tupicAcademy

Tutorial — Managing Users & Roles

·course·2026-06-12

Tutorial — Managing Users & Roles

What This Tool Is For

How to give each person exactly the access their job needs — and review it as the team changes.

Step-by-Step Walkthrough

Step 1 — When someone joins, create their account and assign a role from the tiered set — from view-only, through analyst and contributor levels, up to administrative tiers. Each tier includes the rights of the ones below and adds specific abilities.

Step 2 — Assign the LOWEST tier that lets them do their job. Granting "admin to be safe" is how every access mess begins; upgrading later takes one minute.

Step 3 — Keep duties separated for sensitive actions: the person who enters large invoices shouldn't be the only one who can approve their payment. Use the tiers to enforce this naturally.

Step 4 — Quarterly review: read the user list against reality — leavers deactivated, changed jobs re-tiered, and any account whose access nobody can explain investigated.

Real-World Example

Scenario: A new bookkeeper joins: contributor tier — can enter costs and settle items, cannot manage users or change structural settings. An external consultant gets view-only for one quarter. When the consultant's engagement ends, their account is deactivated the same day — and in the quarterly review, the team also catches a long-departed intern's forgotten account and closes it. Nothing dramatic ever happens, which is precisely the point of the routine.

Tips & Common Mistakes

  • Least-privilege is a habit, not a policy document: default low, upgrade on demonstrated need.
  • Deactivate, don't delete, departed users — their historical entries still need an attributable author.
  • The scariest finding in access reviews is never a hacker; it's the forgotten account with high access. Hunt those.

Everything described in this tutorial is a working feature of TupicFinance, the financial management platform of the Tupic ecosystem. The screens, workflows, and guardrails above behave exactly as written there — this guide doubles as the platform's user manual for this tool.

    share