One screen, three very different experiences

The Edit User screen (/settings/user-practitioner/edit-user/{userQuery}) is reached by clicking a row on the Users & Practitioners staff list — it isn't a standalone item in the Settings navigation. It's organized into four tabs: General, Security, Practitioner, and Signature.

What makes this the most intricate screen in ClinyPal's settings isn't the tabs themselves — it's that the same tab shows meaningfully different content depending on who's looking at it. The same four tabs render three distinct experiences: editing your own profile, editing a colleague's profile, and viewing the clinic's main owner as someone other than the owner. Fields quietly become read-only, buttons go inert, and entire toggles disappear, all without any obvious visual warning unless you know to look for it. This article works through every one of those differences so nothing here catches you off guard.

What you'll learn
  • What the unaccepted-invite and pending-email-change banners mean, and how to act on each one
  • Why the main owner's General Information, phone editor, and password become locked to everyone but the owner
  • How the Security Role field differs for the main owner versus everyone else
  • Why the Active account toggle disappears entirely on the main owner's profile
  • Why the ClinyPal marketing toggle only appears on your own profile
  • How MFA setup and the e-signature section are restricted to your own account
  • The extra rule that applies when you change someone else's password
  • Where the Practitioner tab and Passkey Manager actually live, and why they're not in the main Settings menu
Edit User screen with tab navigation
The Edit User screen showing the General, Security, Practitioner, and Signature tabs across the top, with the General tab active and a staff member's profile loaded.

Banners at the top of the page

Before any tab content, the screen can show one or both of two banners, depending on the state of the account you've opened. Neither banner is decorative — each one exists because the underlying condition needs action from someone, and this screen is where that action is taken.

Unaccepted-invite banner

Shown when the user hasn't validated their email yet If the person hasn't clicked through the original invite email to confirm their address, a banner across the top warns that their invite is still pending, with a <strong>Resend invitation</strong> button. Use it if the original email was lost, expired, or ended up in spam — it doesn't create a new account or reset anything they've already set up, it simply issues a fresh invite email.

Pending-email-change banner

Shown when an email change is in progress but not yet confirmed If this person has requested to change their sign-in email and hasn't yet clicked the confirmation link sent to the new address, a banner appears with two actions: <strong>Resend confirmation</strong> to send that confirmation link again, and <strong>Cancel email change</strong> to abandon the pending change and keep their current email as-is.

Until the change is confirmed, the account keeps signing in with its original email — nothing switches over prematurely. Cancel email change is the right call if the change was a mistake, if the new address is unreachable, or if enough time has passed that it's simpler to have the person restart the change from scratch.

Edit User screen banners for pending invite and pending email change
The Edit User screen with both the unaccepted-invite banner and the pending-email-change banner visible at the top, each showing their respective action buttons.
Both banners can appear at once, or neither These two conditions are independent of each other. A brand-new invitee who hasn't accepted yet obviously has no email-change request pending. A long-tenured staff member with a confirmed email will show neither banner at all — most profiles you open day to day will show none.

The main-owner lock

Every ClinyPal clinic has exactly one main owner — the account the clinic itself is registered under, marked with the Owner badge on the staff list. That account carries protection built directly into this screen: if you open the main owner's profile and you are not that same person — even if you're an Administrator yourself — several parts of the page lock down automatically, without any error message explaining why. Knowing this rule in advance saves confusion the first time you notice fields that simply won't respond.

Why this exists The account that owns the clinic can only be edited by that same person. This is a deliberate safety measure, not a bug: it prevents anyone else — including another Administrator — from changing the owner's core information, phone number, or password. Administrator access is powerful, but the clinic's ownership itself is meant to be un-hijackable by another admin account, whether through malice, a compromised session, or simple human error.
  • The entire <strong>General Information</strong> section becomes read-only.
  • The <strong>phone-numbers editor</strong> is disabled.
  • The <strong>Change Password</strong> button becomes inert — clicking it does nothing.
  • The <strong>Active account</strong> toggle is hidden entirely (this one is actually hidden for everyone, including the owner themselves — see below).
Main owner profile in read-only lock state
The General tab of the main owner's profile, viewed by someone other than the owner, showing the General Information fields greyed out, the phone-numbers editor disabled, and the Change Password button in its inert state.

General tab

Holds the person's core profile: General Information (name and similar identity fields) and their phone numbers. Both are fully editable under ordinary circumstances — the only exception is the main-owner lock described above, which applies regardless of your own role if you're not the owner yourself.

Security tab

This is the tab with the most conditional behavior on the entire screen. Every subsection below changes shape depending on whose profile is open and who's viewing it.

Security Role

A static note for the owner, an editable dropdown for everyone else For the main owner's profile, Security Role is displayed as a static, read-only note along the lines of "As the main owner, you have full access to all features and settings" — there is nothing to change, because the owner's access level isn't something any role dropdown could represent or reduce. For every other user, it's a genuine editable dropdown, and changing it takes effect the next time that person's permissions are evaluated.

This applies even when the owner is viewing their own profile — the static note isn't only shown to other people looking in, it's simply how the owner's role is represented everywhere on this screen, since there's no lower or different role the owner could be reassigned to.

Active account toggle

Hidden entirely on the main owner's profile The Active account toggle does not appear at all on the main owner's profile, regardless of who's viewing it — including the owner viewing themselves. The owner's account cannot be deactivated from this screen, or from anywhere else in the product, under any circumstances. If a clinic is genuinely changing ownership, that's a different process entirely from toggling a staff member inactive.

ClinyPal marketing toggle

Only visible when you're editing your own profile This toggle controls whether ClinyPal can send this person its own product and marketing communications — a personal communication preference, not a clinic-wide setting. Because it's personal, it only appears when you're looking at your own profile. It doesn't show up when you're viewing anyone else's profile, including the main owner's, since consenting to marketing email on someone else's behalf isn't something this screen allows.

Changing a password

An extra warning appears when you change someone else's password Changing your own password proceeds without any special confirmation. Changing anyone else's password shows an additional warning before it goes through, because you're directly affecting another person's ability to sign in — they'll need the new password from you, and their existing sessions may be affected. It's a deliberate speed bump against doing this casually.
You can't change the main owner's password unless you are the main owner On the main owner's profile, the Change Password button is inert for everyone except the owner. This follows the same reasoning as the rest of the main-owner lock: the one credential that controls the clinic's own owner account can't be reset by somebody else, even an Administrator, since that would effectively let one admin lock the actual owner out of their own clinic.

Multi-factor authentication (MFA)

This section shows the account's MFA status and lets you manage it, with behavior that depends on both whether MFA is already set up and whose account you're looking at.

MFA stateWhose profileWhat you see
Already enabledAny profileAn Active badge, the linked device's name, the date it was linked, and an <strong>Unlink</strong> button.
Not enabledYour own accountA <strong>Link device</strong> button to start MFA setup for yourself.
Not enabledSomeone else's accountNo <strong>Link device</strong> button at all. You cannot initiate MFA setup on another person's behalf from this screen.
MFA setup is self-service only, unlinking is not You can remove an existing MFA device from someone else's account — useful if they've lost the device and need it cleared before registering a new one — but you can never set MFA up on their behalf. Each person has to link their own device themselves, since the linking process proves possession of that specific device.

Practitioner tab: a doorway to a separate screen

The Practitioner tab controls whether this user is a practitioner at all, and — if so — is where you reach their scheduling-specific configuration. This is one of two places on this screen that function as a doorway into a dedicated sub-page reached only from inside Editing a User, not from the main Settings navigation. If you go looking for a practitioner's weekly availability directly under Settings, you won't find a standalone menu item for it; you get there by opening that practitioner's profile first.

Signature tab

Only editable on your own profile The e-signature section can only be edited when you're editing your own profile. You cannot edit someone else's signature under any circumstances, including the main owner's — a signature is meant to represent that specific person's own mark, not something set on their behalf.

Passkey Manager: the other doorway

The second sub-page reached only from inside Editing a User is the Passkey Manager, which manages WebAuthn passkeys for this account's sign-in — a stronger, phishing-resistant alternative to a typed password. Like Practitioner Settings, it isn't listed anywhere in the main Settings navigation; you reach it by opening a staff member's profile here first, then navigating into the Passkey Manager from within it.

What you can and can't do, by whose profile you're on

Because so much of this screen's behavior depends on context, it's worth having the whole picture in one place. This table covers the three situations you'll actually encounter: editing your own profile, editing a colleague's profile, and viewing the main owner's profile as somebody who isn't the owner.

Action or fieldEditing your own profileEditing someone else's profileViewing the main owner's profile, as someone else
General InformationEditableEditableRead-only
Phone numbersEditableEditableDisabled
Change passwordAllowed, no extra warningAllowed, with an extra warning alertInert — the button does nothing
Security RoleEditable dropdown (static note if you are the owner)Editable dropdownStatic read-only note
Active account toggleVisibleVisibleHidden entirely
ClinyPal marketing toggleVisibleHiddenHidden
MFA — Link deviceAvailable if not already enabledNot availableNot available
MFA — UnlinkAvailable if MFA is enabledAvailable if MFA is enabledAvailable if MFA is enabled
E-signatureEditableNot editableNot editable
Practitioner tab / Practitioner SettingsAccessibleAccessibleAccessible
Passkey ManagerAccessibleAccessibleAccessible
The owner's own Security Role field is always the static note When the main owner views their own profile, Security Role still shows as the static read-only note rather than a dropdown. The note isn't a some-people-only restriction — it's simply how the owner's role is represented everywhere, because there's no alternate role for the owner to be switched into.

Frequently asked questions

Was this article helpful?
Your feedback helps us improve our documentation.
Rate this article: