Skip to content
RAMP Documentation

Members

The Members page provides Administrators with a centralized view of all users within the tenant. From here you can manage user accounts, assign application-level roles, and control access.

Required role: Administrator or SuperUser

Accessing the Members Page

Section titled “Accessing the Members Page”

Navigate to Administration > RAMP Tenant Members (or /_admin/ramp-tenant-members).

The members list shows all users in the current tenant, including:

  • User display name and email
  • Active or inactive status
  • Assigned application roles
  • Authentication method (RAMP Internal, LDAP, OIDC, Windows Auth)

Creating a User

Section titled “Creating a User”

For tenants with RAMP Internal authentication enabled, Administrators can create user accounts directly.

  1. Click Create User on the members page.
  2. Fill in the required fields:
    • Username — must be unique within the tenant
    • Email — the user’s email address
    • First Name and Last Name
    • Password — set an initial password
  3. Click Create.

Editing a User

Section titled “Editing a User”
  1. Click on the user in the members list.
  2. Modify profile information (display name, email, etc.).
  3. Click Save.

Assigning Application Roles

Section titled “Assigning Application Roles”

Application-level roles (App Roles) determine what a user can do across the entire RAMP tenant. These are separate from entity-specific roles (template roles, instance roles) that are assigned on individual items.

  1. Click on the user in the members list.
  2. Open the Roles tab.
  3. Click Add Role.
  4. Select the desired role from the dropdown.
  5. Click Assign.

Available Application Roles

Section titled “Available Application Roles”
RolePurpose
AdministratorManage system settings, users, groups, and configuration. Cannot access content without additional roles.
SuperUserFull access to all templates, instances, and systems. Use sparingly.
TemplateCreatorCan create new templates. Automatically becomes Template Owner on created templates.
GlobalTemplateOwnerOwner permissions on all templates system-wide.
GlobalTemplateEditorEditor permissions on all templates system-wide.
GlobalTemplateViewerRead-only access to all templates system-wide.
GlobalTemplateApproverCan approve versions on all templates system-wide.
GlobalInstanceHeadHead permissions on all instances system-wide.
GlobalInstanceDeputyHeadDeputy Head permissions on all instances system-wide.
GlobalInstanceEditorEditor permissions on all instances system-wide.
GlobalInstanceExecutorExecutor permissions on all instances system-wide.
GlobalInstanceObserverRead-only access to all instances system-wide.
SystemManagerCan manage systems and stages.
CalendarManagerCan manage calendars and scheduling.
MessageSubscriberReceives general system notifications.
PreEscalationSubscriberReceives pre-escalation warnings.
EscalationSubscriberReceives escalation alerts.

For a comprehensive explanation of each role and its permissions, see Roles.

Removing Roles

Section titled “Removing Roles”
  1. Navigate to the user’s Roles tab.
  2. Click the remove button next to the role you want to revoke.
  3. Confirm the removal.

Deactivating a User

Section titled “Deactivating a User”

To prevent a user from logging in without deleting their account:

  1. Click on the user in the members list.
  2. Toggle the user’s status to Inactive.
  3. Click Save.

Deactivated users cannot log in but their data and role assignments are preserved. You can reactivate the account at any time.

Resetting a User’s Password

Section titled “Resetting a User’s Password”

For RAMP Internal users, Administrators can reset passwords:

  1. Click on the user in the members list.
  2. Click Reset Password.
  3. Set a new password.
  4. Communicate the new password to the user through a secure channel.

Best Practices

Section titled “Best Practices”
  • Principle of least privilege — assign only the roles a user needs for their work. Start with lower-privilege roles and escalate as needed.
  • Use groups for bulk role assignment — instead of assigning the same role to many individual users, create a group and assign the role to the group.
  • Regular audits — review role assignments periodically. Remove roles from users who have left or changed positions.
  • Multiple administrators — ensure at least two users have the Administrator role to avoid lockout scenarios.
Section titled “Related topics”
Groups Create and manage groups for organizing users and simplifying role assignments
Roles Understand the RAMP role system, application roles, entity roles, and permission hierarchy