Users

R2R provides a comprehensive user management and authentication system that enables secure access control, user administration, and profile management. This system serves as the foundation for document ownership, collection permissions, and collaboration features throughout R2R.

Refer to the users API and SDK reference for detailed examples for interacting with users.

Core Concepts

R2R’s user system is built around three fundamental principles. First, it ensures secure authentication through multiple methods including email/password and API keys. Second, it provides flexible authorization with role-based access control. Third, it maintains detailed user profiles that integrate with R2R’s document and collection systems.

Authentication

Users can authenticate with R2R through several secure methods. Traditional email and password authentication provides standard access, while API keys enable programmatic integration. The system supports session management with refresh tokens for extended access and automatic session expiration for security.

When email verification is enabled, new users must verify their email address before gaining full system access. This verification process helps prevent unauthorized accounts and ensures reliable communication channels for important system notifications.

User Management

Profile Information

Each user in R2R has a comprehensive profile that includes:

1. Core Identity

   • Email address (unique identifier)
   • Display name
   • Optional biography and profile picture

2. System Status

   • Account creation date
   • Active/inactive status
   • Verification status
   • Last activity timestamp

Role-Based Access

R2R implements a straightforward but powerful role system:

Regular users can manage their own content, including:

• Creating and managing documents
• Participating in collections they’re granted access to
• Managing their profile and authentication methods

Superusers have additional system-wide capabilities:

• Managing other user accounts
• Accessing system settings and configurations
• Viewing usage analytics and audit logs
• Overriding standard permission limits

API Access

R2R provides flexible API access through dedicated API keys. Users can:

• Generate multiple API keys for different applications
• Name and track individual keys
• Monitor key usage and last-access times
• Rotate or revoke keys as needed

The system maintains a clear audit trail of API key creation, usage, and deletion to help users manage their programmatic access securely.

Security Features

Account Protection

R2R implements multiple security measures to protect user accounts:

• Strong password requirements
• Secure password reset flows
• Session management and forced logout capabilities
• Activity monitoring and suspicious behavior detection

Email Security

The email system handles several security-critical functions:

• Account verification for new users
• Secure password reset workflows
• Important security notifications
• System alerts and updates

Document Management

Users automatically become owners of documents they create, granting them full control over those resources. Through collections, users can:

• Share documents with other users
• Set document permissions
• Track document usage and access
• Manage document lifecycles

Enterprise Features

Enterprise deployments gain access to advanced user management features including:

• Single Sign-On (SSO) integration
• Advanced user analytics and reporting
• Custom user fields and metadata
• Bulk user management tools
• Enhanced security policies and controls

Conclusion

The R2R user system provides a secure and flexible foundation for document management and collaboration. Through careful design and robust security measures, it enables both simple user management and complex enterprise scenarios while maintaining strong security standards.