Platform operators
Super → Platform operators (central host only) lists users who hold the direct Spatie permission super.tenants. That permission gates Super → Tenants and this screen. It is not part of the default tenant admin role.
Add an operator
Use the form on the index page to create a new user or grant access to an existing user by email.
| Field | Purpose |
|---|---|
| Name | Required when the email is not already in the users table. |
| Login address. | |
| Tenant | No tenant for central Super access only, or pick an organization for active membership and tenant admin portal access. |
| Send password reset | Sends a reset link when creating a new user (default on). |
When you choose No tenant, the user gets no tenant_user_memberships row. Super access is stamped using PLATFORM_SUPER_PERMISSION_TEAM_ID (a tenants.id used only for the Spatie permission pivot, not membership). Set that env var in .env before provisioning tenant-less operators.
When you choose a tenant, the user receives an active admin membership and the Spatie admin role in that tenant, plus direct super.tenants on that team id.
After grant, you are taken to the operator detail page.
Edit an operator
Click a name or email in the list to open the detail page.
| Section | What you can do |
|---|---|
| Profile | Change name and email (email is fixed for the account owner). Change tenant affiliation: pick an org for admin membership or No tenant for central-only Super (requires PLATFORM_SUPER_PERMISSION_TEAM_ID when there is no active admin membership). Switching tenant suspends other active admin memberships and re-syncs super.tenants pivots. |
| Password reset | Email a reset link (works for existing users, not only new ones). Not available for the account owner. |
| Set password | Set a new password in-app without email. Not available for the account owner. |
| Danger zone | Revoke removes direct super.tenants on every Spatie team for that user. |
Revoke access
Revoke on the index or detail page removes direct super.tenants for that user on every Spatie team where it was granted. The account owner (configured as PLATFORM_ACCOUNT_OWNER_EMAIL, default meesam@toolilogistics.com) cannot be revoked from this screen. At least one platform operator must remain.
Tenant roles
Custom tenant roles cannot include super.tenants in the permission matrix; use this screen instead.