Users. Quick start
When BeAdmin is installed, a first user with administrator rights is created — for the email address you specified in the installation guide. If several people use the panel — colleagues, freelancers, clients, developers — create a separate account for each one and grant only the rights they need. Each has their own password and their own activity log, and access can be revoked when needed without affecting the others.
The "Users" section is available right after the panel is installed — there is nothing to install.
Creating a user
- Open the "Users" section in the side menu of the panel.
- Click "Create user" at the top of the list — the "Create new user" dialog will open.
- Fill in the fields:
- "Name" — an arbitrary display name used inside the panel. Up to 64 characters, any characters allowed.
- "Email" — the login for
BeAdminand the address service notifications are sent to. The address must be unique: if it is already linked to another account, an error appears and the user is not created. - "Password" — from 8 to 255 characters, with at least one letter and one number. If you do not want to come up with a password yourself, use the generator button next to the field.
- "Admin" — the checkbox below the fields. If enabled, the user gets full access to the panel right away — the "Access rights" tab does not need to be configured. The flag can be toggled later on the user's "Account" tab.
- Click "Create".
The new user appears in the list on the left, and their card opens automatically.
💡 Full access via the "Admin" flag
If a user needs full access — set the "Admin" flag at this step and skip the next section.
Configuring access rights
The user card has two tabs: "Account" (name, email, password change, admin flag) and "Access rights". Open the second one.
⚠️ If the "Admin" flag is set
On the "Access rights" tab, instead of the access groups you will see the message "This user has Admin access." To configure rights by group, first clear the "Admin" flag on the "Account" tab and click "Update".
The "Access rights" tab shows a list of access groups: one group per module plus separate groups for the key system sections. Each group has a three-state switch:
- "None" — the section is fully hidden from this user's side menu.
- "Read" — the user sees lists and state but cannot create, edit or delete anything. The "With Read user can:" line below the group lists the exact allowed actions — for MariaDB, for example, "View database list", "View user list", and so on.
- "Write" — full access to the group: view, create, edit, delete. The "With Write user can:" line below the group lists the exact allowed actions: "Create databases", "Delete users", "Import data into databases", and so on.
The lists below each group are the precise set of actions available to the user at that level. Rely on them, not just on the level name.
Subgroups for larger modules
For some modules the rights are split into subgroups — for example, MariaDB, Mail, Nginx, Apache, Docker. Typical subgroups: "Install module", "Manage module" and "Manage ..." (for example, "Manage databases and users" for MariaDB). This lets you grant a user the rights to work with the module's entities without granting the rights to install or uninstall the module itself — or the other way round.
Searching for groups
Above the list of groups there is a "Search access groups" field. It comes in handy when there are many modules: it filters by both module name and current rights level.
Once the levels are set for the groups you need, click "Update" in the bottom panel of the page. The button is active only while there are unsaved changes — so you can immediately see that you have changed something.
Verifying the rights
Open the panel in incognito mode or in a different browser and sign in with the newly created account. Make sure that:
- the side menu shows exactly the sections to which you granted "Read" or "Write", and hides those set to "None";
- inside sections with the "Read" level the create and delete buttons are indeed unavailable.
Without this step it is easy to accidentally grant extra rights or, conversely, forget to open a section that is needed.
Useful recommendations
- The minimum required set. Enable "Write" only where the user really needs to create or change entities; in the rest of the groups use "Read" or "None".
- Module installation is a separate privilege. If a user does not need to install or uninstall modules, do not grant the "Write" level in the "Install module" subgroup — this is a server-level operation.
- If you have lost the administrator password and there are no other administrators in the panel, the password can be reset from the server console — see Recovering a user password via SSH.