# Users, Teams and Permissions
## Users and Teams Management
Administrators or users with **User Management** privileges can manipulate teams and users. From the User Management menu, use the Teams and Users tabs to create, modify or deactivate users and teams:
## Adding Users
Selecting the Users tab, then "Add User" opens the user creation page.
* The user email address is also its login ID
* Administrators can toggle the "Require password reset" when creating a user for the first time, in order to force password change
* Select teams to assign to the user. Multiple teams can be chosen
### Overriding User ID
By default a user's ID is the user email address. This can be overridden in cases where these need to be different (for example with test accounts). Use the **Custom User ID** toggle to override the user ID.
Resetting Passwords
Supervisors can quickly reset a user password to a random password using the **🔑action** from the user summary view:
The system will present the administrator with the random password and login instructions that can be shared with the user.
## Team Permissions
In MLM-AI, teams are containers for permissions. Users are assigned teams who in turn gives access to the specific product functionality.
There are two ways users are granted permissions to MLM-AI functionality:
* By being added to a team configured with one or more application-level permissions
* By being added to a team who is then assigned to a monitor
Lets look at each of these in turn:
### Application-level Permissions
Users are granted role-based permissions according to the teams they are added to. These permissions can be selected from the Teams configuration page:
The following permissions can be configured to a team:
| Permission/Role | Permissions granted |
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| System Administrator | Full access to all of MLM-AI functionality. |
| User and team management | Create and modify teams and users. |
| Monitor management | Create and modify [Monitors](/configuration/monitor-configuration.md). |
| Reviews Supervisor (ALL monitors) | Can manipulate any reviews for any monitors: change status, submit, upload, add screening decisions. |
| Review upload (ANY assigned monitor) | Can create [upload reviews](/application/upload-data.md) for any assigned monitor. |
| Reports Management | Submit and schedule reports. |
| Review submit ad-hoc (ANY assigned monitor) | Can submit [on demand](/application/reviews.md#submitting-reviews-on-demand) reviews for any assigned monitor. |
| Data export (ANY assigned monitor) | Can [export ](/application/reviews.md#downloading-reviews)contents of reviews (Excel, etc) for external processing. |
| Work assignment | Ability to assign/unassign abstracts when the [Work Assignment](/application/review-details/work-assignment.md) feature is enabled. |
{% hint style="info" %}
Making a team inactive will disable any permissions granted by this team.
{% endhint %}
### Read-only Permissions
Users who need to be restricted from doing changes in the platform (independently from application-level permissions) can be configured as read-only users by enabling this user flag on creation/edition.
The following restrictions will be applied to read-only users:
| **Configuration** | |
| ------------------------------------------ | ------------------------------------- |
| Create or update monitors | `forbidden` |
| Export monitors | `allowed` (if core permissions allow) |
| Create or update teams and users | `forbidden` |
| Export teams and users | `allowed` (if core permissions allow) |
| Create or update system settings | `forbidden` |
| Export system settings | `allowed` (if core permissions allow) |
| Change my password | `allowed` |
| **Reports/Exports** | |
| Run Reports | `allowed` (if core permissions allow) |
| Export reviews | `allowed` (if core permissions allow) |
| **Reviews** | |
| Navigate to review results and assessments | `allowed` (if core permissions allow) |
| Submit or upload reviews | `forbidden` |
| Save decisions | `forbidden` |
| Transfer articles | `forbidden` |
| Add attachments | `forbidden` |
| Request translations | `forbidden` |
| Article search | `allowed` |
| Email articles | `forbidden` |
| Access Dashboards | `allowed` |
| AI actions | `forbidden` |
| **Assignment** | |
| Assign citations | `forbidden` |
| Be assigned citations | `forbidden` |
### Assign Teams to a Monitor
When a team is assigned to a Monitor, users in that team are granted access to review results from this Monitor, in order to complete screening activities.
This step is done in the Monitor screen, during [Monitor configuration](/configuration/monitor-configuration.md)
Members of a team assigned to "Abstract Review" can:
* Access to search and inspect contents of the review results
* Save screening decisions when no decision yet exists (initial assessment), or update their own decision
* Users in this role can not update screening decisions from another user (*except* when Work Assignment is enabled - see below)
Members of a team assigned "Quality Review" role can:
* Access to search and inspect contents of the review results
* Save screening decisions to any article, whether or not they have been updated previously by another user
#### Work Assignment Mode
When the [Work Assignment](/application/review-details/work-assignment.md) feature is enabled, the permissions of a user may be *extended* so that the user can complete a review:
* Ordinarily, a user in a team given the "Abstract Review" role is unable to update another user's decision.
* However, if the user is *directly assigned* the abstract, the user is granted permission to update that article. This permission is only valid for as long the user is assigned the article.
## Password Resets
Users have the ability to reset their passwords at any time, however in case of credentials lossor reactivation, Administrators can quickly reset a user password from the "key" action icon:
Doing do will auto-generate a random password and details that can be shared with the user by copy/pasting into an email:
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.biologit.com/configuration/team-and-user-management.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.