-
-
Notifications
You must be signed in to change notification settings - Fork 4
User Management
Marc Pope edited this page Feb 3, 2026
·
1 revision
BBS supports multiple users with role-based access control. Admins can create users, assign roles, and control which clients each user can access.
BBS has two user roles:
Permissions:
- Full access to all BBS features
- Can view and manage all clients (regardless of ownership)
- Can create, edit, and delete users
- Can access Settings page
- Can update BBS and agents
- Can create and manage backup templates
- Can view all jobs in Queue
Use Cases:
- System administrators
- Backup administrators
- MSP technicians managing all customer backups
Permissions:
- Can only view and manage assigned clients
- Cannot access Settings page
- Cannot create or manage other users
- Cannot update BBS server (can update agents for owned clients)
- Can view only jobs related to their clients
- Can configure plugins and backup plans for their clients
Use Cases:
- Individual customers in an MSP environment
- Departmental administrators (only see their department's servers)
- Limited-access backup operators
Navigate to user management via:
- Settings → Users section (admins only)
- Or direct URL:
/users
Screenshot: User management page showing list of users
The user list displays:
| Column | Description |
|---|---|
| Username | Unique username for login |
| User's email address | |
| Role | Admin or User |
| Clients | Number of clients assigned to this user |
| 2FA | Whether 2FA is enabled (lock icon) |
| Last Login | Last successful login timestamp |
| Actions | Edit, Delete buttons |
- Click Add User button
- Fill in the user creation form:
- Username: Unique username (alphanumeric, dashes, underscores)
- Email: Valid email address
- Password: Strong password (min 8 characters)
- Confirm Password: Must match password
- Role: Select Admin or User
- Timezone: User's local timezone for timestamp display
- Click Create User
Screenshot: User creation form
- Length: 3-50 characters
- Characters: Letters, numbers, dashes, underscores (no spaces)
- Uniqueness: Must be unique across all users
- Case: Case-insensitive (cannot have both "john" and "John")
- Minimum Length: 8 characters
- Recommended: Use strong passwords with mix of uppercase, lowercase, numbers, symbols
- Storage: Passwords are hashed with bcrypt (never stored in plain text)
- Must be valid email format
- Used for email notifications (if SMTP configured)
- Can be changed by user in Profile
- Not required to be unique (but recommended)
- Used to display timestamps in user's local time
- Defaults to server timezone if not specified
- Can be changed by user in Profile
- Click the Edit button next to a user
- Modify any field:
- Role (promote to admin or demote to user)
- Timezone
- Password (leave blank to keep unchanged)
- Click Save
Screenshot: User edit form
Promoting to Admin:
- Change role from "User" to "Admin"
- User gains access to all features and clients
- Client assignments are preserved but no longer enforced
Demoting from Admin:
- Change role from "Admin" to "User"
- User loses access to Settings and unassigned clients
- Assign clients to the user or they will have no access
Admin Can Reset:
- Edit the user
- Enter a new password in the Password field
- Confirm password
- Save
- Inform the user of the new password
User Can Self-Reset:
- Users can change their own password at
/profile
- Click the Delete button next to a user
- Confirm deletion
- BBS handles client ownership:
- Option A: Reassign the user's clients to another user
- Option B: Remove client ownership (clients become unassigned, accessible only by admins)
- User is permanently deleted
Screenshot: User deletion confirmation dialog with client reassignment options
- Cannot Delete Self: You cannot delete your own user account
- Cannot Delete Last Admin: At least one admin must exist
- Client Reassignment: Choose carefully when reassigning clients
- Permanent: User deletion cannot be undone
Method 1: From User Management:
- Edit a user
- In the Assigned Clients section, check the clients this user should access
- Save
Screenshot: User edit form with client assignment checkboxes
Method 2: From Client Detail:
- Go to client detail page
- Click Settings tab
- Change Owner dropdown to the desired user
- Save
Screenshot: Client settings tab with owner dropdown
- Admin Users: Can see all clients regardless of ownership
- Regular Users: Can only see clients assigned to them
- Unassigned Clients: Only visible to admins
- Multiple Ownership: Not supported (each client has one owner or none)
To transfer a client from one user to another:
- Edit the client's settings
- Change the Owner dropdown to the new user
- Save
- Original owner loses access (unless they are an admin)
- New owner gains full access
Each user can manage their own profile settings.
- Click username in top-right corner → Profile
- Or navigate to
/profile
Screenshot: Profile page showing user settings
Users can modify:
| Setting | Description |
|---|---|
| Update email address | |
| Password | Change password (requires current password) |
| Timezone | Change local timezone for timestamp display |
| 2FA | Enable/disable two-factor authentication |
| Notification Preferences | Email notification settings (per-user) |
- Go to Profile
- Update Email field
- Click Save
- Email is updated immediately
- Future notifications will use the new email
- Go to Profile → Change Password section
- Enter Current Password
- Enter New Password (min 8 characters)
- Confirm New Password
- Click Save
- Session remains active (no re-login required)
Security:
- Current password is required (prevents unauthorized password changes)
- Passwords are never shown in plain text
- Use a strong, unique password
- Go to Profile
- Select Timezone from dropdown
- Click Save
- All timestamps are now displayed in the selected timezone
Common Timezones:
- America/New_York (EST/EDT)
- America/Los_Angeles (PST/PDT)
- Europe/London (GMT/BST)
- Asia/Tokyo (JST)
- UTC (Universal Time)
Users can enable 2FA for additional account security.
- Go to Profile → Two-Factor Authentication tab
- Click Enable 2FA
- Scan QR code with authenticator app
- Enter 6-digit code to verify
- Save recovery codes
See Two-Factor-Authentication for detailed 2FA setup and usage.
Users can customize which notifications they receive via email.
- Go to Profile → Notifications tab
- Toggle notification types:
- Backup Failed
- Agent Offline
- Storage Low
- Missed Schedule
- Configure digest mode (optional):
- Individual Emails: Receive separate email for each notification
- Daily Digest: Receive one email per day summarizing all notifications
- Set digest time (e.g., 8:00 AM)
- Save
Screenshot: Profile notification preferences
Note: Admin must configure SMTP settings (Settings → Email) before users can receive email notifications.
Admins can require all users to enable 2FA.
- Navigate to Settings → General tab
- Check Force Two-Factor Authentication
- Save
Behavior:
- Users without 2FA are redirected to 2FA setup after login
- Users cannot access BBS until 2FA is enabled
- Existing sessions remain valid until logout
- Admins can still emergency-reset 2FA via CLI
See Two-Factor-Authentication for details.
BBS tracks user login activity for security and auditing.
- Displayed in user list
- Updated on every successful login
- Visible to admins only
- Tracked per-user
- Rate limiting after 5 failed attempts (10 minute lockout)
- Automatic unlock after timeout
- Sessions expire after configured timeout (default: 720 hours)
- Admins can view active sessions (future feature)
- Users can log out manually (invalidates session immediately)
BBS is designed to support multi-tenant environments (MSPs, hosting providers).
Scenario: Managed Service Provider with multiple customers
Setup:
- Create one user per customer
- Assign role: User (not admin)
- Create clients for customer's servers
- Assign all customer's clients to their user account
- Customer logs in and sees only their servers
Benefits:
- Isolation: Customers cannot see each other's data
- Self-Service: Customers can manage their own backups
- Centralized Management: MSP admins can see all clients
- Branding: Each user sees only their own servers
Scenario: Large organization with multiple departments
Setup:
- Create one user per department administrator
- Assign clients to department admins
- Department admins manage their own backup plans
Example:
- IT Department: Owns clients: db-server-01, app-server-01
- Finance Department: Owns clients: finance-server-01, erp-server-01
- HR Department: Owns clients: hr-server-01, payroll-server-01
- Unique Usernames: Use clear, descriptive usernames (e.g., "john.smith" not "user123")
- Strong Passwords: Enforce strong password policy
- Email Addresses: Use work emails, not personal emails
- Timezones: Set correct timezone for accurate timestamp display
- Limit Admins: Only grant admin role to trusted personnel
- Principle of Least Privilege: Regular users should only see their own clients
- Review Periodically: Audit user roles and access quarterly
- Assign All Clients: Avoid unassigned clients (only admins can see them)
- Document Ownership: Keep records of which user owns which clients
- Transfer Carefully: When employees leave, reassign their clients before deleting user
- Enforce 2FA: Enable "Force 2FA" for production environments
- Session Timeouts: Use shorter timeouts (24-48 hours) for high-security environments
- Password Rotation: Encourage users to change passwords periodically
- Deactivate Quickly: Delete or disable user accounts immediately when access should be revoked
- Naming Convention: Use customer names in client hostnames (e.g., "acme-web-01")
- User = Customer: One user account per customer for easy isolation
- Admin Access: MSP admins should have admin role, customers should be regular users
- Documentation: Provide user guides for customers on how to manage their backups
Error: "Username already exists"
Solution: Choose a different username (usernames are unique)
Error: "Email is invalid"
Solution: Verify email format (must be valid email address)
Error: "Password too weak"
Solution: Use at least 8 characters (longer is better)
Possible Causes:
- Incorrect username or password
- Account disabled
- 2FA code incorrect (if 2FA enabled)
- Too many failed login attempts (rate limited)
Solutions:
- Verify username and password are correct
- Admin can reset user password
- Wait 10 minutes if rate limited
- Use recovery code if 2FA authenticator is lost
Possible Causes:
- No clients assigned to user
- User is regular user (not admin) and clients are unassigned
Solutions:
- Admin assigns clients to the user
- Or promote user to admin role (can see all clients)
Cause: User is not an admin
Solution: Only admins can access Settings page. Promote user to admin role if necessary.
Cause: Clients were not reassigned before user deletion
Solution:
- Clients are now unassigned
- Admin can access them (admins see all clients)
- Admin should reassign clients to active users
- Two-Factor-Authentication — Setting up and using 2FA
- Notifications — Configuring email notification preferences
- Settings — Admin-only system settings
- Troubleshooting — General troubleshooting guide
📖 User Manual
Getting Started
Using BBS
- Dashboard
- Managing Clients
- Linux Agent Setup
- macOS Agent Setup
- Windows Agent Setup
- Repositories
- Storage Setup
- Backup Plans
- Restoring Files
- Database Backups
- Plugins
- Remote Storage
- S3 Offsite Sync
Monitoring
Administration
Reference