User Management
Why User Management?
School organizations are run by teams. User management lets you:
- Share the Workload: Multiple people can enter transactions
- Enable Oversight: Board members can view financial reports
- Maintain Security: Control who can change data
- Track Accountability: Know who did what
Permission Levels
BeeKeeper uses three permission levels:
Admin
Full access to everything:
- Create, edit, delete transactions
- Manage budgets and amendments
- Run all reports
- Manage users and permissions
- Change organization settings
- Connect bank accounts
Best for: Treasurer, President, VP of Finance
Editor
Can work with financial data:
- Create and edit transactions
- Manage expense reports
- Run reports
- View budgets
Cannot:
- Manage users
- Change organization settings
- Approve budgets
- Connect banks
Best for: Assistant Treasurer, Financial Secretary
Viewer
Read-only access:
- View transactions
- Run reports
- View budgets
Cannot:
- Create or edit anything
- Approve expense reports
- Change any settings
Best for: Board members, auditors, oversight roles
Managing Users
Viewing Current Users
- Go to Settings
- Select Users
- See list of all users with:
- Name
- Permission level
- Status (Active, Pending)
Inviting a New User
- Go to Settings > Users
- Click Invite User
- Enter their email address
- Select permission level (Admin, Editor, Viewer)
- Click Send Invitation
The invitee receives an email with:
- Invitation to join your organization
- Link to create their account (or sign in)
- 15-day expiration notice
Invitation Workflow
Invitation Sent → Pending → Accepted → Active
↓
Expired (15 days)
Resending an Invitation
If someone didn’t receive or lost their invitation:
- Find them in the user list
- Click Resend Invitation
- A new invitation email is sent
- Expiration resets to 15 days
Changing Permissions
To change someone’s access level:
- Find them in the user list
- Click Edit
- Select new permission level
- Click Save
Changes take effect immediately.
Removing a User
To revoke someone’s access:
- Find them in the user list
- Click Remove
- Confirm the action
The user:
- Loses access immediately
- Cannot see organization data
- Their historical actions remain in audit logs
Team Composition Best Practices
Recommended Setup
| Role | Permission | Why |
|---|---|---|
| Treasurer | Admin | Needs full access |
| President | Admin or Viewer | Oversight, possibly full access |
| Assistant Treasurer | Editor | Help with data entry |
| Board Members | Viewer | Monitor finances without risk |
| Auditor | Viewer | Annual review access |
Security Principles
Least Privilege: Give people only the access they need.
- Don’t make everyone an Admin
- Use Viewer for oversight roles
- Reserve Editor for active contributors
Shared Responsibility: Avoid single points of failure.
- At least 2 Admins recommended
- Ensures continuity if someone is unavailable
- Enables oversight of treasurer
Annual Review: Check access periodically.
- Remove users who left the board
- Update permissions for role changes
- Ensure current officers have appropriate access
Transitioning Leadership
End of Year Process
Before transition:
- Invite incoming officers with appropriate levels
- Train them on BeeKeeper
- Have them accept invitations
After transition:
- Update permissions for new roles
- Remove outgoing officers (or change to Viewer)
- Verify Admin access for new leadership
Documentation:
- Note who has access in transition documents
- Include BeeKeeper login instructions
- Document any special procedures
Mid-Year Changes
When someone leaves mid-term:
- Remove their access immediately
- Review any pending work they had
- Assign their responsibilities to others
- Add replacement if position is filled
Pending Invitations
Why Invitations Expire
Invitations expire after 15 days for security:
- Prevents old invitations from being used later
- Ensures current intent to grant access
- Limits exposure if email is compromised
Handling Expired Invitations
If someone’s invitation expired:
- Verify they still need access
- Send a new invitation
- Confirm they received it
- Follow up if not accepted promptly
Extending Invitations
To extend before expiration:
- Find the pending invitation
- Click Extend
- 15 more days are added
Account Creation
For Invited Users
When someone accepts an invitation:
- They click the link in the email
- If they have a BeeKeeper account: sign in
- If new: create an account with:
- Name
- Password
- They’re added to your organization automatically
Single Sign-On
If your organization uses SSO:
- Users authenticate through your identity provider
- No separate BeeKeeper password needed
- Permissions still managed in BeeKeeper
Tips for User Management
Onboarding New Users
- Send invitations before their first meeting
- Provide a brief orientation
- Share relevant documentation
- Start them with appropriate training data
Maintaining Security
- Remove users promptly when they leave
- Review user list quarterly
- Don’t share login credentials
- Use individual accounts (not shared logins)
Supporting Your Team
- Answer questions about BeeKeeper
- Create consistent procedures
- Document who handles what
- Back up key users with secondary access
Limitations
- Maximum 50 users per organization
- Users can belong to multiple organizations
- Cannot transfer ownership (only add/remove Admins)
- Email address must be unique per user
- Cannot customize permission levels (only Admin/Editor/Viewer)
Common Questions
Can one person have multiple roles in different organizations? Yes. Users can be invited to multiple organizations with different permission levels in each.
What if someone forgets their password? They use the “Forgot Password” feature on the login page. You don’t need to do anything.
Can I see what actions a user took? Yes, audit logs track who created/modified transactions. Contact support for detailed audit reports.
What happens to their work if I remove a user? All transactions and records remain. The user just can’t access them anymore.
Can I temporarily disable someone? Not directly. Remove them and re-invite later, or change to Viewer to limit access.
How do I make someone else the primary Admin? All Admins have equal authority. Ensure the right people have Admin access; there’s no “owner” designation.
Was this helpful?