Managing users

Managing users

You can use the Hereditas CLI to add or remove authorized users and owners.

Roles

Hereditas users can have one of two roles:

  • user: This is the normal user role. When someone with a user role signs into your Hereditas box, they are not immediately able to unlock it. Instead, a successful authentication of someone with a user role will start the timer, and after a certain delay (e.g. 24 hours, or as you configured it), users can sign in again and this time they’ll be able to unlock the box (as long as they know the user passphrase).
  • owner: When an owner successfully signs in, two things happen. First, they are always returned the application token by Auth0, so they can unlock the Hereditas box at any time (as long as they know the user passphrase). Second, an owner logging in always stops any running timer. This prevents those with a user role from accessing your data when you don’t want them to.

Add or remove authorized users

You can easily manage users with the Hereditas CLI.

To add users, use the hereditas user:add command.

hereditas user:add --email "[email protected]"

By default, all users are given the role user. To add an owner, use the --role owner option:

hereditas user:add --email "[email protected]" --role owner

You can list users who have access to your Hereditas box, and their roles, with the hereditas user:list command.

hereditas user:list

Lastly, you can remove users with the hereditas user:rm command.

hereditas user:rm --email "[email protected]"

Synchronize changes on Auth0

The commands above save the changes in the local hereditas.json configuration file only.

In order for changes like adding/removing users (and others including changing the wait time, the webhook URL, or re-generating the application token) to be effective, you need to synchronize them with Auth0.

We can use again the hereditas auth0:sync command, which will synchronize all changes in Auth0, updating our rules and application configuration, in a fully-automated way.

hereditas auth0:sync

Next step: Deploy the box

We’re almost there! Ready to test the box locally and then deploy it, so your users can access it when needed.

Deploy the box