User Management controls who can access the system, what they can see, and what actions they can perform.
Access is managed using Users, Roles, and Permissions.
Click any of the following links to skip ahead:
Accessing User Management
Navigate to:
TMS → User Management
Tabs available:
Users – individual accounts
Roles – permission groupings
Permissions – individual system actions
Users
The Users tab lists everyone with access to the system.
Fields shown:
Name
Email
Role
Status
Verified
Last Login
Created Date
Adding a New User
Use Add New User to invite someone to access the system via email.
Steps
Go to TMS → User Management → Users
Click Add User
Select a Role (required)
Enter the user’s Email Address
Click Send Invitation
Invitation Process
When an invitation is sent:
The user receives an email with a secure registration link
The user sets their own password
The invitation expires after 24 hours
The assigned role and permissions apply immediately once registration is complete
Role Selection (Important)
The selected role determines what the user can see and do
Roles can be changed later if needed
Users without a role will have no effective access
Users without a role will not have meaningful access until a role is assigned.
Invite User vs Quick Add
Invite User (recommended): Secure email-based onboarding
Quick Add: Admin-created account (used sparingly, typically internal)
Best Practices
✅ Always assign the correct role upfront
✅ Use Invite User for customers and external users
❌ Avoid sharing accounts between users
❌ Do not use Admin unless absolutely required
User Status
Active – User can log in
INACTIVE– Login blocked (recommended instead of deletion)
Roles
Roles define what a user can do by grouping permissions together.
Role Types
-
System Roles
Core platform roles (e.g. ICOSAdmin)
Limited editing
-
Common Roles
Customer and operational roles
Can be created, edited, and deleted
Creating or Editing a Role
Click Add Role or select an existing role
-
Enter:
Role Name
Description
Type (Common / System)
Set status
Save
Inactive roles cannot be assigned to users.
Permissions
Permissions are individual actions (view, create, edit, delete) tied to system resources.
Each permission includes:
Name (e.g. vehicles.edit
Resource (vehicles, customers, apikeys)
Action
Category
Status
In Use indicator
Creating a Permission
Click Add Permission
-
Define:
Permission name
Resource
Action
Category
Save
Permissions marked In Use are currently assigned to roles and cannot be safely removed without impact.
Role Matrix (Recommended Access Model)
Role |
Typical Access |
|---|---|
ICOSAdmin |
Full system access, configuration, security |
OwnerAdmin |
Manage customers, users, vehicles, bookings |
Operations Manager |
Operational oversight, reporting, dispatch |
Dispatcher |
Create and manage bookings, assign drivers |
Driver |
View assigned jobs only |
Customer |
View own bookings and data |
User |
General staff access (read + limited edit) |
ReadOnly |
Reporting and auditing access |
Common Scenarios
Adding a New Staff Member
Create user
Assign User, Dispatcher, or Operations Manager
Confirm login works
Giving a Customer Portal Access
Create user
Assign Customer role
Limit visibility to their own data
Removing Access Quickly
Set user to Inactive
Do not delete unless required
Auditors or External Review
Assign ReadOnly
No edit or delete permissions
Best Practices
✅ Assign roles, not permissions, to users
✅ Keep System roles tightly controlled
✅ Use Inactive instead of deleting users
✅ Review permissions periodically
❌ Avoid creating “one-off” custom roles unless necessary
Summary
Users = who
Roles = what they’re allowed to do
Permissions = the individual actions
This structure keeps access secure, scalable, and auditable.