Managing team members, roles and permissions
This guide shows you how to add people to your Arca account, control what they can do with roles, and resolve the access problems that come up most often.
How access works
- Each person on your account is a team member (user).
- What they can do is controlled by roles — named bundles of permissions you create and assign.
- You can build custom roles with exactly the permissions you want, and assign one or more to each member.
Adding a team member
- Go to Users → Add User.
- Enter their first and last name, email, and the other requested details, and set an initial password.
- Assign one or more roles.
- Save, then use Reset Password on the new member so they receive an email to set their own password.
Passwords must be at least 8 characters and contain an uppercase letter, a lowercase letter, and a number. The set-password link in the email is valid for 24 hours (see sign-in help if they have trouble logging in afterward).
Assigning and changing roles
- Create a role under Roles, choose its permissions in Security and Permissions, and add team members to it.
- Change someone's role by editing the user, or from the role's Team Members list.
- Permission changes may take a short while to take effect — having the member sign out and back in applies them immediately.
Deactivating, blocking, or removing a member
- Deactivate / block — sets the member's status to inactive; they can no longer sign in or reset their password.
- Remove — deletes the member and their access entirely.
- Changing a member's password or removing their access signs them out everywhere.
Common problems
The new member never got the set-password email
-
Cause
The email was filtered to spam, the member is blocked/inactive, or too many reset emails were requested in a short time (max 5 per hour).
SolutionCheck spam, confirm the member's status is Active and the email is correct, then re-send Reset Password (wait an hour if you've hit the limit).
"You don't have permission to perform this action"
-
Cause
The member's role doesn't include the permission for what they're trying to do.
SolutionAdd that permission to their role (under Security and Permissions), or assign a role that has it. Have them sign out and back in to apply the change immediately.
"Email address already exists"
-
Cause
That email is already a user somewhere on Arca.
SolutionInstead of creating a new user, grant the existing person access to your account and assign them a role.
"Updating a user with SSO is not allowed"
-
Cause
The member signs in through single sign-on (SSO), so their profile is managed by your identity provider.
SolutionManage SSO members through your identity provider, not the Arca user form.
The reset link doesn't work / "Invalid recovery token"
-
Cause
The link has expired, was already used, or a newer reset email was sent (only the latest link works).
SolutionSend a fresh Reset Password and have them use the newest email.
A member keeps getting logged out
-
Cause
Their session ended — expected right after a password change or an admin action.
SolutionHave them sign in again with their current password.
Error message reference
| What you see | What it means | What to do |
|---|---|---|
| Email address already exists | That email is already a user | Grant the existing user access instead of creating a new one |
| You don't have permission to perform this action | The member's role lacks the needed permission | Update the role or assign one that has it |
| Updating a user with SSO is not allowed | The member is managed by single sign-on | Manage them in your identity provider |
| Password and confirmation password are not the same | The two password fields don't match | Re-enter the same password in both fields |
| Invalid recovery token | The reset link expired or was superseded | Send and use a fresh reset link |
Still having trouble?
Contact Arca support and include:
- The email of the team member affected
- The exact message seen (a screenshot helps)
- Whether it's about adding, permissions, or sign-in