Skip to content

Users and Roles

Odeion uses an invite-based registration system: new accounts are created only by redeeming an invite code. All user management happens in Admin > Users.

Four roles form a hierarchy; each role includes everything below it.

CapabilityViewerCuratorModAdmin
Browse, search, and watch the libraryYesYesYesYes
Watch progress, playlists, personal settingsYesYesYesYes
Join Watch Together sessionsYesYesYesYes
Request content via Sonarr/RadarrYesYesYes
Create and manage invitesviewer/curator onlyAll roles
View the admin panelRead-onlyFull
Change settings, manage users, libraries, backupsYes

Mods and admins create invites from Admin > Users, choosing the granted role, expiry, and use count. See Invites and Registration for details, including the OAuth signup path and rate limiting.

Admins can manage any user from Admin > Users:

ActionEffect
Change rolePromote or demote between viewer, curator, mod, and admin.
Lock / unlockA locked account cannot sign in, use its sessions, or use its API keys. Useful for suspending a user without deleting their history.
Download accessToggle whether the user can download transcoded media files. Enabled by default.
API keysToggle whether the user may create API keys. Disabled by default.
Change usernameUpdate the account’s username.
Generate password reset linkOne-time link the user redeems to set a new password.
Delete accountPermanently removes the user and their data.

Three flows cover lost passwords and lockouts:

  • An admin generates a reset link from this page (valid 24 hours, single use).
  • The user redeems it at the link to set a new password.
  • If the only admin is locked out, the odeion reset-password CLI command on the server host issues a link and clears the account lock in one step.

Details on all three, including what a reset does and does not do, are on Password Reset and Rate Limiting and Account Locking.