User Management
Manage internal DramWell admin users, assign roles, configure security policies, and audit access across the Admin Portal.
Overview
User Management in the Admin Portal controls who has access to admin.dramwell.ai, what they can do there, and how their session security is enforced. This is an internal-only section — it governs DramWell team members, not end-customer users. Customer-facing user management is handled within each vertical's own settings.
Key Concepts
Admin User — A member of the DramWell internal team with access to the Admin Portal. Admin users are separate from customer org users.
Role — A permission set assigned to each admin user. Roles control which sections of the Admin Portal are accessible and whether the user can take write actions or only view data.
Security Policy — Organization-wide settings applied to all admin users: MFA requirements, session timeout, IP allowlist.
Audit Log — An append-only record of every action taken in the Admin Portal — logins, data exports, configuration changes, user invitations.
Built-In Roles
| Role | Access |
|---|---|
| Super Admin | Unrestricted access to all Admin Portal features, including user management, security settings, and destructive actions |
| Operations | Access to Command Center, Monitoring, Logs, and Telephony. No access to billing or user management |
| Finance | Access to Finance Dashboard, Subscriptions, Plans, and Promotions. No access to system configuration |
| Support | Read-only access to Customer and User data, Logs. Cannot modify any records |
| Developer | Access to Feature Flags, Monitoring, Logs, and API settings. No access to financial or customer PII |
How It Works
Inviting an Admin User
- Go to Settings > Users and click Invite User.
- Enter the invitee's work email address.
- Select their role from the dropdown.
- Click Send Invite.
The invitee receives an email to set their password. The invite is valid for 24 hours. Resend from the Pending Invites tab if needed.
Changing a User's Role
Go to Settings > Users, find the user, and click their current role badge. Select the new role and confirm. The change takes effect on their next action or page load.
Deactivating a User
Click the ... menu next to any active user and select Deactivate. The user's session is terminated immediately and they cannot log in again. Their audit log entries are preserved. Reactivation requires a Super Admin to re-enable the account.
Configuring Security Settings
Go to Settings > Security. Available settings:
| Setting | Description |
|---|---|
| MFA Required | Require all admin users to enroll in TOTP-based MFA before accessing the portal |
| Session Timeout | Maximum idle time before automatic logout (default: 60 minutes) |
| IP Allowlist | Restrict Admin Portal access to a specified list of IP addresses or CIDR ranges |
| Password Policy | Minimum length, complexity, and rotation interval requirements |
Changes to MFA requirements and IP allowlists take effect immediately for all subsequent login attempts.
Reviewing the Audit Log
Go to Settings > Audit Log. Filter by user, action type, or date range. The log records:
- Authentication events (login, logout, failed attempts, MFA enrollment)
- Data access events (exports, report downloads, PII views)
- Configuration changes (role changes, security settings, feature flag updates)
- Destructive actions (user deactivations, data deletions)
Audit logs are retained for 12 months and can be exported as CSV.
Tips
- Enable MFA for all admin users before giving the Admin Portal access to anyone outside the immediate engineering team. A single compromised admin account has access to all customer data.
- Use the IP Allowlist if your team works from a consistent office IP. It is the fastest way to significantly reduce unauthorized access risk.
- Review the Audit Log for any Super Admin after they perform sensitive operations. Super Admin actions have the highest blast radius if an account is compromised.
Related Articles
Was this article helpful?