Clicking the icon next to a user in a Package opens their User Details view. This shows the live status of every permission in the package for that specific user — including permissions that have been modified, overridden, or are now coming from a different source.
Package dot indicators
Each permission row starts with a coloured dot:
| Dot | Meaning |
|---|---|
| Green | This permission is currently active in the package — it is included in future assignments and sync operations. |
| Red | This permission has been removed from the package. It is shown for reference only and will not be included in new assignments or syncs. |
Permission status badges
The User Status column shows where the user currently gets (or does not get) this permission from. The system checks five sources in order of priority:
| Badge | What it means | Syncable? |
|---|---|---|
| Active | The user is authorized through this package, with the correct value and parameter. | No — already in sync. |
| Manual (coincident) | The user has a manual authorization with the same value as the package. Both sources agree, but the source is not the package. | Yes — can sync to set source to this package. |
| Divergent | The user is authorized but with a different value, parameter, or both than what the package specifies. Sub-variants: Divergent (Value), Divergent (Param), Divergent (All). | Yes — sync to align to the package value. |
| Active Legacy | The permission was removed from the package (red dot), but the user's authorization record still shows this package as the source and is still active. The user retains access until it is manually revoked. | No — manage via Manage Permissions. |
| Active Manual | The permission was removed from the package, but the user still has an active manual authorization for it. | No — manage via Manage Permissions. |
| Not granted | The user has no active authorization for this permission yet. This can happen if the user was added after the permission was last synced, or if their authorization was revoked. | Yes — sync to grant. |
| Disabled Manual | A manual administrator action has explicitly disabled this permission for the user. | Yes — sync will re-enable with the package value. |
| Disabled Assignment | The package was unassigned from this user (they appear in the Former section). Their permissions are inactive. | No — re-assign the package first. |
| Archived | The permission record exists but is inactive and no longer in effect. | No. |
| Profile: … | Access is coming from an active Permission Profile assigned to this user, not from the package directly. | Yes — can sync to also set the package as a source. |
| Auto (rule) | Access is granted by an automatic inheritance rule (e.g. group membership). The rule name is shown in parentheses. | Yes — can sync to also set the package as a source. |
| Founder | The user is the account Founder and always has full access. Cannot be modified. | No. |
| Other Package (package:N) | This permission is managed by a different package. It is shown read-only here. | No — manage from that other package. |
Removing a user from a Package
Click Remove package assignment at the top of the permissions card. This sets the user's assignment to Former status and disables all permissions that were granted via this package. Permissions that were manually re-assigned through Manage Permissions are not removed automatically — a note in the confirmation message reminds you of this.
