# Users, Teams and Permissions
## Users and Teams Management
Administrators or users with **User Management** privileges can manipulate teams and users. From the User Management menu, use the Teams and Users tabs to create, modify or deactivate users and teams:
## Adding Users
Selecting the Users tab, then "Add User" opens the user creation page.
* The user email address is also its login ID
* Administrators can toggle the "Require password reset" when creating a user for the first time, in order to force password change
* Select teams to assign to the user. Multiple teams can be chosen
### Overriding User ID
By default a user's ID is the user email address. This can be overridden in cases where these need to be different (for example with test accounts). Use the **Custom User ID** toggle to override the user ID.
Resetting Passwords
Supervisors can quickly reset a user password to a random password using the **🔑action** from the user summary view:
The system will present the administrator with the random password and login instructions that can be shared with the user.
## Team Permissions
In MLM-AI, teams are containers for permissions. Users are assigned teams who in turn gives access to the specific product functionality.
There are two ways users are granted permissions to MLM-AI functionality:
* By being added to a team configured with one or more application-level permissions
* By being added to a team who is then assigned to a monitor
Lets look at each of these in turn:
### Application-level Permissions
Users are granted role-based permissions according to the teams they are added to. These permissions can be selected from the Teams configuration page:
The following permissions can be configured to a team:
| Permission/Role | Permissions granted |
| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| System Administrator | Full access to all of MLM-AI functionality. |
| User and team management | Create and modify teams and users. |
| Monitor management | Create and modify [Monitors](https://docs.biologit.com/configuration/monitor-configuration). |
| Reviews Supervisor (ALL monitors) | Can manipulate any reviews for any monitors: change status, submit, upload, add screening decisions. |
| Review upload (ANY assigned monitor) | Can create [upload reviews](https://docs.biologit.com/application/upload-data) for any assigned monitor. |
| Reports Management | Submit and schedule reports. |
| Review submit ad-hoc (ANY assigned monitor) | Can submit [on demand](https://docs.biologit.com/application/reviews#submitting-reviews-on-demand) reviews for any assigned monitor. |
| Data export (ANY assigned monitor) | Can [export ](https://docs.biologit.com/application/reviews#downloading-reviews)contents of reviews (Excel, etc) for external processing. |
| Work assignment | Ability to assign/unassign abstracts when the [Work Assignment](https://docs.biologit.com/application/review-details/work-assignment) feature is enabled. |
{% hint style="info" %}
Making a team inactive will disable any permissions granted by this team.
{% endhint %}
### Read-only Permissions
Users who need to be restricted from doing changes in the platform (independently from application-level permissions) can be configured as read-only users by enabling this user flag on creation/edition.
The following restrictions will be applied to read-only users:
| **Configuration** | |
| ------------------------------------------ | ------------------------------------- |
| Create or update monitors | `forbidden` |
| Export monitors | `allowed` (if core permissions allow) |
| Create or update teams and users | `forbidden` |
| Export teams and users | `allowed` (if core permissions allow) |
| Create or update system settings | `forbidden` |
| Export system settings | `allowed` (if core permissions allow) |
| Change my password | `allowed` |
| **Reports/Exports** | |
| Run Reports | `allowed` (if core permissions allow) |
| Export reviews | `allowed` (if core permissions allow) |
| **Reviews** | |
| Navigate to review results and assessments | `allowed` (if core permissions allow) |
| Submit or upload reviews | `forbidden` |
| Save decisions | `forbidden` |
| Transfer articles | `forbidden` |
| Add attachments | `forbidden` |
| Request translations | `forbidden` |
| Article search | `allowed` |
| Email articles | `forbidden` |
| Access Dashboards | `allowed` |
| AI actions | `forbidden` |
| **Assignment** | |
| Assign citations | `forbidden` |
| Be assigned citations | `forbidden` |
### Assign Teams to a Monitor
When a team is assigned to a Monitor, users in that team are granted access to review results from this Monitor, in order to complete screening activities.
This step is done in the Monitor screen, during [Monitor configuration](https://docs.biologit.com/configuration/monitor-configuration)
Members of a team assigned to "Abstract Review" can:
* Access to search and inspect contents of the review results
* Save screening decisions when no decision yet exists (initial assessment), or update their own decision
* Users in this role can not update screening decisions from another user (*except* when Work Assignment is enabled - see below)
Members of a team assigned "Quality Review" role can:
* Access to search and inspect contents of the review results
* Save screening decisions to any article, whether or not they have been updated previously by another user
#### Work Assignment Mode
When the [Work Assignment](https://docs.biologit.com/application/review-details/work-assignment) feature is enabled, the permissions of a user may be *extended* so that the user can complete a review:
* Ordinarily, a user in a team given the "Abstract Review" role is unable to update another user's decision.
* However, if the user is *directly assigned* the abstract, the user is granted permission to update that article. This permission is only valid for as long the user is assigned the article.
## Password Resets
Users have the ability to reset their passwords at any time, however in case of credentials lossor reactivation, Administrators can quickly reset a user password from the "key" action icon:
Doing do will auto-generate a random password and details that can be shared with the user by copy/pasting into an email:
