Skip to content
Last updated: 2026-04-06
Guide

User Access Management

This guide covers inviting team members, assigning roles, and managing user access within your Dxtra organization.

Access Control Model

Dxtra uses organization-level access control where users are assigned roles within specific data controller organizations:

graph TD
    subgraph "Authentication"
        User[Platform User]
        Auth[Dxtra authentication]
        SSO[SSO Provider]
    end

    subgraph "Organization Access"
        DC[Data Controller Org]
        Role[Assigned Role]
    end

    subgraph "Permission Scope"
        Data[Data Access]
        Actions[Available Actions]
    end

    User --> Auth
    User --> SSO
    Auth --> DC
    SSO --> DC
    DC --> Role
    Role --> Data
    Role --> Actions

    classDef primary fill:#9FA8DA,stroke:#221266,stroke-width:2px,color:#221266
    classDef secondary fill:#AA81BC,stroke:#311B92,stroke-width:2px,color:#221266
    classDef permission fill:#FFAC33,stroke:#221266,stroke-width:2px,color:#221266

    class User,Auth,SSO primary
    class DC,Role secondary
    class Data,Actions permission

Key Concepts:

  • Each user can belong to multiple data controller organizations
  • Role assignment is per-organization (a user can be an Owner in one org and a Member in another)
  • Permissions are determined by the role assigned within each organization

Inviting New Users

  1. Navigate to Users: In the Dxtra Dashboard, go to Settings > Users & Roles
  2. Click Invite User: Start the invitation process
  3. Enter Email: Provide the new team member's email address
  4. Select Role: Choose from the available roles (see Available Roles)
  5. Send Invitation: The user receives an email with account setup instructions

Invitation Expiration

Invitations expire after 7 days. You can resend invitations to users who haven't accepted yet.

Managing Existing Users

From the Users tab in Settings, you can:

Action Description
View Details See user profile, assigned role, and activity
Edit Role Change role assignment (takes effect immediately)
Resend Invitation Re-send invitation email for pending users
Disable User Temporarily suspend access without deleting
Delete User Permanently remove user from your organization

Role Assignment Guidelines

When assigning roles, consider the user's responsibilities:

User Function Recommended Role Notes
Privacy Director Owner Full control including billing
Privacy Manager Admin Day-to-day operations, no billing
DPO Data Protection Officer Compliance-focused access
Privacy Analyst Member Limited operational access
Software Developer Developer API and integration access
External Auditor Auditor/Regulator Read-only, temporary
Agency Partner Agency/Reseller Multi-client management

Single Sign-On (SSO)

For centralized user management, configure Single Sign-On. With SSO:

  • Users authenticate through your identity provider
  • Role assignments can be managed via IdP group mappings
  • Password policies are enforced by your organization

Access Review Best Practices

  • Quarterly Reviews: Verify all users have appropriate access levels
  • Prompt Removal: Remove access immediately when users leave
  • Document Changes: Keep records of role assignments and changes
  • Least Privilege: Start with the minimum role needed for job function