Navigate Select Esc Close
CHAPTER
[03]

Managing Access Across Your Organisation

User management is one of your most important SuperUser responsibilities. You control who accesses your organisation's Kora instance, what they can do, and how they interact with animal records, locations, and operational data. Every user account, role assignment, and permission decision affects your organisation's security, compliance, and operational effectiveness.

Access User Management at /Admin/Users from the Admin Dashboard or main navigation.

User Management Overview

The User Management interface provides five core functions organised as tabs:

User Directory - Browse and search all user accounts in your organisation

Create User - Create new accounts with step-by-step wizard

Vet Approvals - Review and process veterinarian credential applications

Role Management - Assign and modify user roles across your organisation

Bulk Operations - Perform mass updates for multiple users simultaneously

Each tab addresses specific user administration needs, from individual account creation to organisation-wide role management.

User Management Statistics

Four key statistics appear at the top of the User Management page:

Total Users

What It Shows: All user accounts in your instance, regardless of status.

Includes: Active users, locked accounts, pending approvals, inactive accounts

Excludes: Permanently deleted users

Why It Matters: Understanding total user footprint helps with capacity planning, licence management, and organisational growth tracking.

Active Users

What It Shows: Users with current, functional access to your Kora instance.

Includes: Users who can log in and perform operations, all active roles

Excludes: Locked or disabled accounts, pending approvals, deleted users

Why It Matters: Active users represent your current operational team. This count matters for day-to-day operations, training needs, and support planning.

Pending Approvals

What It Shows: Veterinarians who have applied for professional access but haven't been approved yet.

Why It Matters:

  • Veterinarians cannot provide clinical services in Kora until approved
  • Pending approvals delay professional collaboration
  • High pending count may indicate approval workflow bottleneck
  • Urgent approvals needed for active consultations

Recommended Action: Review pending approvals regularly (ideally daily) to ensure veterinarians can provide timely professional services.

Locked Users

What It Shows: Accounts temporarily disabled or locked for security reasons.

Common Reasons for Locking:

  • Security policy violations
  • Suspected unauthorised access
  • User left organisation (locked pending permanent deletion)
  • Temporary suspension during investigation
  • Failed login attempts exceeding security threshold

Why It Matters: Locked accounts indicate security actions taken. May require investigation or permanent deletion. Users cannot access Kora while locked. Audit logs show who locked account and why.

Viewing All Users

The User Directory tab displays all users in your organisation with key information:

Displayed Information:

  • User name and email address
  • Assigned roles (SuperUser, Veterinarian, User, Regulator)
  • Account status (Active, Locked, Pending)
  • Last activity date
  • Assigned locations

Sorting and Filtering:

  • Sort by name, email, role, status, or last activity
  • Filter by role type (show only veterinarians, only SuperUsers, etc.)
  • Filter by status (active, locked, pending)
  • Search by name or email

Searching for Specific Users

Search Capabilities:

  • Type user name or email in search box
  • Results filter in real-time as you type
  • Useful when your organisation has many users
  • Quick way to verify if someone has an account

Viewing User Details

Click any user in the directory to view detailed information:

Account Information: Full name, email, phone, assigned roles and permission levels, account creation date, last login date, account status

Activity Summary: Recent observations recorded, animals accessed or modified, locations visited

Assigned Access: Locations user can access, animals user can view or modify, permissions for specific features

Audit Trail: Who created this account, when roles were assigned or modified, account status changes, permission modifications

Creating User Accounts

User Creation Wizard

The Create User tab provides a guided wizard for creating new accounts:

Step 1: Basic Information - Email address, full name, phone number, preferred language

Step 2: Role Assignment - Select primary role, add secondary roles if needed

Step 3: Location Access - Assign locations user can access

Step 4: Permissions - Fine-tune specific capabilities within assigned roles

Step 5: Review and Create - Confirm all settings, system generates initial password or sends invitation email

Creating Administrator Accounts

When to Create:

  • Hiring new organisational administrators
  • Promoting staff to management positions requiring admin access
  • Onboarding external consultants needing system administration capabilities

Special Considerations:

  • SuperUser role grants broad access. Only assign to trusted administrators
  • Consider co-administrators for business continuity
  • Document why each person has SuperUser access
  • Ensure administrators understand responsibilities and security obligations

Recommended Practice:

  • Minimum two SuperUsers for any organisation (redundancy)
  • Maximum based on security principle: limit administrative access
  • Regular review of SuperUser accounts (annually at minimum)

Creating Veterinarian Accounts

Two Pathways:

1. SuperUser Creates Veterinarian Account Directly

  • Use when you know the veterinarian personally
  • When you've already verified credentials offline
  • For employed staff veterinarians
  • When immediate access needed

Process:

  1. Use Create User wizard
  2. Select "Veterinarian" role
  3. Enter professional details: licence number, clinic name, specialty
  4. Assign location access
  5. Account activated immediately with veterinarian privileges

2. Veterinarian Self-Applies (Pending Approval)

  • Veterinarians can apply for access through public-facing application
  • Applications appear in "Vet Approvals" tab
  • SuperUser reviews credentials before approval
  • Use for external veterinarians, consultants, or new professional relationships

Creating Standard User Accounts

Most Common Account Type:

  • Farm staff recording daily observations
  • Animal care technicians
  • Field researchers
  • Administrative staff

Typical Access: Specific locations only, animal observation and health recording, task management, movement logging, view reports

Not Granted: Cross-property access (unless explicitly needed), veterinary clinical features, administrative functions, regulatory oversight capabilities

Security During Account Creation

Strong Credentials:

  • Email addresses must be unique
  • System generates secure initial passwords
  • Users forced to change password on first login
  • Or send invitation email allowing user to set their own password

Access Principle:

  • Grant minimum access needed for user's job function
  • Location access limited to where user actually works
  • Permissions restricted to what user's role requires
  • Can always expand access later if needs change

Audit Logging: Every account creation logged with who created account, when, what roles/permissions granted, and initial location assignments.

Veterinarian Approval Workflow

Understanding Veterinarian Applications

Veterinarians can apply for access to your organisation's Kora instance if they provide professional services to your animals. Applications allow SuperUsers to verify credentials before granting clinical access.

Application Contains:

  • Veterinarian's name and email
  • Veterinary licence number
  • Clinic name or practice affiliation
  • Professional specialty
  • Reason for access request
  • Which animals or facilities they work with

Why Approval Is Needed:

  • Veterinarians have clinical privileges (diagnose diseases, prescribe treatments, create legally binding observations)
  • Veterinary observations affect biosecurity, traceability, regulatory compliance
  • Fraudulent veterinarian access poses serious risks
  • Professional credential verification ensures only qualified veterinarians have clinical access

Reviewing Applications

Access pending applications in the "Vet Approvals" tab.

For Each Application:

1. Verify Professional Credentials

  • Check veterinary licence number against official registry
  • Many jurisdictions have online licence lookup
  • Confirm licence is current (not expired or suspended)
  • Verify veterinarian is authorised to practice in your jurisdiction

2. Verify Professional Identity

  • Does the application match a known veterinarian?
  • If new relationship, verify clinic affiliation
  • Check professional references if needed
  • Confirm legitimacy of clinic or practice

3. Assess Access Request

  • Why is this veterinarian requesting access?
  • Do they actually provide services to your animals?
  • Which facilities or animals will they work with?
  • Is access appropriate given their professional relationship?

4. Approve or Deny

Approve When: Credentials verified as legitimate and current, veterinarian has professional relationship with your organisation, access request is appropriate and reasonable, no security concerns identified

Deny When: Cannot verify credentials, licence expired/suspended/invalid, no legitimate professional relationship, suspected fraudulent application, security concerns

Approval Actions

When Approving:

  1. Click "Approve" on application
  2. Assign location access
  3. Set permissions
  4. Add internal notes
  5. Confirm approval

Result: Veterinarian account activated immediately, receives email notification, can log in and provide clinical services, has full access to veterinary features (Chapter 20), observations marked as professional veterinary observations

When Denying:

  1. Click "Deny" on application
  2. Provide reason for denial (logged in audit trail)
  3. Optionally contact veterinarian explaining denial

Result: Application rejected, veterinarian cannot access system, can reapply if issues resolved

Post-Approval Management

After approval, veterinarian accounts can be: Modified (change location access, adjust permissions), locked (temporarily disable access), deleted (permanent removal when relationship conclusively ends)

Regular Review Recommended: Annually review all veterinarian accounts, verify professional relationships still active, confirm credentials remain current, revoke access for veterinarians no longer providing services

Role Management

Understanding Roles

Roles determine what users can do in Kora. Users can have one primary role or multiple roles if their responsibilities span different areas.

Available Roles:

SuperUser: Full administrative access, user management, system configuration, Knowledge API administration, cross-organisation visibility, security and audit access, most powerful role (grant carefully)

Veterinarian: Clinical features (veterinary observations, diagnoses, prescriptions), multi-property access across clients, professional directory visibility, clinical documentation and reporting, Knowledge Hub integration for diagnoses

User (Standard User): Animal management features (observations, tasks, movements), limited to assigned locations, cannot create veterinary observations, operational features without clinical or administrative privileges

Regulator: Compliance oversight capabilities (if regulatory features enabled), cross-property visibility within jurisdiction, inspection and audit access, cannot modify operational data, read-focused role for regulatory oversight

CAHW (Community Animal Health Worker): Simplified workflows for field-level animal care, basic health interventions, supervised treatment protocols, mobile-optimised features

Additional roles may exist depending on your instance's feature flags and organisational needs.

Assigning Roles

From User Creation: Assign primary role during account creation, can assign multiple roles if user has combined responsibilities

Modifying Existing Users:

  1. Access User Directory
  2. Select user account
  3. Navigate to "Roles" section
  4. Add or remove roles
  5. Confirm changes

Best Practices:

  • Assign minimum roles needed for job function
  • Document why users have specific roles (especially administrative roles)
  • Regular role audits (ensure roles still match current responsibilities)
  • Remove roles promptly when responsibilities change

Multi-Role Users

Some users need multiple roles:

Example 1: Veterinarian Who Also Administers System - Veterinarian role (provide clinical services) + SuperUser role (manage user accounts for practice)

Example 2: Farm Manager with Wildlife Work - User role (farm operations) + Wildlife Manager role (conservation activities on same property)

Example 3: Regulatory Veterinarian - Veterinarian role (clinical inspections) + Regulator role (compliance oversight)

When assigning multiple roles: Ensure user understands different capabilities, clarify when they're acting in which role, audit logs distinguish actions by role context

Bulk Operations

When to Use Bulk Operations

Common Scenarios:

  • New facility onboarded with 20 staff needing access to new location
  • Organisational restructure changing many users' roles
  • Security policy update requiring permission changes across user groups
  • Seasonal workers hired/departing in groups

Instead of modifying users one-by-one, bulk operations allow: Select multiple users, apply same change to all selected users, save significant time for large-scale updates

Bulk Operation Types

Bulk Role Assignment: Select users, add role to all selected users

Bulk Role Removal: Select users, remove role from all selected users

Bulk Location Assignment: Select users, grant access to specific locations for all selected users

Bulk Permission Updates: Select users, modify specific permissions for all selected users

Bulk Account Status Changes: Lock multiple accounts, unlock accounts

Performing Bulk Operations

Process:

  1. Access "Bulk Operations" tab
  2. Select users (individual selection or filter-based selection)
  3. Choose operation type
  4. Configure operation details
  5. Review summary of users affected
  6. Confirm bulk operation

Safety Features:

  • Confirmation dialogue showing exactly what will change
  • Preview of affected users
  • Undo not available (carefully review before confirming)
  • Audit log records bulk operation details

Best Practices:

  • Test on single user first if unsure
  • Review selection carefully (ensure only intended users selected)
  • Document reason for bulk operation
  • Inform affected users if operation significantly changes their access

User Activity & Audit Logs

Monitoring User Activity

Why Monitor User Activity: Security (detect unusual access patterns), compliance (document user actions for regulatory audits), troubleshooting (understand what users were doing when issues occurred), training (identify users who may need additional support)

What User Activity Shows: Login history, observations recorded, animals accessed or modified, locations visited, tasks created or completed, administrative actions performed

Access User Activity: From User Directory, click specific user, view "Activity" tab, select date range, filter by activity type

Common Use Cases: Verify user actively using system, investigate unusual activity during security review, document user actions during compliance audit, confirm user performed specific action

Audit Logs for User Management

Every user management action is logged:

What's Logged:

  • Account creation
  • Role assignments
  • Permission changes
  • Veterinarian approvals
  • Account locks/unlocks
  • Account deletions
  • Bulk operations

Why This Matters:

Security: If unauthorised account created, audit log shows who created it and when.

Compliance: Regulatory audits require documentation of access control decisions.

Accountability: Every action traces to specific SuperUser account with timestamp.

Troubleshooting: If user reports access issues, audit logs show what changed and when.

Accessing Audit Logs

User-Specific Audit Logs: View from individual user details page, shows all actions affecting that specific user

System-Wide Audit Logs: Access from Security & Audit section (Chapter 27.5), shows all user management actions across organisation, filter by date range, SuperUser, action type

Audit Log Details: Timestamp, SuperUser who performed action, action type, details (what specifically changed), reason (if documented during action)

Audit Log Security: Audit logs are immutable (cannot be modified after creation), even SuperUsers cannot delete or alter audit logs, ensures integrity for security and compliance investigations

User Management Best Practices

Security Principles

Least Privilege: Grant minimum access needed for job function, expand access only when demonstrated need arises, regularly review and reduce excessive permissions

Separation of Duties: No single user should have total control, multiple SuperUsers for organisational continuity, clinical access and administrative access generally separated

Regular Access Review: Quarterly review of all user accounts, annually review all role assignments, promptly revoke access when users leave organisation

Credential Verification: Always verify veterinarian licences before approval, document verification process, re-verify periodically for long-term professional relationships

Operational Best Practices

Timely Onboarding: Create accounts before user's first day, provide training resources with account credentials, assign onboarding buddy or supervisor

Timely Offboarding: Lock accounts immediately when user leaves, review user's data and transfer ownership if needed, delete account after appropriate retention period

Documentation: Document why SuperUser access was granted, note professional relationships for veterinarians, record reasons for role changes, maintain organisational access control policy

Communication: Inform users when roles or access changes, explain limitations and capabilities of assigned roles, provide training appropriate to role responsibilities

Compliance Considerations

Data Protection: User accounts contain personal information, comply with data protection regulations, only collect information necessary for system operation, protect user data from unauthorised access

Veterinary Regulation: Verify veterinarian credentials against official registries, ensure only licensed professionals have clinical access, document verification for regulatory review, revoke access if licence expires or is suspended

Audit Requirements: Maintain audit logs for required retention period, provide audit log access during regulatory reviews, document access control decisions, demonstrate appropriate user access governance

Common User Management Workflows

Workflow 1: Onboarding New Staff Member

Scenario: New farm manager hired, needs access to manage cattle operations.

Steps:

  1. Access User Management, Create User
  2. Enter basic information (name, email, phone)
  3. Assign "User" role
  4. Grant location access (Cattle Operations facility only)
  5. Assign permissions (observations, tasks, animal management, movement logging)
  6. Review and create account
  7. Send credentials to new staff member
  8. Schedule onboarding training
  9. Verify first login and access

Time Required: 10 minutes

Workflow 2: Approving Veterinarian Application

Scenario: Dr. Johnson applies for access to provide services at your dairy.

Steps:

  1. Access User Management, Vet Approvals
  2. Review Dr. Johnson's application
  3. Verify veterinary licence with state veterinary board online registry
  4. Confirm clinic affiliation
  5. Check: Does Dr. Johnson provide services to our dairy? Yes, primary vet
  6. Click "Approve"
  7. Assign location access
  8. Add note: "Primary vet for Smithfield Dairy, verified licence #VET-12345"
  9. Confirm approval
  10. Email Dr. Johnson confirming access granted

Time Required: 15 minutes (including credential verification)

Workflow 3: Responding to Security Concern

Scenario: IT team reports suspicious login attempts for user account.

Steps:

  1. Access User Management, User Directory
  2. Search for reported user account
  3. Click "Lock Account" immediately
  4. Review user activity logs for unusual patterns
  5. Check recent actions
  6. Contact user to verify legitimate activity or confirm compromise
  7. If compromise confirmed: Reset password, review what data was accessed, document incident, unlock account after password reset and user verification
  8. If security threat confirmed: Keep account locked, contact IT/security team, escalate to organisational security procedures

Time Required: 30 minutes to several hours depending on severity

Workflow 4: Quarterly Access Review

Scenario: Regular compliance requirement to review all user access.

Steps:

  1. Access User Management, User Directory
  2. Export complete user list with roles and permissions
  3. Review each user: Still employed/active? Roles still match job responsibilities? Location access still appropriate? Last activity date reasonable?
  4. Document review findings
  5. Make necessary changes: Remove departed users, adjust roles for role changes, update location access for reorganisations, lock inactive accounts pending investigation
  6. Document review completion for compliance records
  7. Report summary to management/compliance officer

Time Required: 2-4 hours depending on organisation size

Troubleshooting Common User Management Issues

Issue: Veterinarian Can't Access Clinical Features

Possible Causes: Veterinarian application still pending, Veterinarian role not assigned, account locked, specific permissions disabled

Resolution:

  1. Check Vet Approvals tab (application pending?)
  2. View user details (Veterinarian role assigned?)
  3. Check account status (locked?)
  4. Review permissions (clinical features enabled?)

Issue: User Can't See Specific Location

Possible Causes: User not assigned access to that location, location was archived or deleted, permission level too restrictive

Resolution:

  1. View user details, Location Access
  2. Add missing location if appropriate
  3. Verify location still exists in system
  4. Check permission level allows location visibility

Issue: Bulk Operation Didn't Work as Expected

Possible Causes: Wrong users selected, operation type didn't match intention, permissions prevented change, system error during bulk operation

Resolution:

  1. Review audit logs (what actually happened?)
  2. Check affected users individually
  3. Determine what went wrong
  4. Manually correct if needed
  5. Re-attempt bulk operation if system error

Issue: Can't Verify Veterinarian Credentials

Possible Causes: Licence number incorrect or mistyped, licence from different jurisdiction than expected, licence expired or suspended, veterinary board registry offline

Resolution:

  1. Contact veterinarian for correct licence number
  2. Verify jurisdiction (which state/country issued licence?)
  3. Check multiple veterinary board registries if multi-jurisdiction
  4. If unable to verify, deny application with explanation
  5. Veterinarian can reapply with correct information
WORDS
[3,166]
READ TIME
[16m]