User accounts are created and administered in the User and Group Management dialog box, and then assigned to vaults.
You can create a new user, view or edit a user profile. You can't delete a user, but you can disable an account so a user can no longer log in to the vault.
In addition to unique display names, users are assigned roles. Roles determine whether or not a user can administer the vaults, create folders, add and delete files, or get data. Each role is defined by a set of permissions. Role-based permissions are additive, so a user assigned multiple roles has all the privileges of the assigned roles. A user that does not have any role assigned and does not belong to a group with a role has no access to the vault. Administrators can create custom roles and assign specific permissions to those roles.