Skip to main content

Overview

User management controls who can access your XyraPanel and what actions they can perform. The panel supports two main roles:
  • Admin: Full access to all panel features, servers, and settings
  • User: Limited to accessing their own servers and account settings

Creating Users

1

Navigate to users

Go to Admin > Users in the panel.
2

Create new user

Click Create User and fill in:Username (required)
  • Unique identifier for login
  • Alphanumeric, underscores allowed
  • Example: john_doe, player123
Email (required)
  • User’s email address
  • Used for notifications and password resets
  • Must be unique
Password (required for new users)
  • Initial password
  • User can change it after first login
  • Leave blank when editing to keep existing password
Role
  • User: Standard access (default)
  • Admin: Full administrative access
3

Save and notify

Click Create to save the user. Optionally send them their credentials via email.

User List

The user list displays:
ColumnDescription
UserUsername, name, and avatar
EmailContact email address
2FATwo-factor authentication status (🔒 enabled / 🔓 disabled)
ServersOwned servers / Total accessible servers
RoleAdmin or User badge
CreatedAccount creation date
ActionsView, Edit, Delete buttons

Searching Users

Click Search to find users by:
  • Username
  • Email address
  • Name
The search uses fuzzy matching to find partial matches.

Editing Users

1

Open user editor

Click the pencil icon next to a user, or search and select them.
2

Update details

Modify any of:
  • Username
  • Email address
  • Password (leave blank to keep current)
  • Role (User ↔️ Admin)
3

Save changes

Click Update to apply changes immediately.
Changing a user’s role to Admin grants them full access to all servers, settings, and administrative functions.

User Profile

Click View Profile (user icon) to see detailed user information:

Account Overview

  • Username and email
  • Account creation date
  • Last login timestamp
  • Two-factor authentication status

Servers

List of servers the user:
  • Owns: Servers created by or assigned to this user
  • Has Access To: Servers they can access via subuser permissions

Activity Log

Recent actions by the user:
  • Server creations/deletions
  • File modifications
  • Power actions (start, stop, restart)
  • Setting changes

API Keys

User-created API keys for programmatic access:
  • Key identifier
  • Creation date
  • Last used timestamp
  • Permissions scope
Admins can view and delete user API keys, but cannot see the actual key tokens.

User Actions

Impersonate User

Log in as another user to troubleshoot issues or assist them:
1

Start impersonation

From the user profile, click Impersonate.
2

Access their account

You’ll be logged in as that user and see their interface exactly as they do.
3

End impersonation

Click Stop Impersonating in the header to return to your admin account.
All actions performed while impersonating are logged under your admin account, not the user’s.

Suspend User

Temporarily disable a user’s access:
1

Open user profile

Navigate to Admin > Users > [Username].
2

Suspend account

Click Suspend in the actions menu.
3

Confirm suspension

The user will be immediately logged out and cannot log back in until unsuspended.
Suspended users:
  • Cannot log in to the panel
  • Cannot access their servers
  • Their servers continue running
To unsuspend, click Unsuspend from the user profile.

Reset Password

Force a password reset for a user:
1

Initiate reset

From the user profile, click Reset Password.
2

Choose method

Send Reset Email: User receives a password reset link
Set New Password: You provide a new password immediately
3

Notify user

Inform the user of the password change via your preferred communication method.

Disable 2FA

Remove two-factor authentication if a user loses access:
1

Access security settings

From the user profile, go to the Security tab.
2

Disable 2FA

Click Disable 2FA and confirm.
Disabling 2FA reduces account security. Encourage the user to re-enable it after logging in.

Verify Email

Manually mark a user’s email as verified:
1

Access user profile

Navigate to the user’s profile page.
2

Mark as verified

Click Mark Email Verified in the actions menu.
This bypasses the email verification email if:
  • The verification email wasn’t received
  • Email sending is not configured
  • The user’s email is known to be valid

Deleting Users

Deleting a user is permanent and cannot be undone. All associated data will be removed.
1

Open deletion dialog

Click the trash icon next to a user.
2

Confirm deletion

Review the warning:
  • User account will be deleted
  • User’s API keys will be revoked
  • User’s subuser permissions will be removed
  • User’s owned servers will be deleted
3

Delete user

Click Delete User to confirm.
What happens to servers?
  • Servers owned by the user are deleted
  • Servers they had subuser access to remain unaffected
  • If you want to keep their servers, transfer ownership first

Bulk Operations

Exporting Users

Export user data for backup or migration: 
curl -X GET https://panel.example.com/api/admin/users \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json" \
  > users-backup.json

Importing Users

Create multiple users via API: 
for user in $(cat users.csv); do
  username=$(echo $user | cut -d',' -f1)
  email=$(echo $user | cut -d',' -f2)
  
  curl -X POST https://panel.example.com/api/admin/users \
    -H "Authorization: Bearer YOUR_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "username": "'$username'",
      "email": "'$email'",
      "password": "ChangeMeAfterLogin",
      "role": "user"
    }'
done

User Statistics

The user list footer shows:
  • Total users: All registered accounts
  • Admin users: Users with admin role
  • Active sessions: Currently logged-in users
  • New this month: Accounts created in the last 30 days

Permissions

Admin Role

Admins can:
  • ✅ View and manage all servers
  • ✅ Create and delete servers
  • ✅ Manage users and roles
  • ✅ Configure nodes and allocations
  • ✅ Access system settings
  • ✅ View activity logs
  • ✅ Manage API keys

User Role

Users can:
  • ✅ Access their own servers
  • ✅ Manage server files and databases
  • ✅ Create subusers for their servers
  • ✅ Change their own account settings
  • ❌ View other users’ servers
  • ❌ Access admin panel
  • ❌ Modify system settings

Security Best Practices

Strong Passwords

Enforce requirements:
  • Minimum 8 characters
  • Mix of uppercase, lowercase, numbers
  • Special characters recommended
Avoid:
  • Common passwords (password123)
  • Personal information (birthdays)
  • Reused passwords from other services

Two-Factor Authentication

Encourage all users (especially admins) to enable 2FA:
  1. User goes to Account Settings > Security
  2. Clicks Enable Two-Factor Authentication
  3. Scans QR code with authenticator app
  4. Enters verification code to confirm

Role Assignment

Principle of least privilege:
  • Only assign admin role when necessary
  • Create separate accounts for different roles
  • Regularly review admin access
Avoid:
  • Making everyone an admin
  • Sharing admin accounts
  • Leaving unused admin accounts active

Troubleshooting

User can’t log in

Check:
  • Username and email are correct
  • Account is not suspended
  • Password hasn’t expired
  • Email is verified (if required)

User doesn’t receive emails

Verify:
  • Email address is correct
  • Mail server is configured
  • Emails aren’t in spam folder
  • Check panel mail logs

User sees wrong servers

Ensure:
  • User is logged in as correct account (not impersonating)
  • Server ownership is assigned correctly
  • Subuser permissions are configured

Server Management

Assign servers to users

API Keys

Create API keys for users

Build docs developers (and LLMs) love

Get started for freeTalk to us