Managing your account

Change your password, email, or username from the OrcheStack dashboard — no SQL, no command-line tools. Admins have extra controls for managing other users.

Where your credentials live

Every OrcheStack user account is a row in the platform.users table inside the base-install PostgreSQL. The schema looks roughly like:

platform.users
┌──────────────────┬───────────────────────────────────────────┐
│ id               │ serial primary key                         │
│ full_name        │ text                                       │
│ email            │ text unique                                │
│ username         │ text unique                                │
│ password_hash    │ text  -- bcrypt, cost factor 12            │
│ role_id          │ int references platform.roles(id)          │
│ company_name     │ text                                       │
│ created_at       │ timestamptz                                │
│ last_login_at    │ timestamptz                                │
│ is_active        │ boolean default true                       │
└──────────────────┴───────────────────────────────────────────┘

Passwords are never stored in plain text. OrcheStack hashes them with bcrypt before writing to the database; the original is not recoverable. If you forget your password, it must be reset — not retrieved.

You don't need to touch this table directly. Every field you'd want to change has a UI for it. Going into pgAdmin and running UPDATE platform.users SET password_hash = ... is unsupported and likely to break things (wrong hash format, stale session cookies, no audit log entry).

Change your own password, email, or username

From any page in the OrcheStack dashboard, open the user menu in the top-right and click Account settings. The page has three sections:

Change password

Enter your current password (for safety) and a new password (minimum 12 characters). OrcheStack:

  1. Verifies the current password by comparing its bcrypt hash to password_hash.
  2. Computes a new bcrypt hash for the new password.
  3. Updates password_hash in a single transaction.
  4. Invalidates all your other active sessions (you're logged out everywhere except this tab).
  5. Writes an entry to platform.audit_log: "user.password_changed".

Change email

Enter your new email and confirm your password. The change is immediate — your next login can use either the old or new email for one hour (grace window), then only the new one.

Change username

Enter the new username. OrcheStack checks uniqueness against the platform.users table. On success, the change is immediate.

Forgot password

On the login page, click Forgot? next to the password field. OrcheStack:

  1. Asks for your email address.
  2. Generates a one-time reset token, stored in platform.password_resets with a 30-minute expiry.
  3. Sends the token to your email (OrcheStack uses the SMTP credentials configured during install; if none, the token is shown to the Admin in the dashboard for manual delivery).
  4. On click, you land on a form that accepts the new password and consumes the token.

No email configured? In a development install where SMTP isn't set up, an Admin can reset any user's password from the Users page (see below). The user will be required to change it on next login.

What Admins can do

From Users in the admin dashboard, an Admin can:

Deleting an account

Regular users cannot delete their own account — only an Admin can. This is intentional to protect against accidental deletion and to ensure the audit trail stays coherent. If you want your account removed, ask your Admin.