Skip to content
NovaVMS Manual

Change a user's role

Changing a user’s role takes effect on their next page load. Active sessions keep their current permissions until the user’s access token expires (up to 15 minutes) or they refresh the page. Role changes are recorded in the audit log as user.role_changed with both the previous and new role.

Who can change which role

You areYou can change toYou cannot change to
AdminViewer, Operator, AdminOwner (must use Transfer ownership); and you cannot demote the current Owner
OwnerViewer, Operator, AdminDirectly promote to Owner — ownership moves only through the Transfer Ownership flow (D79)

Operators cannot change any user’s role. User administration sits on the governance side of the D81 split — see Governance vs operations.

Procedure

  1. Open Admin → Users.
  1. Click the row of the user you want to change.
  1. In the edit panel, open the Role dropdown.
  1. Select the new role.
  1. Click Save.
  1. If you demoted the user from Admin or Operator to Viewer, also assign their sites. Viewers without site rows see nothing.

Common variations

  • Promote to Owner: not possible here. Use Transfer ownership — a 7-day nomination with an explicit accept step.
  • Bulk role change: no UI for this in v1. Use the CSV import at Bulk import users with the role column to re-apply roles across a file.

If this didn’t work

  • If the Role dropdown is greyed out, this user is the only Admin in the org — demoting them would leave the org without an admin. The Owner counts as an Admin for this check.
  • If Save returns 403 FORBIDDEN, you are attempting a change your role cannot perform (for example, an Admin trying to demote the Owner). See Roles and permissions.
  • If the user still appears to hold their old permissions after you saved, their access token has not expired yet. The change becomes effective within 15 minutes, or instantly if they sign out and back in.