Settings — Team Member
The Team member page (/settings/team/:userId) is the admin
view of any user’s HR record. The same data plane the user sees at
Account ▸ Profile in suggest-only mode is exposed here in full
read/write mode for admins, gated tab-by-tab.
This is where HR onboarding and offboarding happen, and where admins approve or counter user-filed suggest-edits.
Anatomy of the page
Section titled “Anatomy of the page”1. Page header
Section titled “1. Page header”PageHeader with the user’s display name and email. Breadcrumbs link back to Settings ▸ Team.
2. Tab strip
Section titled “2. Tab strip”Nine tabs, role-gated:
| Tab | Owner | Admin | Notes |
|---|---|---|---|
| Personal | ✓ | ✓ | Direct edit name / email / avatar / address |
| Employment | ✓ | ✓ | Title, dates, default location, emergency contact |
| Compensation | ✓ | ✓ | Salary band + currency |
| Health | ✓ | ✗ | Owner-only; encrypted at rest |
| IDV | ✓ | ✓ | Read status; can trigger new IDV from here |
| Credentials | ✓ | ✓ | Bar admissions, designations, licenses |
| Assets | ✓ | ✓ | Hardware + software assignment |
| Sessions | ✓ | ✓ | Active sessions + revoke |
| Activity | ✓ | ✓ | User-scoped audit feed |
The tab strip is horizontally scrollable on narrow screens.
3. Tab body
Section titled “3. Tab body”Tab bodies reuse the same components used by Account ▸ Profile
(ProfileTab, EmploymentTab, CompensationTab, …) but render
in admin-write mode here. The component looks at the current user’s
permission against the target user and shows the right write
controls.
Suggest-edit pattern
Section titled “Suggest-edit pattern”Users (on Account ▸ Profile) file suggest-edits for suggestable fields. Admins see them on this page as pending pills next to the affected field. The pill exposes Accept / Counter / Reject:
- Accept — applies the user’s value, marks the request resolved
- Counter — opens an inline editor; the new value goes back to the user for their accept/reject
- Reject — closes with a reason
Audit events:
profile_change_request.acceptedprofile_change_request.counteredprofile_change_request.rejected
Tab-by-tab detail
Section titled “Tab-by-tab detail”Personal
Section titled “Personal”Same fields as Account ▸ Profile ▸ Personal. Edits land directly on the user’s record (no suggest-edit gate for admins). Email changes show a confirmation dialog because email is the primary account identifier — changing it affects SSO mapping and password recovery.
Employment
Section titled “Employment”The full HR Employment record. Linked employment-agreement envelope (when present) shows a thumbnail with a download button.
Compensation
Section titled “Compensation”Salary band sourced from Settings ▸ Managed Lists ▸ Salary Band
plus a currency dropdown. Compensation events emit
hr.compensation_updated with the diff.
Health
Section titled “Health”Owner-only. The encrypted-at-rest health-conditions field, decrypted client-side via a tenant-scoped key. Auto-purged 24 hours after the user’s end date is set.
Status read-out plus a Run IDV action that opens
/verifications/new?subjectType=employee&employeeId=:userId so the
wizard pre-fills the subject.
Credentials
Section titled “Credentials”CRUD against the user’s professional credentials — same component as Account ▸ Credentials, in admin-write mode.
Assets
Section titled “Assets”Hardware + software assignment grid. Pulls from Settings ▸ Assets for the available-pool source.
Sessions
Section titled “Sessions”The user’s active sessions, per-row revoke, plus a “Sign out all” button at the top.
Activity
Section titled “Activity”The user-scoped audit feed sourced from GET /audit-log/users/:userId. Surfaces every event on the user’s
record — sign-ins, profile changes, suggest-edit decisions, role
changes.
Permissions and scope
Section titled “Permissions and scope”| Role | Read this page | Edit | Run IDV | Revoke sessions |
|---|---|---|---|---|
| Owner | ✓ | ✓ (all tabs) | ✓ | ✓ |
| Admin | ✓ | ✓ (Health is Owner-only) | ✓ | ✓ |
| Member (HR add-on) | ✓ | ✓ (HR-flavoured tabs only) | ✓ | ✗ |
| Member (no HR) | ✗ | ✗ | ✗ | ✗ |
| Viewer | ✗ | ✗ | ✗ | ✗ |
The HR add-on is configured under Settings ▸ Access Levels.
Audit logging
Section titled “Audit logging”Every per-tab edit emits a typed event:
| Tab | Events |
|---|---|
| Personal | user.updated, user.email_changed, user.avatar_changed |
| Employment | hr.employment_updated |
| Compensation | hr.compensation_updated |
| Health | hr.health_updated |
| IDV | hr.idv_run (when triggered from here) |
| Credentials | credential.created / _updated / _deleted |
| Assets | hardware.assigned / _unassigned |
| Sessions | auth.session_revoked_by_admin |
Events surface in Settings ▸ Audit Log and on the user’s own Account ▸ Profile ▸ Activity tab.
Troubleshooting
Section titled “Troubleshooting”| Symptom | Most likely cause | Fix |
|---|---|---|
| Health tab missing | Role is Admin not Owner | Owner-only |
| Email change blocked | Already in use | Pick a different email |
| Compensation read-only | Acting role is Member with HR add-on | Promote to Admin / Owner for compensation |
| Tab body empty | Cache stale | Refresh the page |
| Suggest-edit pill stuck | UI cache after accept/reject | Refresh tab |
Related pages
Section titled “Related pages”- Account ▸ Profile — user-side equivalent of this page
- Settings ▸ Team — the team list with role + HR controls
- Settings ▸ Access Levels — HR add-on toggle
- Settings ▸ Managed Lists — Salary Band, Employment Type lists
- Settings ▸ Audit Log —
user.*,hr.*,credential.*events