Users are the primary way to identify and authorize systems and individuals in the Kinetic Platform. Users must exist within the system to interact with areas of the system that require authentication. All users are scoped to a Space. Users are not shared between Spaces.

User Properties

User records have the following properties:

  • Username: A unique identifier for each user.
  • Email Address: Used to deliver information such as password resets.
  • Display Name: A friendly name that is displayed throughout the application.
  • Enabled: Determines whether the user can authenticate to and use the system.
  • Space Admin: Determines whether the user has Space Admin permissions, which bypasses all other security within the space.
  • Allowed IP Addresses: A comma-separated list of IP addresses from which the user can connect. An asterisk indicates the user can connect from any IP address.
  • Preferred Locale: Determines the user's locale. If not specified, the user's locale is inherited from the Space's default locale.

Extending Users

The User object is commonly extended to capture additional metadata about the user with attributes such as the user's manager or app-specific preferences. There are two types of attributes for users: profile attributes and user attributes. Profile attributes are those items the user can update themselves, such as last name and phone number. User attributes are those items that the user is not permitted to update, such as their department or manager.

Users can also be associated with Teams to define roles, permissions, or memberships for notifications and assignments.


Roles are a way of giving users permissions. At the Platform level, roles work as special teams that work together with security definitions to determine a user's access. Roles give access but do not remove it. A user with no roles would have no access to the Platform.

Any existing roles can be assigned to a user on creation.


Users can upload an avatar of themselves to use for identification within the system. This image will appear as part of their profile header and display as a representation of them when they are listed as a team member. If a user has no avatar uploaded, an "empty" image is displayed. EmptyAvatar


Passwords are entirely within the user's control. They can set or reset their password anytime via the login screen.