Manage User Accounts and Assign Roles

• Given I am on the user management screen, when I tap 'Invite User', then I can enter an email address and select an initial role, and the system sends an invitation email
• Given a user is listed with role 'peer_mentor', when I tap 'Change Role' and select 'coordinator', then the role is updated immediately and the user's app access changes on their next session
• Given I deactivate a user account, when the user attempts to log in, then they are shown the no-access screen with a support contact message
• Given a user belongs to multiple chapters, when I view their profile, then all chapter affiliations are shown and I can add or remove individual chapter memberships
• Given I attempt to assign a role that would exceed my own permission scope, then the action is blocked with a clear error message explaining the restriction
• Given any role change is made, when I view the audit log for that user, then the change is recorded with timestamp, actor, and previous/new role

Manual role management via email to a central IT team creates access delays of days or weeks, meaning new coordinators cannot onboard peer mentors until access is granted. Self-service role assignment by org admins eliminates this bottleneck and ensures prompt deactivation of leavers — critical for GDPR compliance and preventing unauthorised access to sensitive participant data. NHF's 1,400 local chapters alone require a scalable, delegated permission model that cannot be managed centrally.

• User Account Management Screen ui
• Role Assignment Panel ui
• User Management Service service
• Admin Row-Level Security Guard service
• Admin Data Repository data
• Admin Portal BLoC data
• Supabase RLS Policy Configuration infrastructure
• Role Resolution Service service
• Role Repository data
• Supabase Role Data Provider infrastructure
• Multi-Chapter Membership Service service
• Contact Chapter Repository data