As your mining operation grows, you'll need to grant access to team members while maintaining control over who can view data and perform actions. Foreman's user management system allows you to share your dashboard with operators, technicians, financial stakeholders, and other personnel while precisely controlling what each person can see and do.

What You'll Accomplish

By the end of this guide, you will:

1. Understand Foreman's role system – Learn how roles control access to different areas and functions
2. Add users to your account – Invite team members and assign them appropriate roles
3. Create custom roles – Build specialized permission sets tailored to your organization
4. Enable Multi-Factor Authentication – Secure your account with an additional layer of protection

Why User Management Matters

Managing a cryptocurrency mining operation is rarely a one-person job. Keeping devices online and hashing requires coordinated effort, especially as operations scale. However, not everyone needs—or should have—full access to every system function.

Effective user management allows you to:

• Delegate monitoring responsibilities without granting unnecessary control.
• Protect sensitive information like wallet addresses and earnings data.
• Prevent accidental or malicious changes to critical configurations.
• Maintain audit trails showing who performed which actions.
• Onboard new team members quickly with pre-configured role templates.

What Shared Access Enables

When you share access to your Foreman dashboard, multiple operators can:

• Monitor cryptocurrency miner hash rates in real-time.
• Get instant notifications when issues arise and take prompt action.
• Remotely manage and configure ASICs (if granted permission).
• Observe pool metrics to identify connectivity issues.
• Monitor temperature trends to prevent overheating.
• Track profitability without necessarily viewing wallet addresses.

Understanding Roles and Permissions

Foreman uses a role-based access control system. Each user is assigned a role, and each role has a specific set of permissions that determine what that user can view and do.

Default Roles

Every Foreman account starts with two permanent roles:

Owner

• Who gets this role: The person who created the Foreman account.
• Access level: Complete, unrestricted access to everything.
• Special characteristics:
  • This role is permanent and cannot be removed or reassigned.
  • Only one Owner per account.
  • The Owner can perform all actions, including account deletion.

Admin

• Who should get this role: Site managers, operations directors, and trusted senior staff.
• Access level: Full access to the farm and all features.
• What they can do:
  • View all data and reports.
  • Control miners (reboot, restart, change pools, update firmware).
  • Add and remove users (except the Owner).
  • Modify company settings.
  • Create and manage custom roles.
• What they cannot do: Remove the Owner.

Common Role Scenarios

Beyond Owner and Admin, you'll likely need specialized roles for different team members. Here are typical use cases:

Operator/Shift Technician

• Use case: Day-to-day monitoring and basic troubleshooting.
• Can view: Dashboard, Miners page, Pickaxe page, Site Map.
• Can edit: Limited (tags, notes, but not pools or critical settings).
• Can control: Restart miners, reboot miners, blink LEDs for physical identification.
• Cannot access: Financial data, user management, firmware updates, pool changes.
• Why this works: Empowers technicians to respond to issues without risking critical configuration changes.

Analyst/Data Viewer

• Use case: Performance analysis, reporting, optimization planning.
• Can view: Dashboard, Reports, Analytics, and historical trends.
• Can edit: Nothing (read-only access)
• Can control: Nothing
• Cannot access: Individual miner controls, user management.
• Why this works: Provides data for decision-making without operational risk.

Finance/Investor Viewer

• Use case: Financial stakeholders who need visibility into profitability.
• Can view: Dashboard (profit-focused widgets), Profit Reports, earnings summaries.
• Can edit: Nothing
• Can control: Nothing
• Cannot access: Miner controls, pool configurations, worker names, and individual miner details.
• Why this works: Shows ROI and profitability without exposing operational details or mining configurations.

Site Viewer (Limited)

• Use case: Security staff, facilities management, or other personnel who need location awareness.
• Can view: Dashboard overview, Site Map showing miner locations.
• Can edit: Nothing
• Can control: Nothing
• Cannot access: Detailed miner data, financial information, or any controls.
• Why this works: Provides situational awareness for physical security or facility planning.

Creating Custom Roles

Foreman allows you to create custom roles with granular permissions to match your organizational structure.

When to create custom roles:

• You have job functions that don't fit the default Admin/Viewer paradigm.
• You need to restrict specific high-risk actions (like pool changes or firmware updates).
• You're onboarding multiple people in the same role (e.g., "Site Technician") and want consistency.
• You operate a colocation facility and need customer-specific access controls.

Best practices for custom roles:

• Name roles by job function, not by person (e.g., "Night Shift Operator" rather than "John's Role").
• Start restrictive and add permissions as needed, rather than starting permissive and removing access.
• Document what each custom role is for, so you remember the intent when onboarding new team members.
• Review roles periodically to ensure they still match current responsibilities.

Step-by-Step: Adding Users to Your Account

Prerequisites

Before adding a user, ensure you have:

• Admin or Owner role (only these roles can manage users)
• The user's email address (invitations are tied to specific email addresses)

How to Invite a User

1. Navigate to User Management
   • Click on the "guy wearing a tie" icon at the top right of the screen
   • Select Users from the dropdown menu

2. Initiate the Invitation
   • On the Users page, click Invite User

3. Enter User Details
   • Email Address: Enter the user's email address
     • Important: Invitations are tied to this specific email and cannot be accepted by accounts registered to different emails.
   • Assign a Role: Select the appropriate role from the dropdown
     • You can choose from default roles (Admin) or any custom roles you've created.
     • Best practice: When in doubt, start with a more restrictive role and expand access if needed.

4. Send the Invitation
   • Click Invite
   • The system will send an invitation email to the provided address.

What Happens Next

From the user's perspective:

1. Within a minute, they'll receive an email invitation
2. Clicking the link in the email will:
   • If they have a Foreman account: Log them in and grant access to your farm.
   • If they don't have a Foreman account: Direct them to create one, then grant access.

Important limitations:

• Invitations expire after 24 hours: If the user doesn't accept in time, you'll need to send a new invitation.
• Email-specific: The invitation can only be accepted by a Foreman account using that exact email address.

Monitoring Invitation Status

Back on the Users page, you'll see the invitation status:

• Pending: Invitation sent but not yet accepted.
• Active: User has accepted and can now access your account.
• Disabled: User has been revoked of prior access.

Once a user's status changes to Active, you can modify their role or permissions.

Changing a User's Role

After a user has accepted your invitation:

1. Locate the user in your Users list
2. Click the Actions button next to their name
3. Select Manage Role
4. Choose the new role(s) from the dropdown
5. Save your changes

The change takes effect immediately – the user's access will reflect the new role the next time they access Foreman.

Step-by-Step: Creating Custom Roles

Custom roles allow you to build permission sets that exactly match your operational needs.

Accessing Role Management

1. Navigate to User Management
2. Click on the "guy wearing a tie" icon at the top right of the screen
3. Select Users from the dropdown menu
4. Select the Roles tab 
5. Click Add Role to open the modal

Building a Custom Role

1. Name the Role
   • Use a descriptive name that reflects the job function.
   • Examples: "Site Technician", "Night Shift Operator", "Readonly Analyst", "Customer Support Tier 1"

2. Set Permissions

You'll see a comprehensive list of permissions organized by category. Below are the key categories and what they control:

General Permissions

• User Login: Required for the user to access Foreman at all (almost always enabled).
• View Reports: Access to reporting features.
• Install/Uninstall Custom Firmware: Control over third-party firmware deployment.
• Advanced Thermal Management: Access to advanced cooling controls.

Dashboard Permissions

• Edit Dashboard Pages: Controls who can use Page Builder to modify dashboard layouts.
  • Best practice: Grant to users who need customized views, restrict from casual viewers.

Infrastructure Permissions

• View Infrastructure: See infrastructure components and layout.
• Edit Infrastructure: Modify infrastructure configuration.
• External Device Control: Manage devices beyond miners (PDUs, environmental sensors, etc.).

Miner Permissions

This is the most granular category with many options:

• Add Miners: Controls who can add new miners to Foreman.
  • Critical for colocation facilities: Restrict to prevent customers from adding neighbors' miners.

• Delete Miner: Permanently remove miners from Foreman.
  • Recommendation: Restrict access to Admins to prevent accidental data loss.

• Edit Miners: Modify Foreman-specific settings (tags, expected hashrate, etc.).
  • Note: This also grants access to view the miner's current management password.

• Reboot Miners: Power cycle miners remotely.
  • Common for technicians: Low-risk troubleshooting action.

• Restart Miners: Restart the mining process without power cycling.
  • Common for technicians: Even lower risk than reboot.

• Factory Reset Miners: Reset miners to manufacturer defaults and reassign pools.
  • HIGH RISK: Restrict to trusted personnel only – can be used to steal hashrate.

• Firmware Upgrade: Deploy firmware updates.
  • Recommendation: Restrict to senior operators to prevent accidental breaking changes.

• Edit Miner Custom Fields: Modify custom metadata fields.
• Manage Miner Custom Fields: Create/delete custom field definitions.
• Fetch/View Miner Logs: Access diagnostic logs from miners.

Pool Permissions

• Change Pools: Modify which mining pools miners connect to.
  • HIGH RISK: Restrict to trusted personnel – can be used to steal hashrate.

• Mining Pool Manager: Approve pool change requests.
  • Recommendation: Management-level only.

Power Control Permissions

• Change Power Mode: Switch miners between mining and sleeping states.
• Power Control Manager: Create and execute power curtailment plans.
  • Critical for demand response: Grant only to personnel responsible for load shedding.
• Edit/View Power Controls: Modify or view power management configurations.

Security Permissions

• Change Miner Passwords: Update passwords for miner management consoles.
  • Security consideration: Grant cautiously to prevent unauthorized access.

• View Security: Access the Security page showing all configured passwords and risk assessment.
  • HIGH RISK: Grants visibility to all credentials.

• View Worker Names: Access a list of all worker names and pool accounts.
  • Security consideration: Could expose pool accounts to insider threats.

• View Audit Logs: Access system-wide audit trail.
  • Recommendation: Combine with "Edit Company Settings" permission for full audit access.

Site Map Permissions

• View Site Map: See physical/logical miner layout.
• Edit Site Map: Modify rack layouts, locations, and miner placements.
• Blink LEDs: Trigger LED flashing for physical identification (up to 20 minutes).

Reporting Permissions

• Set up Reports: Configure automated reports for any user.
• View Financials: Access earnings, profitability, and financial statistics.
  • Privacy consideration: Restrict if you don't want staff seeing revenue data.

Miner Tuning Permissions (for custom firmware)

• Adjust Frequency: Modify clock speeds.
• Change Autotuning: Enable/disable auto-optimization.
• Change Overclock: Apply performance profiles beyond the default.
• Change Cooling Mode: Switch between air, immersion, etc.
• Fan Mode/Temp Control/Hashrate Target/Power Target: Fine-grained performance tuning.
  • Recommendation: Grant only to experienced operators familiar with tuning risks.

Assets & Inventory Permissions (if using these features)

• Asset Manager/Edit Assets: Manage hardware inventory.
• Inventory Manager/Edit Inventory: Track parts and supplies.
• Manage Cycle Counts: Conduct physical inventory audits.

Management Permissions

• Edit Company Settings: Modify organization-wide settings.
  • HIGH RISK: Includes user management and API key access.

• Manage Users: Add/remove users and modify permissions.
  • Note: Often bundled with "Edit Company Settings."

• Firmware/Integrations Manager: Manage firmware library and third-party integrations.

Tickets Permissions (if using ticket system)

• Tickets Manager: Full ticket system access.
• Edit/Close Tickets: Modify or resolve support tickets.

Triggers Permissions

• View Triggers: See configured automation rules.
• Edit Triggers: Create and modify automated actions.

Sub-Client Admin (for consultants/colocation facilities)

• Controls access to customer sub-dashboards.
• Specialized use case: Allows operators to manage the global parent dashboard without accessing individual customer accounts.

3. Review and Save
   • Double-check the permissions you've selected.
   • Click into the Actions menu on an existing user and navigate to Manage Role.
   • The role is now available when inviting users or changing existing user roles.

Example Custom Role Configurations

Site Technician Role:

✅ User Login

✅ View Infrastructure, Miners, Site Map, Dashboard

✅ Restart Miners, Reboot Miners, Blink LEDs

✅ Edit Miners (for tagging and notes)

❌ Change Pools, Firmware Upgrade, Delete Miner

❌ View Financials, Change Miner Passwords

Financial Analyst Role:

✅ User Login

✅ View Reports, View Financials

✅ View Dashboard (configure finance-focused widgets)

❌ Any miner controls

❌ View Infrastructure, Edit anything

❌ View Security, View Worker Names

Colocation Customer Role:

✅ User Login

✅ View their assigned miners only (via sub-dashboard)

✅ Restart/Reboot their miners

✅ View performance reports for their equipment

❌ Add Miners (prevent adding neighbors' equipment)

❌ Factory Reset, Change Pools

❌ View other customers' data

Removing User Access

When team members leave or responsibilities change, you'll need to revoke access.

How to Remove a User

1. Navigate to the "guy wearing a tie icon" and select Users from the dropdown.
2. Locate the user in your list.
3. Click the Actions menu on the right, select Delete.
4. Confirm the removal.

What happens:

• The user immediately loses access to your Foreman account.
• They will no longer appear in your user list.
• Any actions they perform remain in audit logs.

Best practice: Remove access immediately upon termination or role change to maintain security.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds a critical security layer by requiring a second form of verification beyond just a password. Even if someone obtains a user's password, they cannot access the account without the second factor.

Why Enable MFA

For Owners and Admins: MFA is essential. These roles have full control over your mining operation, including the ability to change pools (potentially redirecting hashrate) and access financial data.

For all users: MFA is a best practice for any account with access to production systems or sensitive data.

How to Enable MFA

1. Navigate to Account Settings
   • Click on the "guy wearing a tie" icon at the top right.
   • Select Settings from the dropdown menu.
   • Choose the Company Settings tile.

2. Access Two-Factor Setup
   • Look for the security section at the bottom.
   • Toggle to the on state for Require Two Factor.
   • Click Save to persist the change.

3. Choose Your MFA Method
   • Authenticator App (recommended): Use apps like Google Authenticator, Authy, or 1Password
     • How it works: Scan a QR code with your app, which then generates time-based codes
     • From your My Account page, click Setup Two Factor 

4. Complete Setup
   • Follow the on-screen instructions to link your authenticator app.
   • Save your backup codes in a secure location (password manager, encrypted file).
   • Why backup codes matter: If you lose your phone or authenticator, backup codes are your only recovery option.

5. Test Your Setup
   • Log out and log back in to verify MFA is working correctly.
   • You should be prompted for a code from your authenticator app.

MFA Best Practices

• Require MFA for Admin and Owner roles at a minimum.
• Store backup codes securely – treat them like passwords.
• Don't share authenticator apps – each user should have their own.
• Consider requiring MFA organization-wide for maximum security.

Best Practices for User Management

Onboarding New Team Members

1. Determine the appropriate role before sending the invitation.
2. Start restrictive – it's easier to grant more access than revoke it.
3. Provide training on Foreman before granting access to controls.
4. Document who has access and review periodically.

Regular Access Audits

• Monthly review: Check the Users page to ensure only current team members have access.
• Quarterly role review: Verify users still need their current permission levels.
• Annual comprehensive audit: Review all custom roles and permissions for relevance.

Security Considerations

• Limit high-risk permissions:
  • "Change Pools" and "Factory Reset" can redirect the hashrate.
  • "View Security" and "View Worker Names" expose credentials.
  • "Edit Company Settings" grants user management access.

• Use audit logs to monitor user actions, especially for privileged operations.

• Implementhe t least privilege principle: Users should have the minimum permissions needed for their job.

• Separate duties: Consider whether one person should have both "Change Pools" and "View Worker Names" permissions.

For Colocation/Hosting Facilities

• Never give customers "Add Miners" permission – they could add neighbors' equipment.
• Use sub-dashboards to isolate customer data.
• Restrict "Sub-Client Admin" to your staff only.
• Create a standard "Customer" role with appropriate limitations.

Troubleshooting Common Issues

User didn't receive the invitation email:

• Check spam/junk folders.
• Verify the email address was entered correctly.
• Resend the invitation (the old one may have expired).

User can't accept the invitation:

• Ensure they're using the email address the invitation was sent to.
• Check if the invitation has expired (24-hour limit).
• Send a new invitation.

User has wrong permissions:

• Verify their assigned role includes the necessary permissions.
• Check if they're assigned to a custom role that needs updating.
• Use the Actions button to change their role.

Can't find where to manage roles:

• Ensure you have Admin or Owner permissions.
• Navigate to "guy wearing a tie" > User > Roles tab.

What's Next?

You now have complete control over who can access your Foreman account and what they can do once they're in. Proper user management protects your operation while enabling effective collaboration.

Next Steps:

1. Move into the next learning path - Start here.
2. Understanding Audit Logs – Learn how to track user actions and maintain accountability.
3. Best Practices: Compliance – Additional measures to protect your mining operation.