> For the complete documentation index, see [llms.txt](https://docs.tomorrowx.com/cap/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tomorrowx.com/cap/product-reference/administration-functions/managing-users.md).

# Managing Users

The <code class="expression">space.vars.X\_Product\_Name</code> system has its own built in security and auditing. As a result, you need to manage the users of the system and their type. This is an administration task. Alternatively, you can manage users with LDAP. Please see the Authenticating via LDAP section for more information on LDAP configuration.

<figure><img src="/files/iko1B9AfVBaphxVKVrDH" alt=""><figcaption><p>manage user</p></figcaption></figure>

To create a new user, specify the user ID, full name, email, type, console view preference (classic/portal), role(s) and password. Only standard users are required to have a role assigned to them. Administrators and super users automatically have full access.

{% hint style="info" %}
Note: Once a user’s password has been set, you can no longer see it or change it from within the application.
{% endhint %}

Administrators and super users essentially share the same abilities with the exception that super users cannot administer user accounts. In turn, user administrators can only administer user accounts and roles and not perform any other functions unless specifically assigned via a role.

## Default user and password

When the system is first installed, it automatically creates a user called **admin** with the password admin. We strongly urge you to change the password for this user immediately.

## Password security

<code class="expression">space.vars.X\_Product\_Name</code> stores its passwords in a table alongside other user information. To ensure that no one can read or extract a user’s password, it is encrypted using the Triple-DES algorithm. The key to the encryption is the password itself. Essentially, this means that there is no simple way to decrypt a password. In fact, <code class="expression">space.vars.X\_Product\_Name</code> never decrypts a password. Instead, it encrypts the password entered by the user and compares the result of the encryption to the one stored in the database. If there is a match, the authentication is considered valid.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.tomorrowx.com/cap/product-reference/administration-functions/managing-users.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.