Yes. cPanel is more than capable of having multiple users.
While it is not currently possible to have two primary cPanel users (the main hosting admin account), it is now possible to add additional cPanel users, even with admin privileges.
Each of these accounts will have separate login and password for email, FTP, and Web Disk services.
Previously, to do that (that is to add or create a new user in cPanel), or to give cPanel access to a developer, you will either follow the How To Create A cPanel Sub-Account For Your Website Developer tutorial.
Or our blog post on How To Grant Access To Your Web Developer Like A Pro.
Creating or adding new users to your cPanel has now been further enhanced with the addition of the Manage Team that came with cPanel & WHM version 112.
The Manage Team feature allows you (the main hosting admin user) to:
- create and manage a team of cPanel users that can assist you with managing domains, email accounts, and databases.
- list associated with your Manage Team account
- edit details such as password settings and roles for the team user
- suspend to block a user from accessing the account
- expire and/or delete a cPanel team user
- use the Audit Log to track team user actions that use the API
With these functionalities, the efficiency and security of managing additional users in cPanel have been strengthened.
So let's learn how to use the Manage Team feature.
Adding A New User or Team via cPanel UI
Before starting off, it is important to differentiate between the team owner and who owns the team.
The team user is a virtual account that exists under the team owner's account.
The team owner is the primary cPanel account that has complete access to all cPanel functions.
A team user will have limited access or as may be granted or given by the cPanel main account (the team owner) using the Manage Team.
As a cPanel owner, log in to your cPanel.
There are three ways that you can use to locate the Manage Team interface.
You can take a look at the upper-left of your cPanel:
Or you can use the Search function to search for Manage Team:
Or you can scroll down to the Preferences section and then click on the Manage Team icon.
Once the page loads, you will see an interface that looks like this:
How To Create A New Team User in cPanel Using Manage Team
Creating a new team user couldn't have been easier.
To create a team user, simply click Create Team User in the List Team table (cPanel » Home » Preferences » Manage Team).
Or any of the options listed earlier before.
When the new interface appears, you will see the various settings such as the space to add his or her username, password, role, and other settings.
Before doing so, figure out the role you want to grant this user.
Roles are a set of cPanel privileges, features, files, or tasks that the team user you are creating can use.
Here are the roles and their description:
Roles |
Role Descriptions |
| Administrator | Enables a team user to access high-level tools and modify files in the team owner's cPanel account. It includes all privileges connected to each of the other roles. |
| Database | Enables a team user to access tools and modify files related to database management for the team owner's cPanel account, such as MySQL Manager. |
| Enables a team user to access tools and modify files related to email administration for the team owner's cPanel account, such as email routing and mailing lists. | |
| Web | Enables a team user to access tools and modify files related to website functionality, such as WordPress Toolkit and bandwidth. |
There is something else to keep in mind.
When you as the cPanel team owner create a team user account, cPanel creates a virtual MySQL user account for that team user.
Each MySQL user account will have the username format team-owner_team-user.
For example, if you are the team owner named "Leo" and then you create a team user name "Ava", then Avas MySQL user account name would be leo_ava.
According to cPanel docs, the status of each MySQL user account will correspond to the status of the team user account.
If you "Leo" as the team owner decide to delete, suspend, or reinstate "Ava" as a team user, then cPanel will delete, suspend, or reinstate the associated MySQL user account.
With this in mind, let's proceed with the actual team user creation.
Type in Ava's username in the Username text box.
Select whether Ava will have to set her account password. If that is the route you want to take, cPanel will send Ava an email to allow them to set her password.
But we recommend that you choose "Set the user's password" to set the team user's password.
This ensures that each account password is consistent with your organization's password policy.
You can use the "Generate" function so that cPanel can create a secure 18-character password for you. Please click the more icon (More) to select password complexity settings to set the length.
Or if you are using a password manager, either use its password generation capabilities or simply visit online tools such as:
- Bitwarden Password Generator
- PasswordGenerator.net
- Dashlane Password Generator
- LastPass Password Generator
- Delinea Password Generator
- 1Password Password Generator
Type in Ava's user email address in the Contact Email text box. In this case, the result will be ava@leosdomain.com since the username will always precede the cPanel account's primary domain.
Select the role you want to assign Ava from the Roles menu. If you skip this step, Ava as your team user will only be able to edit her personal account preferences.
Tick the "I have read and understood the security risk warning" checkbox.
Optionally, type in any note that could help you keep track of things in the Notes text box.
Click on the Create button to create Ava as the new user of your team.
cPanel will send an activation email to the new team user. You can now either click Go Back to cancel this action or return to the Manage Team interface.
How To Create A New Team User with cPanel UAPI
Since you can use this API to access and modify cPanel account data and settings, you can also use it to create and add a new team user.
Before proceeding, determine these as they are required:
Parameter |
Description |
| email1 | the contact email for the new team user. An example would be email1=ava@leosdomain.com |
| user | the username of the team user. An example would be: user=teamuser |
The following parameters are optional but important:
Parameter |
Description |
| activation_email | whether you want to send an email to the team user so that she can set her own password. |
| email2 | any secondary email for the new team user. |
| expire_date | Unix Epoch Time on which the team user account expires. Epoch time is defined as "the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (in ISO 8601: 1970-01-01T00:00:00Z). You can use GUI tools such as Epoch & Unix Timestamp Conversion Tools |
| expire_reason | reason for expiration. E.g . expire_reason=teamUser gave a two-week notice. |
| notes | any note you want to add about the new team user. The maximum number of characters is 100 you should not add any private information to this. E.g.: notes=This is a note about team user |
| password | Creating a user requires that you must pass either the password or activation_email parameter. So if you are setting a password for the new team user, use this parameter. An example would be password=securepassword |
| roles | Use this to add a comma-separated list of roles that will be assigned to the new team user. An example would be: roles=email,database |
The following parameters are optional but important:
Parameter |
Description |
| services.email.enabled | Use this if you want to create an email subaccount for the team user. A subaccount is always created for a team user, but it does not have any associated service subaccounts by default. An example would be services.email.enabled=1 |
| services.email.quota | Use this to set the maximum amount of disk space, in megabytes (MB) you want to allocate to the team user's email account. This could be 0 or unlimited. An example would be: services.email.quota=500 |
| services.ftp.enabled | Use this to create an FTP subaccount for the team user. An example would be: services.ftp.enabled=1 |
| services.webdisk.enabled | Use this to create a Web Disk subaccount for the team user. An example would be: services.webdisk.enabled=1. See the next parameter. |
| services.webdisk.homedir | Use this to create Web Disk home directory - relative to the cPanel account's home directory for the team user. Required if you enable the services.webdisk.enabled parameter above. An example would be: services.webdisk.homedir=/teamusername |
| services.webdisk.perms | Use this to set file permissions for the Web Disk home directory. This can either be ro - read-only permissions. Or rw -read and write permissions. An example would be: services.webdisk.perms=rw |
| services.webdisk.private | Use this to set the directory's permissions to public or private. This can either be: 1 for Private (0700). Or 0 for Public (0755). An example would be: services.webdisk.private=1 |
:
To see a list of all team roles and their included features, run:
uapi --output=jsonpretty \ TeamRoles \ list_feature_descriptions
Let's formulate these parameters to create a team user, set a password, set an admin role, and add an expiration date:
uapi --output=jsonpretty \ Team \ add_team_user \ user='Ava' \ email1='ava@webcomm.dev' \ password=H:4%Ju*=ha2n}nJD}yDh \ expire_date=1688181360 \ expire_reason=Terminated - Started a Flame War in the company Slack Channel
You will see an output like this:
{
"module" : "Team",
"apiversion" : 3,
"result" : {
"data" : "1688181360",
"errors" : null,
"warnings" : [
"Warning: This action may result in team users gaining access to team owner level privileges."
],
"status" : 1,
"messages" : null,
"metadata" : {}
},
"func" : "add_team_user"
}
Note that you can run these commands with the backslash which is often used to continue a command across multiple lines.
This is useful for readability when a command becomes too long to fit on a single line.
So to create a Teams user with a password:
uapi --output=jsonpretty Team add_team_user user='USER' email1='EMAIL_ADDRESS' password=PASSWORD
And to create a Teams user and send them an email to set their own password, you can use:
uapi --output=jsonpretty Team add_team_user user='USER' email1='EMAIL_ADDRESS' activation_email=1
How To List cPanel Account Team Users
To view more information about a team user account, click the (More) icon.
This will pull up these:
- Restriction Information
If the team user is suspended, the interface will display the date of the suspension and the reason for the suspension. If the team user is set to expire on a specific date, the interface will display the date of the expiration and the reason for the expiration. If the team owner does not provide a reason for suspension or expiration, these fields will be blank.
- Account Information
The team user's login username, relevant notes about the team user, the last login date, and the creation date of the account. The interface will display the time and date according to the team owner's locale.
- Team Information
The roles assigned to the team user.
- Security Information
The contact email address for the team user.
From the actions column, click to perform the following actions:
- Edit User: Click to edit the account information for the team user.
- Suspend: Click to suspend the team user account.
- Delete: Click to delete the team user account.
You can also use UAPI to list the team users connected to a cPanel account:
uapi --output=jsonpretty \ Team \ list_team
How To Suspend A cPanel Team User
If for example Ava has been suspended for not posting enough cat pictures but you simply want to block her from accessing the account, you as the team owner can suspend her.
Please note that this suspension will prevent the user "Ava" from accessing anything from within the cPanel interface. You also cannot change the password for a suspended team user. And while suspended, the user will count toward the maximum number of allowed accounts for Manage Team.
To proceed with the suspension, click Suspend in the Actions section.
To use cPanel UAPI, then use:
uapi --output=jsonpretty \ Team \ suspend_team_user \ user='Ava'
If you want to remove the team user from suspension (i.e. reinstatement), then click Unsuspend in the Actions section.
To do this via the command line:
uapi --output=jsonpretty \ Team \ reinstate_team_user \ user='teamUser'
How To Delete A cPanel User From Your Team
So Hugo is a web developer you have given a web and database access to get your web hosting account running.
Now he has tested and delivered the project, you want to remove his access to your cPanel.
After checking your SSH keys to ensure that no strange or unfamiliar key has been added, locate the Hugo in the list and click Delete.
When the confirmation window appears, click Delete to confirm the operation.
To do that via the command line:
uapi --output=jsonpretty \ Team \ remove_team_user \ user='Ava'
If you simply want to remove Hugo's roles but kept his account (because you never know), then:
uapi --output=jsonpretty \ Team \ remove_roles \ user='Ava' \ role='database'
How To Send A Password Reset To Your Team User
So "Ava" didn't save the password you sent to her (though you should ONLY share credentials using a password manager)and has now forgotten it.
You need to send a password reset request link to the team user.
You can do this via CLI:
uapi --output=jsonpretty \ Team \ password_reset_request \ user='Ava'
To replace the current password with a new one (and then share it securely with Ava):
uapi --output=jsonpretty \ Team \ set_password \ user='teamuser' \ password='securepassword'
How To Use Manage Team Audit Log
As a web hosting admin or team owner auditing is a valuable tool that can help to improve your security and compliance.
In the context of security and system access, auditing is the process of tracking and recording who has access to these files, and what they do with them.
This information can be used to identify potential security threats, such as unauthorized access or changes to sensitive data.
There are two main types of auditing: success auditing and failure auditing.
Success auditing records events such as when a user successfully opens a file or folder, while failure auditing records events such as when a user attempts to access a file or folder that they do not have permission to access.
The benefits of auditing include:
- Improved security: Auditing can help to identify and prevent unauthorized access to sensitive data.
- Compliance: Many industry regulations require organizations to implement auditing to protect sensitive data.
- Incident response: Auditing can provide valuable information that can be used to investigate and respond to security incidents.
Manage Team has an Audit Log interface at cPanel » Home » Preferences » Manage Team » Audit Log.
You can use this to track each team user's actions and shows API function calls made by different team users.
To display these actions, just click View Audit Log to open the interface which consists of the Search text box and the Audit Log table.
With the Search text box, you can search for specific audit log entries.
To navigate, use the navigation controls to the right of the box to page through the list of entries.
The audit log table displays information about the activities of your team users.
To sort the results of the table by that heading in ascending or descending order, click a column's heading.
This will show you the:
|
|
|
| Timestamp | The date and time when the team user made the API call. |
| Called By | The team user's username. |
| API Version | The version of the API used. |
| Call | The API call is made by the team user. |
| Origin | The API call's origin is either the terminal or the user interface. |
We recommend that you review the audit logs on a regular basis to identify any suspicious activity.
You should also have an action plan or playbook that you will use to take appropriate action to investigate and remediate any security incidents that are identified.
We hope that this tutorial on how to grant access to users in cPanel has been of great help to you.
If you have a question on this or want to suggest a correction or want our team to manage your cPanel account (or cPanel & WHM server) for you, please reach out to our content editors via this email address.
