Managing your account
Change your password, email, or username from the OrcheStack dashboard — no SQL, no command-line tools. Admins have extra controls for managing other users.
Where your credentials live
Every OrcheStack user account is a row in the platform.users table inside the base-install PostgreSQL. The schema looks roughly like:
platform.users ┌──────────────────┬───────────────────────────────────────────┐ │ id │ serial primary key │ │ full_name │ text │ │ email │ text unique │ │ username │ text unique │ │ password_hash │ text -- bcrypt, cost factor 12 │ │ role_id │ int references platform.roles(id) │ │ company_name │ text │ │ created_at │ timestamptz │ │ last_login_at │ timestamptz │ │ is_active │ boolean default true │ └──────────────────┴───────────────────────────────────────────┘
Passwords are never stored in plain text. OrcheStack hashes them with bcrypt before writing to the database; the original is not recoverable. If you forget your password, it must be reset — not retrieved.
You don't need to touch this table directly. Every field you'd want to change has a UI for it. Going into pgAdmin and running UPDATE platform.users SET password_hash = ... is unsupported and likely to break things (wrong hash format, stale session cookies, no audit log entry).
Change your own password, email, or username
From any page in the OrcheStack dashboard, open the user menu in the top-right and click Account settings. The page has three sections:
Change password
Enter your current password (for safety) and a new password (minimum 12 characters). OrcheStack:
- Verifies the current password by comparing its bcrypt hash to
password_hash. - Computes a new bcrypt hash for the new password.
- Updates
password_hashin a single transaction. - Invalidates all your other active sessions (you're logged out everywhere except this tab).
- Writes an entry to
platform.audit_log: "user.password_changed".
Change email
Enter your new email and confirm your password. The change is immediate — your next login can use either the old or new email for one hour (grace window), then only the new one.
Change username
Enter the new username. OrcheStack checks uniqueness against the platform.users table. On success, the change is immediate.
Forgot password
On the login page, click Forgot? next to the password field. OrcheStack:
- Asks for your email address.
- Generates a one-time reset token, stored in
platform.password_resetswith a 30-minute expiry. - Sends the token to your email (OrcheStack uses the SMTP credentials configured during install; if none, the token is shown to the Admin in the dashboard for manual delivery).
- On click, you land on a form that accepts the new password and consumes the token.
No email configured? In a development install where SMTP isn't set up, an Admin can reset any user's password from the Users page (see below). The user will be required to change it on next login.
What Admins can do
From Users in the admin dashboard, an Admin can:
- Add a new user — provide name, email, username, role, and a temporary password. The user is required to change it on first login.
- Reset another user's password — overrides the bcrypt hash with a new value. Writes an audit entry.
- Change another user's role — use the dropdown on their row.
- Deactivate a user — sets
is_active=false. They can no longer log in, but their historical activity and audit trail are preserved. - Reactivate a user — the reverse.
- Delete a user — hard delete. Prefer deactivate unless you have a compliance reason to fully remove.
Deleting an account
Regular users cannot delete their own account — only an Admin can. This is intentional to protect against accidental deletion and to ensure the audit trail stays coherent. If you want your account removed, ask your Admin.