Use this procedure to modify existing user accounts when responsibilities change, roles need adjustment, or website access requires updating.
Prerequisites
- You have Admin role permissions (only Admins can modify users)
- You've determined what needs to change (role, password, or website access)
- You've documented the business justification for the modification
- User has been informed of pending changes
Step-by-Step: Update User Account
1. Access User Management
- Log into Umami as Admin
- Navigate to Settings → Users
- Locate the user to modify
2. Document Current State
Before making changes:
- Screenshot current user configuration
- Note current role and website access
- Record why change is needed
- Store in access control documentation
3. Edit User Account
To change role:
- Select Admin (full system access) or User (limited to assigned websites)
- Understand implications: upgrading to Admin grants unrestricted access, downgrading to User requires assigning specific websites
To change password:
- Enter new password (useful for password resets or rotation)
- Share new password securely with user
- Instruct user to change it again on next login
To modify website access (User role only):
- Check/uncheck boxes for websites user should access
- Admins automatically see all websites - cannot restrict
- To restrict website access for an Admin, first downgrade to User role
4. Save Changes
- Review all modifications
- Click Save or Update
- Changes take effect immediately
- User may need to log out and back in to see updates
5. Verify and Communicate
- Verify changes saved correctly in users list
- Notify user of the modification
- Explain new capabilities or restrictions
- For role changes, provide orientation on new responsibilities
Common Update Scenarios
Promote User to Admin
Situation: User demonstrates need for system administration capabilities.
Process:
- Verify business justification for Admin access
- Document the promotion reason
- Edit user and change role to Admin
- Brief user on Admin responsibilities (user management, website creation)
- Monitor initial Admin activities
- User now sees all websites automatically
Downgrade Admin to User
Situation: Admin role no longer needed, user should have limited access.
Process:
- Document downgrade justification
- Identify which websites user still needs
- Edit user, change role to User
- Assign specific websites
- Save and verify user can access selected websites only
- Notify user of change
Add Website Access for User
Situation: User's responsibilities expanded to include additional websites.
Process:
- Edit user account
- Check boxes for additional websites
- Save changes
- Verify user sees new websites in their dashboard
- Notify user which websites they can now access
Remove Website Access for User
Situation: Project completed, user no longer needs access to specific websites.
Process:
- Edit user account
- Uncheck boxes for websites to remove
- Save changes
- Verify user no longer sees removed websites
- Export any final reports user may need before removing access
Reset Password
Situation: User forgot password or password needs rotation.
Process:
- Edit user account
- Enter new strong password
- Save changes
- Share new password securely with user
- Instruct user to change password immediately after login
Temporary Admin Elevation
Situation: User needs brief Admin access for specific task.
Process:
- Document task and expected duration
- Upgrade to Admin temporarily
- Set calendar reminder to downgrade
- Monitor activities during elevation
- Downgrade back to User immediately after task completes
- Reassign website access
Troubleshooting Update Issues
Changes Don't Take Effect
Symptoms: User reports seeing old permissions after update.
Solutions:
- Verify changes saved (check users list)
- Have user log out completely and log back in
- Clear browser cache
- Verify you edited correct user
- Check Umami server logs for errors
User Lost All Access After Downgrade
Symptoms: After changing Admin to User, user sees no websites.
Solutions:
- Verify you assigned at least one website when downgrading
- Users with zero websites have no access
- Edit user and assign appropriate websites
- User must have at least one website to see any data
Cannot Change Own Role
Symptoms: Cannot modify your own account while logged in.
Solutions:
- This is expected - prevents accidental self-lockout
- Use a different Admin account to modify your account
- If you're the only Admin, create second Admin first, then modify your account with the new Admin
Best Practices
Regular reviews:
- Quarterly review of all user permissions
- Verify roles still match responsibilities
- Identify and downgrade unnecessary Admin accounts
Principle of least privilege:
- Default to User role
- Upgrade to Admin only when system management genuinely needed
- Limit website access to minimum required
Change management:
- Document all modifications
- Capture before/after states
- Notify users before making changes
- Follow up to verify changes worked
Password management:
- Rotate service account passwords annually
- Reset passwords when users with knowledge depart
- Use strong passwords (Umami has minimal requirements)
Security Considerations
Role changes:
- Justify all Admin promotions with documented business need
- Monitor newly promoted Admins closely
- Regularly review and downgrade Admins who no longer need elevated access
Website access:
- Review quarterly to ensure users still need assigned websites
- Remove access to completed projects promptly
- For multi-client scenarios, strict scoping prevents data leaks
- Document every permission change
- Screenshot before/after configurations
- Maintain change history for compliance
Compliance Documentation
For each user modification, document:
- Change date and time
- Username modified
- Old configuration (role, websites)
- New configuration (role, websites)
- Business justification
- Requestor
- Approver (Admin who made change)
- Verification
Store modification records for compliance retention period (typically 7 years for regulated industries).