Role-Based User Lock and Unlock Functionality
Introduction and Overview
An enhancement has been introduced to control user lock and unlock functionality based on user roles. This feature ensures that lockout actions are applied only within the permitted scope defined by the user's role, improving security and administrative control across the platform.
By implementing role-based lockout permissions, organizations can delegate user management responsibilities while maintaining strict boundaries on who can perform lock and unlock actions. This prevents unauthorized access modifications and ensures proper governance over user account management.
Supported User Roles
The platform supports two primary user roles for lockout functionality, each with distinct permissions governing which users can be locked or unlocked:
Company-Based Users – Users with company-wide access and permissions that apply across the entire organization hierarchy.
Organization-Based Users – Users with access limited to their specific organization within the company structure.
Enabling Lockout Permissions in Roles
Lockout functionality is controlled through Role Configuration. Administrators must explicitly enable lock and unlock permissions for each role that requires this capability.
Within the Roles → Operations section, two new checkboxes are available:
Lock User – Enables the ability to lock user accounts
Unlock User – Enables the ability to unlock user accounts
These options must be enabled for the respective roles to allow lock and unlock actions. Without these permissions enabled, users will not see or have access to lockout functionality.
Lockout Options During User Creation
While creating a user, a Lockout checkbox is available based on the user's role type and the permissions configured for the role performing the action.
If the user being created is company-based, the lockout option is displayed when the creating user's role has lock permissions enabled.
If the user being created is organization-based, the lockout option is displayed when the creating user's role has lock permissions enabled for organization-level users.
These options are role-dependent and appear only when permissions are configured correctly in the Role Configuration settings.
Company-Based User Lockout Behavior
When a company-based user has lock permissions enabled, they receive broad lockout capabilities that apply across the entire company structure.
Capabilities:
The user can lock or unlock all company-level users.
The action applies across the company without organization-level restrictions.
A confirmation prompt appears before completing the lockout action to prevent accidental locks.
Once confirmed, the selected users are locked successfully and will be unable to access the system until unlocked by an authorized user.
Organization-Based User Lockout Behavior
When an organization-based user has lock permissions enabled, their lockout capabilities are restricted to users within their own organization, ensuring proper segmentation and security boundaries.
Capabilities and Restrictions:
The user can lock or unlock only users within the same organization.
Users belonging to other organizations cannot be locked or unlocked by this user.
Attempting to lock a user from a different organization triggers an alert message and blocks the action.
This restriction ensures that organization-level users are limited to managing only their own organization's users, maintaining proper administrative boundaries and preventing unauthorized cross-organization access modifications.
Configuration Steps
To enable lock and unlock functionality for a role, follow these steps:
1. Navigate to Role Configuration in the administration settings.
2. Select the role you want to configure.
3. Go to the Operations section.
4. Enable the Lock User checkbox to allow locking users.
5. Enable the Unlock User checkbox to allow unlocking users.
6. Save the role configuration to apply the changes.
Conclusion
The role-based lock and unlock functionality provides precise control over user access management. By distinguishing between company-based and organization-based roles, the system ensures that lockout actions are applied securely and within defined boundaries, maintaining proper administrative governance across the platform.
This enhancement enables organizations to delegate user management responsibilities effectively while maintaining security protocols, ensuring that only authorized personnel can perform lock and unlock actions within their permitted scope.
Related Articles
How do I lock user accounts?
Super administrators have permission to lock or unlock user accounts. Navigate to System > Users Select the user from the grid Click the Lock or Unlock action button If the user is unlocked, the icon will update next to the username.How can I lock content in an email template to prevent other users from changing it?
If you need to control your brand, using the lock feature can allow you to take and maintain control over what other users are allowed to change in any emails you share with them. Use the locking feature in order to prevent key attributes from being ...Enabling and Using the Switch Role Persona Feature
Introduction: This article introduces the Switch Role Persona feature, designed for users with multiple assigned roles. This feature enhances usability by allowing users to seamlessly switch between roles, providing role-specific views and actions. ...How to create Organization field-based Goals?
Submit a request to support@mindmatrix.net to enable the Organization field based Goals option in your portal. Once you get the Organization Goals access follow the below steps to create an Organization Goal for your Organization: 1. Navigate to ...How do I configure user-level dashboard settings?
Introduction: User-level dashboard settings offer a personalized approach to dashboard configuration, allowing individual users to tailor their experience based on their preferences. In this detailed guide, we'll walk through the process of ...