIF - USER SETUP

      Editing an Existing User

      1. Navigate to Administration > Users.

      2. Select the user you want to edit.

      3. Update their User Type, Department, or Business Unit.

      4. Click Save Changes.

      ⚠️ If a user changes roles internally, update their permissions to match their new responsibilities.

      Offboarding & Locking Users

      When a user leaves your organisation or no longer requires access, you must lock their account to ensure compliance and governance.

      Steps to Offboard a User:

      1. Navigate to Administration > Users.

      2. Select the user you wish to offboard.

      3. Before locking the user, transfer their assigned records to another user using Delegations.

        πŸ“Œ For step-by-step instructions, see Creating Delegations in SurePact.

      4. Once delegations are complete, uncheck all User Types and select only Locked.

      5. Click Save Changes.

      πŸ’‘ Tip: Locking a user prevents them from logging in while retaining their historical activity for audit purposes.

      gif - user changes

      Best Practices for User Management

      βœ” Use individual email addresses (e.g., georgie.craft@regionofmagic.tas.gov.au) instead of shared accounts for better governance.

      βœ” Assign Customer Administrator access only to key personnel (e.g., IT leads, finance managers).

      βœ” Review user access periodically to remove inactive users or adjust permissions as needed.

      βœ” Use Default Members for teams needing full record visibility, rather than manually adding users to each record.

      βœ” Update permissions when staff change roles to ensure proper record access.

      βœ” Always complete a Delegation before locking a user account to maintain ongoing record access.

      Troubleshooting User Access Issues

      ❓ User cannot see a record β†’ Ensure they are assigned as a Record Member.

      ❓ User cannot edit financial fields β†’ Check if Hide Financial Data is enabled.

      ❓ User cannot log in β†’ Ensure they are not marked as Locked or check if SSO is required.

      ❓ User not receiving notifications β†’ Verify their email is correct and that notifications are enabled.


      πŸ“Œ For further assistance, contact your SurePact Administrator or log a Support Ticket.