> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# User Management

> Server admins can view all users registered on the Pwnbook platform, manage their organization memberships, and control server admin privileges.

## Overview

The Users section of the server admin panel gives you a platform-wide view of every registered user. This is useful for support, security audits, onboarding troubleshooting, and managing elevated privileges.

## Viewing users

To view the user list:

1. Go to the **Server Admin** panel.
2. Click **Users** in the sidebar.

The user list shows:

| Column            | Description                                                |
| ----------------- | ---------------------------------------------------------- |
| **Name**          | The user's display name                                    |
| **Email**         | The user's login email address                             |
| **Organizations** | Organizations the user belongs to, with their role in each |
| **Server Admin**  | Whether the user has server admin privileges               |
| **Last seen**     | Timestamp of the user's most recent login                  |
| **Created**       | Account creation date                                      |

## Searching and filtering

Use the search bar to find a specific user by name or email. Filter the user list by:

* **Server admin status**: Show only server admins or non-admins
* **Organization**: Show users belonging to a specific organization
* **Activity**: Show users who have or haven't logged in recently

## User detail view

Click any user to open their detail view. The detail view shows:

* Account information (name, email, creation date, last login)
* All organizations the user belongs to and their role in each
* Recent activity log (engagements accessed, reports generated, etc.)
* Server admin status

## Managing server admins

### Promoting a user to server admin

1. Open the user's detail view.
2. Click **Promote to Server Admin**.
3. Confirm the action in the prompt.

The user immediately gains server admin privileges. They will see the **Server Admin** option in their profile menu on their next page load.

<Warning>Server admin status grants broad access to all platform data and configuration. Only promote users who have a clear operational need for this level of access.</Warning>

### Revoking server admin status

1. Open the server admin user's detail view.
2. Click **Revoke Server Admin**.
3. Confirm the action.

The user's server admin access is removed immediately. Their organization roles and memberships are not affected.

<Note>You cannot revoke your own server admin status. Another server admin must perform this action.</Note>

## Managing user organization memberships

From the user detail view, server admins can:

* View all organizations the user belongs to
* See the user's role within each organization
* Remove the user from a specific organization (use with caution — this immediately revokes their access)

To remove a user from an organization:

1. Open the user's detail view.
2. Scroll to the **Organizations** section.
3. Click **Remove from org** next to the organization.
4. Confirm the action.

The user is removed from the organization immediately. Their account remains active and they can still access other organizations they belong to.

## Deleting a user account

<Warning>Deleting a user account is permanent and cannot be undone. The user's contributions (wiki edits, task comments, etc.) remain in place, attributed to the deleted account.</Warning>

To delete a user account:

1. Open the user's detail view.
2. Click **Delete Account**.
3. Type the user's email to confirm.
4. Click **Delete**.

The user is immediately logged out and their account is deleted. Their email address can be re-used to create a new account if needed.

## Audit considerations

Regularly review the user list to:

* Identify accounts that haven't been active for an extended period
* Verify that server admin status is limited to the appropriate individuals
* Check that departed employees have been removed from all organizations
