User Management
User Management
Why User Management?
School organizations are run by teams. User management lets you:
- Share the Workload: Multiple people can enter transactions
- Enable Oversight: Board members can view financial reports
- Maintain Security: Control who can change data
- Track Accountability: Know who did what
Permission Levels
BeeKeeper uses three permission levels:
Admin
Full access to everything:
- Create, edit, delete transactions
- Manage budgets and amendments
- Run all reports
- Manage users and permissions
- Change organization settings
- Connect bank accounts
Best for: Treasurer, President, VP of Finance
Editor
Can work with financial data:
- Create and edit transactions
- Manage expense reports
- Run reports
- View budgets
Cannot:
- Manage users
- Change organization settings
- Approve budgets
- Connect banks
Best for: Assistant Treasurer, Financial Secretary
Viewer
Read-only access:
- View transactions
- Run reports
- View budgets
Cannot:
- Create or edit anything
- Approve expense reports
- Change any settings
Best for: Board members, auditors, oversight roles
Managing Users
Viewing Current Users
- Go to Settings
- Select Team
- See the Team Members list of all users with:
- Name
- Email Address
- Access (permission level)
- Status (Invited, Accepted, Expired)
Inviting a New User
- Go to Settings > Team
- Click Invite User
- Enter their Full Name and Email Address
- Select an access level (Admin, Editor, Viewer)
- Submit the form to send the invitation
The invitee receives an email with:
- Invitation to join your organization
- Link to finish setting up their account (or sign in)
- 15-day expiration
Invitation Workflow
Invitation Sent → Invited → Accepted
↓
Expired (15 days)
Resending an Invitation
If someone didn’t receive or lost their invitation:
- Find them in the Team Members list
- Click Resend (shown next to anyone who hasn’t accepted yet)
- A new invitation email is sent
- Expiration resets to 15 days
Changing Permissions
There is no in-place edit for an existing user’s access level. To change someone’s access:
- Remove them from the Team Members list
- Invite them again with the new access level
Removing a User
To revoke someone’s access:
- Find them in the Team Members list
- Click Remove
- Confirm the action
The user:
- Loses access immediately
- Cannot see organization data
- Their historical actions remain in audit logs
You cannot remove your own account from the Team Members list.
Team Composition Best Practices
Recommended Setup
| Role | Permission | Why |
|---|---|---|
| Treasurer | Admin | Needs full access |
| President | Admin or Viewer | Oversight, possibly full access |
| Assistant Treasurer | Editor | Help with data entry |
| Board Members | Viewer | Monitor finances without risk |
| Auditor | Viewer | Annual review access |
Security Principles
Least Privilege: Give people only the access they need.
- Don’t make everyone an Admin
- Use Viewer for oversight roles
- Reserve Editor for active contributors
Shared Responsibility: Avoid single points of failure.
- At least 2 Admins recommended
- Ensures continuity if someone is unavailable
- Enables oversight of treasurer
Annual Review: Check access periodically.
- Remove users who left the board
- Update permissions for role changes
- Ensure current officers have appropriate access
Transitioning Leadership
End of Year Process
Before transition:
- Invite incoming officers with appropriate levels
- Train them on BeeKeeper
- Have them accept invitations
After transition:
- Set up the right access for new roles (remove and re-invite if a level needs to change)
- Remove outgoing officers (or re-invite them as a Viewer)
- Verify Admin access for new leadership
Documentation:
- Note who has access in transition documents
- Include BeeKeeper login instructions
- Document any special procedures
Mid-Year Changes
When someone leaves mid-term:
- Remove their access immediately
- Review any pending work they had
- Assign their responsibilities to others
- Add replacement if position is filled
Pending Invitations
Why Invitations Expire
Invitations expire after 15 days for security:
- Prevents old invitations from being used later
- Ensures current intent to grant access
- Limits exposure if email is compromised
Handling Expired Invitations
If someone’s invitation expired:
- Verify they still need access
- Click Resend to send a new invitation (this resets the 15-day window)
- Confirm they received it
- Follow up if not accepted promptly
Account Creation
For Invited Users
When someone accepts an invitation:
- They click the link in the email
- Their organization access is activated
- They’re directed to sign in with their FutureFund ID (or create one if they don’t have one yet)
- They’re added to your organization automatically
The name you entered when inviting them is used for their team listing.
Centralized Sign-In
BeeKeeper uses FutureFund’s centralized sign-in for all users:
- Users authenticate with their FutureFund ID across FutureFund products
- There is no separate, BeeKeeper-only password
- Organization permissions are still managed in BeeKeeper
Tips for User Management
Onboarding New Users
- Send invitations before their first meeting
- Provide a brief orientation
- Share relevant documentation
- Start them with appropriate training data
Maintaining Security
- Remove users promptly when they leave
- Review user list quarterly
- Don’t share login credentials
- Use individual accounts (not shared logins)
Supporting Your Team
- Answer questions about BeeKeeper
- Create consistent procedures
- Document who handles what
- Back up key users with secondary access
Limitations
- Users can belong to multiple organizations
- Cannot transfer ownership (only add/remove Admins)
- Email address must be unique per user
- Cannot customize permission levels (only Admin/Editor/Viewer)
- Access levels cannot be edited in place — remove and re-invite to change a level
Common Questions
Can one person have multiple roles in different organizations? Yes. Users can be invited to multiple organizations with different permission levels in each.
What if someone forgets their password? They use the “Forgot Password” feature on the FutureFund sign-in page. You don’t need to do anything.
Can I see what actions a user took? Yes, audit logs track who created/modified transactions. Contact support for detailed audit reports.
What happens to their work if I remove a user? All transactions and records remain. The user just can’t access them anymore.
Can I temporarily disable someone? Not directly. Remove them and re-invite later, or re-invite them as a Viewer to limit access.
How do I make someone else the primary Admin? All Admins have equal authority. Ensure the right people have Admin access; there’s no “owner” designation.
Was this helpful?