Page body
What this form does
Use this form family to create a new admin account or update an existing one. The surface covers identity fields, role and group assignment, parent-admin logic for support users, and the stored permission matrix, but create and edit do not behave identically.
Create vs edit
Create
- The create flow is used for new CRM administrator accounts.
- Password is part of the initial payload.
- Only
ManagerandSupportare offered as visible role options. - Permission cards appear only after the role choice is made, and support mode also requires a selected parent admin.
Edit
- The edit flow first loads the existing admin detail payload.
- Password is optional on update and is only replaced when changed.
- The FE edit surface keeps role read-only and limits some field edits based on the current role rules.
- When the current operator edits their own account, the permission matrix is hidden.
Permission behavior
- Permission checkboxes are not free-form. The FE requires the read permission
Rbefore non-read options can be enabled in the same category. - Create-mode support-user flows seed permissions from the selected parent-admin detail payload.
- Create-mode manager flows seed permissions from the current operator detail payload.
- Edit mode renders permission categories from the current operator permission map, not from a separate role template registry.
What can confuse operators
- A role name alone does not fully describe access. The permission matrix is the detailed source of truth.
- Group and parent-admin behavior changes with the selected role.
- Editing your own record can be more restricted than editing another admin account.
- The current forms do not expose a dedicated
Cancelor back action; the only form-level action isSubmit. - The current create implementation for
Supportattempts one support-scoped create and then falls through to a second create call withadminId: null.