The User Administration role is a built-in system role designed for teams that need someone to create and manage users without giving them full administrator access across the platform.
It’s a good fit for operations or team leads who handle onboarding/offboarding, password help, and invitations—but shouldn’t touch high-impact admin areas.
Purpose
Users with the User Administration role can manage users and basic user access details, while staying restricted for admin-only tools and system areas.
What this role can do
Manage users
Any user with this role can access the Users App and perform key user-management actions, including:
- Edit user profiles
- Send invitations
- Reset Passwords
Edit supported fields
- First name / Last name
- Phone
- Title
Manage access-related sections
- Access level
- Sites
- Accounts
- Themes
- Email-related controls
What this role cannot do
The role is explicitly meant to avoid full admin power. For example, it does not grant access to admin-only areas such as (but not limited to):
- Jobs
- Automations
- Webhooks
Also, compared to ofull admins, this role does not get every user-related app action available in the UI.
Works with Organizations
If your tenant has Organizations enabled, user creation follows stricter rules for non-admins.
- Organization is required when creating a user (you can’t save a new user without selecting one).
- After selecting an organization, User Administrators and non-admins can’t change it later.
Role Hierarchies and User Administration
The User Administration role was creatted alongside a feature called Role Hierarchies, which controls which roles a user is allowed to assign when creating or managing other users.
When Role Herarchies are configured
Role Hierarchies define a “role tree”. A user can only create/manage users with roles that exist within their allowed branch.
Example
- User Administration > Role 2 > Role 3
In this model, a User Administrator could assign User Administration, Role 2 and Role 3, but not roles outside that tree (such as full admin does).
Note: If User Administration is not included in the Role Hierarchies configuration, it may not inherit those hierarchy limits—and could potentially assign a borader set of roles (still constrained by whatever rules your tenant enforces for that role).
If you use User Administration, it’s best to also configure Role Hierarchies so role assignment stays intentionally limited.
