Geekonomics

Platform Super-Admin

The Platform panel is a cross-tenant operator view available to a small number of trusted users. It's separate from the per-tenant Admin Console — it lets a hosted-instance operator see every tenant on the install and take operator actions on any of them.

Who can access it

Only users with the is_platform_admin flag set on their database row can see the Platform sidebar entry or load /platform. This is not granted through any UI — it's set directly in the database.

Granting access

On a self-hosted install, SSH to the host and run:

bash
docker compose exec bookkeeping sh -c \
  'cd /app && node -e "const db = require(\"./db\"); \
   db.prepare(\"UPDATE users SET is_platform_admin = 1 WHERE email = ?\")\
   .run(\"you@example.com\")"'

Then sign out and sign back in for the session to pick up the flag. You'll see a Platform entry with a shield icon just above Settings.

To revoke access, run the same command with is_platform_admin = 0.

Platform overview

The landing view at /platform shows three summary cards (total companies, active companies, total users) and a table of every tenant with:

  • Company name and owner
  • User count
  • Transaction count
  • Invoice count
  • Last activity (date of the most recent transaction)
  • Active/Inactive status

Click View → on any row to open the tenant detail page.

Tenant detail

The tenant detail page at /platform/companies/:id shows:

  • Company header with name, owner, creation date, and active/inactive badge
  • Stats grid (Users, Transactions, Invoices, Accounts)
  • Users table with per-user actions

Deactivating / reactivating a tenant

Use Deactivate to immediately lock a company out of the app. The next request from any of that company's users gets a 403 with "This account has been deactivated. Contact support." and their session is destroyed.

Use Reactivate on a deactivated tenant to restore access. No data is touched — only the active flag flips.

Resetting a user's password

Click Reset Password on any user row. The system generates a random 12-character temporary password, hashes it with bcrypt, sets the user's force_password_change flag, and shows the temp password once in a modal.

  • The password is only shown once — copy it before closing the modal
  • Share it with the user through a secure channel
  • On their next sign-in, they're required to set a new password

What's not in this panel

By design, the Platform panel is read-mostly with limited operator actions. It is not:

  • An impersonation tool — there is no "sign in as" feature
  • A way to view a tenant's transactions, invoices, or financial data
  • A billing or subscription manager
  • A user creation tool (admins do that inside their own tenant)

If you need to inspect a tenant's data directly, do it against the database. If you need impersonation, that is a deliberate non-feature for privacy reasons.

Geekonomics — bookkeeping for small businesses

Open source under MIT License