← All documentation
Admin · User Administration

Bulk User Actions

Operator and engineering guide for bulk banning users, applying account restrictions, and creating the same note for multiple users.

01Overview

Bulk actions are available from the Admin user search page under Bulk Actions. All three actions share one CSV format and a preview-before-processing workflow. Access is limited to Admin and Super Admin roles.

Bulk Ban

Creates a non-expiring ban with one selected reason for each uploaded user and removes active sessions.

Per-user resultsAudited
🔒

Bulk Restrict

Disables one or more capabilities for every uploaded user, including optional forced password reset.

Multiple actionsPer-user results
📝

Bulk User Notes

Adds one shared internal note to every uploaded user after confirming that all users exist.

All-or-nothing1–3,000 characters
02Operator workflow

The UI intentionally separates configuration, verification, and processing so an operator can inspect the selected users before a destructive action runs.

1

Choose the action

Open User Administration → Users → Bulk Actions, then select Ban, Restrict, or User Notes.

2

Configure and upload

Select the reason/restrictions or enter the note, then upload the user CSV.

3

Verify

Review the selected users, total count, and action details shown in the preview table.

4

Process and review

Run the operation and inspect the final result or validation/server error.

03Shared CSV format

A downloadable template is available in every dialog. Only userId affects the backend request; the optional columns make the preview easier for an operator to verify.

ColumnRequiredValidation and purpose
userIdYesMust be a valid UUID. Duplicate IDs are rejected before processing.
userNoUsername displayed in the preview. username is also accepted as a header.
nameNoHuman-readable name displayed in the preview.
emailNoUsed as a preview fallback when the username is empty.
accountsNoInformational account count. account and accountCount are accepted headers.
userId,user,name,email,accounts
9c28c670-52ef-4303-a849-9bb5d666d366,john_doe,John Doe,john@example.com,1
Header normalizationHeaders are trimmed, lowercased, and compared without spaces, underscores, or hyphens. Empty CSV rows are skipped. The file must contain at least one user.
04Bulk Ban

Bulk Ban applies the same non-expiring ban reason to every user. Users are processed sequentially, and an individual failure does not stop subsequent users.

Available reasons

  • Player's request — players-request
  • Self-exclusion — self-exclusion
  • Ongoing checks — ongoing-checks
  • Company decision — company-decision
  • Compliance decision — compliance-decision
  • Fraud detection — fraud-detection
  • Chargeback — chargeback

Backend behavior

  • Confirms each user exists.
  • Creates a permanent ban with the selected reason.
  • Deletes all active sessions for the user.
  • Returns success or error for every user.
  • Stores the result list as a JSON file in S3.
  • Writes the userBan.bulkBan audit action.
POST/user-bans/bulk-ban
{
  "userIds": ["9c28c670-52ef-4303-a849-9bb5d666d366"],
  "reason": "company-decision"
}
05Bulk Restrict

At least one restriction must be selected before a CSV can be uploaded. Multiple restrictions can be applied in the same request.

Admin optionAPI valueEffect
Restrict pay-insdisableDepositSets canDeposit to false.
Restrict payoutsdisableRedeemSets canRedeem to false.
Restrict chatdisableChatSets canChat to false.
Restrict bettingdisableBetSets canBet to false.
Force password resetforcePasswordResetSets mandatory password reset. Users without an email profile return an error.

Processing

  • Finds the user state for each uploaded user.
  • Writes all selected restrictions to the user state.
  • Propagates the updated permissions to active sessions.
  • Continues processing after an individual user fails.

Results and audit

  • Returns the user ID, actions, status, and message per user.
  • Shows successful and failed totals in the Admin UI.
  • Stores the result list as a JSON file in S3.
  • Writes the userState.bulkRestrict audit action.
PATCH/user-states/bulk-restrict
{
  "userIds": ["9c28c670-52ef-4303-a849-9bb5d666d366"],
  "actions": ["disableDeposit", "disableRedeem"]
}
06Bulk User Notes

Bulk User Notes adds the same internal note to all users in the CSV. The note is trimmed before submission and must contain between 1 and 3,000 characters.

Validation

  • The note is required before CSV upload is enabled.
  • Duplicate user IDs are rejected by the shared CSV parser.
  • The backend verifies that every unique user exists.
  • If any user is missing, no notes are inserted.

Persistence

  • Creates one note row per unique user.
  • Records the current admin as the note creator.
  • Invalidates cached user-note queries after success.
  • Writes the userNote.bulkCreate audit action.
POST/user-notes/bulk
{
  "userIds": ["9c28c670-52ef-4303-a849-9bb5d666d366"],
  "text": "User contacted support about duplicate accounts."
}
07Result and error semantics

Understanding which errors are file-level, user-level, or request-level is important before retrying a bulk action.

StageBehaviorOperator action
CSV parsingMalformed CSV or unreadable file shows a parsing error. Nothing is sent to the backend.Correct the file and upload again.
CSV validationInvalid/duplicate UUIDs or an empty file show validation errors. Nothing is processed.Correct every reported row before retrying.
Ban/restrict user resultEach user returns success or error; processing continues for later users.Review failed rows and retry only users whose current state was verified.
Bulk notes requestIf any user does not exist, the entire request fails and no notes are created.Remove/correct missing IDs, then submit again.
Request/server failureThe UI shows a server error instead of per-user results.Verify user state before retrying; part or all of a ban/restrict batch may already have completed.
Safe retry ruleDo not blindly resend the full CSV after a request-level bulk ban or bulk restrict error. User updates occur before final result archival, so first verify which users changed and retry only confirmed failures.
Batch sizingNo explicit maximum number of users is currently enforced. Bulk ban and restrict process users sequentially, so keep operational files reasonably sized to avoid long-running HTTP requests.
08API response for ban and restrict

Bulk Ban and Bulk Restrict use the same response envelope. The actions array reflects the operation attempted for that user.

{
  "results": [
    {
      "userId": "9c28c670-52ef-4303-a849-9bb5d666d366",
      "actions": ["disableDeposit", "disableRedeem"],
      "result": "success",
      "message": "Restriction applied successfully"
    }
  ]
}
09Verification checklist
  • Download and populate the supplied CSV template.
  • Confirm every user ID is a UUID and appears only once.
  • Review the preview count and user details before processing.
  • For bans, double-check the reason because the ban is non-expiring.
  • For restrictions, confirm every selected capability is intended for every user.
  • For notes, confirm the shared text is appropriate for all listed users.
  • Save or review the final result table and investigate failed rows.
  • After a request-level error, verify current user state before retrying.