SellubPlatform AdminManaging admins

Managing admins

Admins are managed via apps/sellub/sellub-server/admin-config/admins.json + a sync script. The dashboard is not the source of truth.

Why JSON instead of the dashboard

  • Auditability — every change is a Git commit with a reviewer.
  • Reproducibility — the same file works in dev, staging, and prod.
  • Disaster recovery — re-run the sync script and the team is restored.
  • Prevents accidental privilege escalation — no one can self-elevate via the UI.

Adding a new admin

Edit admins.json

{
  "admins": [
    {
      "emailAddress": "alice@sellub.com",
      "firstName": "Alice",
      "lastName": "Mensah",
      "roleCodes": ["platform-support"]
    }
  ]
}

Open a PR and get review

A SuperAdmin must approve. CI validates the role codes exist.

Merge and sync

After merge, an admin with shell access runs:

cd apps/sellub/sellub-server
pnpm sync-admins --env=production

The script:

  • Creates the Administrator record (idempotent).
  • Generates a temporary password and prints it once to the operator’s terminal.
  • Assigns the listed roles.
  • Sends a welcome email if --send-email is passed.

Share the temp password securely

Use a secrets manager (1Password, Bitwarden) or the company’s encrypted-message channel. Never Slack DM, email, or commit it. The new admin must change it on first sign-in.

Removing an admin

  1. Delete their entry from admins.json OR set "disabled": true.
  2. PR + merge + sync.
  3. The sync script disables the Administrator record (does not delete — keeps audit trail).
⚠️

Never share or reuse admin accounts. When someone leaves the team, disable their account the same day. Audit logs depend on one human per account.

Resetting an admin’s password

Easiest path: the admin clicks Forgot password at https://dashboard.sellub.com.

If their email is broken or compromised:

  1. Edit admins.json and bump their passwordResetTrigger field (any value change triggers a new temp password on next sync).
  2. Sync against production.
  3. Hand them the new temp password securely.

Recovering a lost SuperAdmin

If you’ve lost the only SuperAdmin password and the email reset isn’t working:

  1. SSH to the production server.
  2. Run the documented recover-superadmin script (see Developers → RBAC internals).
  3. The script prints a one-time password valid for 15 minutes.
  4. Sign in, change the password, document the recovery in the team incident log.

This procedure leaves an audit trail and requires server access — there is no UI shortcut by design.

Roles & permissionsSettings reference