User Management

Assigning Roles

Every user in BeamEdUp has at least one role that determines their permissions. Roles can be assigned during user creation or changed later through the edit form. This guide explains how role assignment works and what to consider.

How to Assign or Change a Role

Open the User Profile

Navigate to Users from the sidebar and click on the user you want to modify. This opens their detail page showing current roles and status.

Click "Edit"

Click the Edit button to open the user editing form. The current role is pre-selected in the Role dropdown.

Change the Role

On the Basic Information tab, find the Role dropdown under Account Configuration. Select the new role. The available roles depend on your institution type (schools show Teacher/Student, coaching centers show Instructor/Learner).

Assign a Branch (If Applicable)

If the user's new role is branch-scoped (Branch Admin, Instructor, or Learner), make sure to select the appropriate Branch from the dropdown. This determines which branch data they can access.

Save Changes

Click Update User to save. The role change takes effect immediately — the user's dashboard and permissions will reflect the new role on their next page load.

Who Can Assign Which Roles

Not everyone can assign every role. You can only assign roles at your level or below in the role hierarchy:

Feature	Org Admin	Branch Admin	Instructor	Learner	Guardian
Assign Org Admin role
Assign Branch Admin role
Assign Instructor role
Assign Learner role
Assign Guardian role
Assign Custom roles

Why the Restrictions?

These restrictions prevent privilege escalation. A Branch Admin cannot make someone an Org Admin because that would grant access beyond their own branch. Only someone with broader access can grant broader roles.

Multiple Roles Per User

BeamEdUp supports assigning multiple roles to a single user. This is useful when someone wears multiple hats — for example:

A teacher who also coordinates the branch → Instructor + Branch Admin
A parent who is also a staff member → Guardian + Instructor
The school owner who manages everything → Org Admin (single role with full access)

When a user has multiple roles, they receive the combined permissions of all their roles. The system always grants the highest level of access available.

Roles and Branch Scope

Some roles are scoped to a specific branch, while others have organization-wide access:

Organization-wide: Org Admin — sees all branches, all users, all data
Branch-scoped: Branch Admin, Instructor, Learner, Guardian — only see data from their assigned branch

Changing Roles Affects Access Immediately

When you change a user's role, their access changes immediately. If you downgrade an Org Admin to Instructor, they will lose access to organization-wide settings on their very next page load. Always confirm with the user before making role changes.

Best Practices

Start with the minimum role — assign Instructor or Learner first; promote to Branch Admin only when needed
Document role assignments — keep track of who has administrative roles for audit and security purposes
Review roles periodically — at the start of each academic year, review whether users still need their current roles
Use custom roles for edge cases — if the built-in roles don't fit, create custom roles with specific permissions instead of over-assigning

Bulk Import (CSV)

Managing User Status