User Management
User management lets you control who accesses the platform, with what permissions and within which company. Every user is always associated with a specific company in the multi-tenant architecture.
Create or invite a user
To add a new user, go to the company's user section and select Invite user. Enter the email address and choose the role to assign.
The user will receive an invitation by email with instructions to complete registration. If the user already has an account on the platform, they will be linked directly to the company.
Available roles
Queria uses a three-level role system to manage permissions within each company.
Company Admin
Has full control over the assigned company. Can manage users, documents, knowledge base, configurations and monitor consumption. Accesses the admin panel limited to their own company.
Key permissions:
- Full company user management
- System prompt and Cog-RAG configuration (now in DSL canvases)
- Knowledge base and document management
- External sources and storage configuration
- Bot identity customization
- Consumption statistics view
Editor
Can upload and manage documents, create conversations and use all search and chat features. Has no access to admin settings.
Key permissions:
- Document upload and management
- Conversation creation and management
- Semantic search usage
- Access to enabled external sources
- Document generation (if covered by subscription)
Reader
Read-only access. Can consult documents, start conversations with the AI assistant and use search, but cannot upload or modify content.
Key permissions:
- Consult existing documents
- Conversations with the AI assistant
- Search across documents and knowledge base
- View external sources
Login methods
Queria supports multiple authentication methods to fit each organization's needs.
OAuth
Login via external providers simplifies credential management and improves security. Supported:
- Google: login with personal or company Google account (Google Workspace)
- Microsoft: login with personal or company Microsoft account (Microsoft 365)
First OAuth login automatically creates the account if the email matches an active invite.
Email and password
Traditional email and password authentication is always available. Passwords must meet the minimum complexity requirements set by the platform.
Access management
Platform access for Company Admin
Company Admins access their company's admin panel directly from the main interface. Admin menu items are visible only to those with the appropriate role.
Topic assignment (Multi-topic)
Every Editor and Reader must have at least one assigned topic. Topics determine which documents the user can see and where they can upload.
- In the user edit sheet, the topic selector lets you assign multiple topics at once
- Select topics by clicking available tags
- Remove a topic by clicking the X on the tag
- At least 1 topic is mandatory for Editor and Reader
TIP
If an Editor has only one assigned topic, the system selects it automatically during document upload.
Role change
A user's role can be changed at any time by the Company Admin. The change takes effect immediately and the user will see the updated interface on next access.
User deactivation
A user can be deactivated without being deleted. The deactivated user cannot log in but their data and conversations remain available for consultation.
Reactivation restores access with the same role and data.
TIP
Prefer deactivation over deletion: it preserves conversation history and simplifies any future access restoration.
Best practices
- Assign the minimum role needed for each user (principle of least privilege)
- Use OAuth where possible to centralize credential management
- Assign at least two Company Admins per company for operational continuity
- Periodically review accesses and deactivate no-longer-active users
- Clearly communicate to users their role and the features they have access to
- Verify email addresses are correct before sending invitations
Notice
Deleting a user is different from deactivating: it permanently removes the account and is not reversible. Associated conversations are preserved but no longer attributable.