diff --git a/api/v0/get/user_credentials.php b/api/v0/get/user_credentials.php
index 6168639..09e202c 100644
--- a/api/v0/get/user_credentials.php
+++ b/api/v0/get/user_credentials.php
@@ -14,7 +14,6 @@ $stmt->execute([$userkey, $userkey]);
 $user_data = $stmt->fetch();
 //Define User data
 $partnerhierarchy = $user_data['partnerhierarchy'];
-$permission = userRights($user_data['view']);
 $profile= getUserPermissions($pdo, $user_data['id']);
 $username = $user_data['username'];
 $useremail = $user_data['email'];
@@ -22,6 +21,7 @@ $servicekey = $user_data['service'];
 $partner = json_decode($partnerhierarchy);  
 $language = $user_data['language'];
 $clientsecret = $user_data['userkey'];
+$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
 
 //Update Lastlogin
 $logindate = date('Y-m-d H:i:s');
diff --git a/api/v1/get/application.php b/api/v1/get/application.php
index 4504962..0a663ff 100644
--- a/api/v1/get/application.php
+++ b/api/v1/get/application.php
@@ -179,9 +179,9 @@ switch ($action) {
     case 'geolocation':
 
         if ($whereclause == ''){
-            $whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"';
+            $whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
         } else {
-            $whereclause .= ' AND geolocation is not null OR  geolocation != "["",""]';
+            $whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
         }
         $sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';
     
diff --git a/api/v1/get/user_credentials.php b/api/v1/get/user_credentials.php
index f7fa705..082436e 100644
--- a/api/v1/get/user_credentials.php
+++ b/api/v1/get/user_credentials.php
@@ -16,7 +16,6 @@ if ($stmt->rowCount() == 1) {
     $user_data = $stmt->fetch();
     //Define User data
     $partnerhierarchy = $user_data['partnerhierarchy'];
-    $permission = userRights($user_data['view']);
     $profile= getUserPermissions($pdo, $user_data['id']);
     $username = $user_data['username'];
     $useremail = $user_data['email'];
@@ -24,6 +23,7 @@ if ($stmt->rowCount() == 1) {
     $language = $user_data['language'];
     $partner = json_decode($partnerhierarchy);  
     $clientsecret = $user_data['userkey'];
+    $permission = getHierarchyLevel($partner); //upgrade from userrights(view)
 
     //Update Lastlogin
     $logindate = date('Y-m-d H:i:s');
diff --git a/api/v1/post/equipments.php b/api/v1/post/equipments.php
index 198012c..1765a60 100644
--- a/api/v1/post/equipments.php
+++ b/api/v1/post/equipments.php
@@ -217,18 +217,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
 $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
 
 //QUERY AND VERIFY ALLOWED
-if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
+if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
     $sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
     $execute_input[] = $id;
     $stmt = $pdo->prepare($sql);
     $stmt->execute($execute_input);
 } 
-elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
+elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
     $sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
     $stmt = $pdo->prepare($sql);
     $stmt->execute($execute_input);
 }
-elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
+elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
     //delete equipment
     $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
     $stmt->execute([ $id ]);
diff --git a/api/v2/get/application.php b/api/v2/get/application.php
index dd01c42..7fefbc5 100644
--- a/api/v2/get/application.php
+++ b/api/v2/get/application.php
@@ -179,9 +179,9 @@ switch ($action) {
     case 'geolocation':
 
         if ($whereclause == ''){
-            $whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"';
+            $whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
         } else {
-            $whereclause .= ' AND geolocation is not null OR  geolocation != "["",""]';
+            $whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
         }
         $sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';
     
diff --git a/api/v2/get/user_credentials.php b/api/v2/get/user_credentials.php
index d6ccdba..5301ac4 100644
--- a/api/v2/get/user_credentials.php
+++ b/api/v2/get/user_credentials.php
@@ -18,7 +18,6 @@ if ($stmt->rowCount() == 1) {
     $user_data = $stmt->fetch();
     //Define User data
     $partnerhierarchy = $user_data['partnerhierarchy'];
-    $permission = userRights($user_data['view']);
     $profile= getUserPermissions($pdo, $user_data['id']); //getProfile($user_data['settings'],$permission);
     $username = $user_data['username'];
     $useremail = $user_data['email'];
@@ -26,6 +25,7 @@ if ($stmt->rowCount() == 1) {
     $language = $user_data['language'];
     $partner = json_decode($partnerhierarchy);  
     $clientsecret = $user_data['userkey'];
+    $permission = getHierarchyLevel($partner); //upgrade from userrights(view)
 
     //Update Lastlogin
     $logindate = date('Y-m-d H:i:s');
diff --git a/api/v2/post/equipments.php b/api/v2/post/equipments.php
index 9057ddb..bca84a5 100644
--- a/api/v2/post/equipments.php
+++ b/api/v2/post/equipments.php
@@ -224,18 +224,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
 $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
 
 //QUERY AND VERIFY ALLOWED
-if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
+if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
     $sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
     $execute_input[] = $id;
     $stmt = $pdo->prepare($sql);
     $stmt->execute($execute_input);
 } 
-elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
+elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
     $sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
     $stmt = $pdo->prepare($sql);
     $stmt->execute($execute_input);
 }
-elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
+elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
     //delete equipment
     $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
     $stmt->execute([ $id ]);
diff --git a/api/v2/post/user_role_assignments.php b/api/v2/post/user_role_assignments.php
index cd663d9..851ea02 100644
--- a/api/v2/post/user_role_assignments.php
+++ b/api/v2/post/user_role_assignments.php
@@ -17,7 +17,7 @@ $date = date('Y-m-d H:i:s');
 //------------------------------------------
 // BATCH UPDATE - Update all roles for a user
 //------------------------------------------
-if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user_manage',$profile,$permission,'U') === 1){
+if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user',$profile,$permission,'U') === 1){
     $user_id = $post_content['user_id'];
     $selected_roles = $post_content['roles'] ?? [];
 
@@ -48,11 +48,11 @@ if (isset($post_content['batch_update']) && isset($post_content['user_id']) && i
             if ($existing){
                 //Reactivate existing assignment
                 $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
-                $stmt->execute([$username, $date, $username, $date, $existing['rowID']]);
+                $stmt->execute([$username, $date, $username, $date, $$username]);
             } else {
                 //Create new assignment
                 $stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)');
-                $stmt->execute([$user_id, $role_id, $username, $date, $date, $userkey]);
+                $stmt->execute([$user_id, $role_id, $username, $date, $date, $username]);
             }
         }
     }
@@ -105,13 +105,13 @@ else {
     $input_insert = substr($input_insert, 1);
 
     //QUERY AND VERIFY ALLOWED
-    if ($command == 'update' && isAllowed('user_manage',$profile,$permission,'U') === 1){
+    if ($command == 'update' && isAllowed('user',$profile,$permission,'U') === 1){
         $sql = 'UPDATE user_role_assignments SET '.$clause.' WHERE rowID = ?';
         $execute_input[] = $id;
         $stmt = $pdo->prepare($sql);
         $stmt->execute($execute_input);
     }
-    elseif ($command == 'insert' && isAllowed('user_manage',$profile,$permission,'C') === 1){
+    elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
         //Check if this user-role combination already exists (including inactive ones)
         $stmt = $pdo->prepare('SELECT rowID, is_active FROM user_role_assignments WHERE user_id = ? AND role_id = ? LIMIT 1');
         $stmt->execute([$post_content['user_id'], $post_content['role_id']]);
@@ -131,7 +131,7 @@ else {
             $stmt->execute($execute_input);
         }
     }
-    elseif ($command == 'delete' && isAllowed('user_manage',$profile,$permission,'D') === 1){
+    elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
         //Soft delete by setting is_active to 0
         $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
         $stmt->execute([$username, $date, $id]);
diff --git a/api/v2/post/user_roles.php b/api/v2/post/user_roles.php
index da38722..035dff2 100644
--- a/api/v2/post/user_roles.php
+++ b/api/v2/post/user_roles.php
@@ -55,7 +55,7 @@ $clause_insert = substr($clause_insert, 2);
 $input_insert = substr($input_insert, 1);
 
 //QUERY AND VERIFY ALLOWED
-if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U') === 1){
+if ($command == 'update' && isAllowed('user_roles',$profile,$permission,'U') === 1){
     $sql = 'UPDATE user_roles SET '.$clause.' WHERE rowID = ?';
     $execute_input[] = $id;
     $stmt = $pdo->prepare($sql);
@@ -82,7 +82,7 @@ if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U
         }
     }
 }
-elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permission,'C') === 1){
+elseif ($command == 'insert' && isAllowed('user_roles',$profile,$permission,'C') === 1){
     $sql = 'INSERT INTO user_roles ('.$clause_insert.') VALUES ('.$input_insert.')';
     $stmt = $pdo->prepare($sql);
     $stmt->execute($execute_input);
@@ -106,7 +106,7 @@ elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permissio
         }
     }
 }
-elseif ($command == 'delete' && isAllowed('user_role_manage',$profile,$permission,'D') === 1){
+elseif ($command == 'delete' && isAllowed('user_roles',$profile,$permission,'D') === 1){
     //Delete role permissions first (foreign key constraint)
     $stmt = $pdo->prepare('DELETE FROM role_access_permissions WHERE role_id = ?');
     $stmt->execute([$id]);
diff --git a/api/v2/post/users.php b/api/v2/post/users.php
index 175e8f3..c8c1bc2 100644
--- a/api/v2/post/users.php
+++ b/api/v2/post/users.php
@@ -266,10 +266,17 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
         $stmt = $pdo->prepare($sql);
         $stmt->execute($execute_input);
 
+        // Get the new user ID
+        $new_user_id = $pdo->lastInsertId();
+
         //STEP 2- Send to user
         $mail_location = (file_exists($_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php') ? $_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php' : './assets/mail/email_template_new.php');
         include_once $mail_location;
         send_mail($post_content['email'],$subject,$message,'','');
+
+        // Return the new user ID
+        $result = json_encode(['id' => (int)$new_user_id], JSON_UNESCAPED_UNICODE);
+        echo $result;
     } else {
         //------------------------------------------
         //JSON_ENCODE
diff --git a/assets/functions.php b/assets/functions.php
index 27d009e..7fb0d5b 100644
--- a/assets/functions.php
+++ b/assets/functions.php
@@ -1726,6 +1726,7 @@ function getProfile($profile, $permission){
     $always_allowed = [
         'com_log' => 'CRU',
         'application' => 'CRU',
+        'user_roles' => 'R',
         'user_role_assignments' => 'R',
         'user_permissions' => 'R',
         'products_software' => 'R',
@@ -2847,28 +2848,37 @@ function serviceReport($history, $request, $country_code)
 //------------------------------------------
 // LIST PARTNER 
 //------------------------------------------
-function listPartner($partnertype, $user_right, $input, $required)
+function listPartner($partnertype, $user_right = null, $input, $required)
 {
   include dirname(__FILE__,2).'/settings/settings_redirector.php';
 
-//BASED ON USERRIGHT DEFINE SQL AND DATA RETURNED
-if ($user_right != 3 || $user_right !=4) {
-    //NOT ADMIN USER
-    $partner = json_decode($_SESSION['authorization']['partnerhierarchy']);
-    //SoldTo is empty
-    if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
-    //BUILD CONDITION
-    $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+  // Use hierarchy level instead of user_right
+  $partner = json_decode($_SESSION['authorization']['partnerhierarchy']);
+  $hierarchyLevel = getHierarchyLevel($partner);
+
+  // Only apply restrictions if hierarchy level is not 0 or 1
+  if ($hierarchyLevel != 0 && $hierarchyLevel != 1) {
+    // Build condition based on hierarchy
+    $condition = buildHierarchyConditionLvl2($partner, $hierarchyLevel);
     $whereclause = 'AND salesID like ?';
-}
-else {//ADMIN USERS
-      $whereclause = '';
-      }
+  } else {
+    // Level 0 or 1: No restrictions or salesid-only level
+    $whereclause = '';
+    $condition = '';
+  }
 
   $pdo = dbConnect($dbname);
-  $sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
-  $stmt = $pdo->prepare($sql);
-  $stmt->execute([$partnertype, $condition]);
+
+  if ($whereclause != '') {
+    $sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([$partnertype, $condition]);
+  } else {
+    $sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([$partnertype]);
+  }
+
   $partners = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
 if ($input !='' && !empty($input)){
diff --git a/equipment.php b/equipment.php
index e52af6d..126dc18 100644
--- a/equipment.php
+++ b/equipment.php
@@ -461,13 +461,13 @@ $shipto_id = explode("-",$partner_data->shipto) ?? '';
 $partner_users_id = ($shipto_id[0] != '')? $shipto_id[0] : (($soldto_id[0] != '')? $soldto_id[0] : 1);
 
 $view_communication = '';
-if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){
+if ($partner_users_id != 1 && (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1)){
     $view_communication = ' <a href="index.php?page=communications&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_communication.'</a>';
 }
 
 //DISPLAY RELATED USERS
 $view_users ='';
-if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){
+if ($partner_users_id != 1 && (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1)){
     $view_users = ' <a href="index.php?page=users&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_users.'</a>';
 }
 
diff --git a/equipment_manage.php b/equipment_manage.php
index c077f6e..8e8f031 100644
--- a/equipment_manage.php
+++ b/equipment_manage.php
@@ -7,7 +7,7 @@ if (debug && debug_id == $_SESSION['authorization']['id']){
     error_reporting(E_ALL);  
 }
 
-$page = 'equipment_manage';
+$page = 'equipment';
 $page_edit = 'equipment_manage_edit';
 //Check if allowed
 if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
diff --git a/equipments.php b/equipments.php
index 31af2bf..cc999d6 100644
--- a/equipments.php
+++ b/equipments.php
@@ -22,7 +22,7 @@ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authori
     exit;
 }
 //PAGE Security
-$page_manage = 'equipment_manage';
+$page_manage = 'equipment';
 $update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
 $delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
 $create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
diff --git a/equipments_mass_update.php b/equipments_mass_update.php
index 1bbc639..565043e 100644
--- a/equipments_mass_update.php
+++ b/equipments_mass_update.php
@@ -68,8 +68,18 @@ if ($update_allowed === 1){
                 $output_excel[$val]['productname'] = ${$responses->productname} ?? $responses->productname;
                 $output_excel[$val]['order_ref'] = $_POST['order_ref'];
                 $output_excel[$val]['status'] = $_POST['status'];
-                $output_excel[$val]['salesid'] = $_POST['salesid'];
-                $output_excel[$val]['soldto'] = $_POST['soldto'];
+
+                // Only include salesid/soldto if form fields were visible (hierarchy 0-1)
+                $hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+                if ($hierarchyLevel == 0 || $hierarchyLevel == 1) {
+                    if (isset($_POST['salesid'])) {
+                        $output_excel[$val]['salesid'] = $_POST['salesid'];
+                    }
+                    if (isset($_POST['soldto'])) {
+                        $output_excel[$val]['soldto'] = $_POST['soldto'];
+                    }
+                }
+
                 if (!empty($_POST['shipto']) || $_POST['shipto'] !=''){
                     $output_excel[$val]['shipto'] = $_POST['shipto'];
                 }
@@ -202,7 +212,9 @@ $view .='<div class="content-block">
             <div class="form responsive-width-100" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px;">';
 
 // SHOW SALESID and SOLDTO ONLY TO ADMIN
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $view .='<div>
                     <label for="salesid">'.$general_salesid.'</label>
                     '.$salesid_dropdown.'
@@ -227,7 +239,7 @@ $view .='    <div>
             <div>
                 <label for="status">'.$equipment_label3.'</label>
                 <select id="status" name="status" required>';
-                        if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+                        if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
                                                 $view .= '<option value="0">'.$status0_text .'</option>
                                                         <option value="1">'.$status1_text .'</option>
                                                         <option value="2">'.$status2_text .'</option>';
diff --git a/index.php b/index.php
index 0a7f799..7792cb9 100644
--- a/index.php
+++ b/index.php
@@ -29,16 +29,23 @@ include_once dirname(__FILE__).'/settings/countries.php';
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 //GET USER PERMISSION ASSIGNED
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-if (!isset($_SESSION['authorization']['id'])){
+if (!isset($_SESSION['authorization']['id']) && isset($_SESSION['authorization']['userkey'])){
 
     $api_url = '/v2/user_permissions/userkey='.$_SESSION['authorization']['userkey'];
     $responses = ioServer($api_url,'');
     //Decode Payload
     if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
-    
+
     //STORE DATA IN SESSION
-    foreach($responses as $key => $value){
-        $_SESSION['authorization'][$key] = $value;
+    if (is_array($responses) && !isset($responses['error_code'])) {
+        foreach($responses as $key => $value){
+            $_SESSION['authorization'][$key] = $value;
+        }
+    } else {
+        // API call failed or returned error - redirect to login with error message
+        session_destroy();
+        header('location: login.php?error=session_expired');
+        die();
     }
 }
 
diff --git a/login.php b/login.php
index db5d90b..64c0d34 100644
--- a/login.php
+++ b/login.php
@@ -53,6 +53,11 @@ $username = $password = '';
 $username_err = $password_err = '';
 $retry = 0;
 
+// Check for error parameter from redirects
+if (isset($_GET['error']) && $_GET['error'] === 'session_expired') {
+    $password_err = $password_err_2 ?? 'Session expired or invalid. Please login again.';
+}
+
 // Process submitted form data
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
diff --git a/partner.php b/partner.php
index 4ef20c9..ff1cddf 100644
--- a/partner.php
+++ b/partner.php
@@ -123,6 +123,8 @@ $view .= '<div class="tabs">
          </div>';
 
 //Define Service and partner enabled
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
 $view .= '<div class="content-block tab-content active">
             <div class="form responsive-width-100">
                 <label for="status">'.$partner_status.'</label>
@@ -138,7 +140,7 @@ $view .= '<div class="content-block tab-content active">
                 <label for="partnertype">'.$partner_partnertype.'</label>
                 <select id="partnertype" name="partnertype" required>
                 ';
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4 ){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
 $view .= '          <option value="'.$partnertype1.'" '.($partner['partnertype']== $partnertype1?' selected':'').'>'.$partnertype1.'</option>
                     <option value="'.$partnertype2.'" '.($partner['partnertype']== $partnertype2?' selected':'').'>'.$partnertype2.'</option>';
 }
@@ -171,7 +173,7 @@ $view .= '<div class="tabs">
 $view .= '<div class="content-block tab-content">
             <div class="form responsive-width-100">
 ';
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $view .= '<label for="status">'.$general_salesid.'</label>';
     $view .= $salesid_dropdown;   
 }
diff --git a/user.php b/user.php
index 65b1504..54c12d3 100644
--- a/user.php
+++ b/user.php
@@ -13,6 +13,8 @@ include_once './settings/settings_redirector.php';
 //SET ORIGIN FOR NAVIGATION
 $_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI'];
 
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
 $page = 'user';
 //Check if allowed
 if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
@@ -21,10 +23,9 @@ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authori
 }
 
 //PAGE Security
-$page_manage = 'user_manage';
 $update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
-$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
-$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
+$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
+$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
 
 //GET Details from URL
 $user_ID = $_GET['id'] ?? '';
@@ -438,10 +439,10 @@ $view .= '</span>
                                 <option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option>
                                 <option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>';
 
-if ($_SESSION['authorization']['permission'] == 3){
+if ($hierarchyLevel == 1){
     $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>';
 }
-if ($_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0){
     $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>
               <option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>';
 }
@@ -454,7 +455,8 @@ $view .= '              </select>
                         <td>
                             <span class="view-mode" style="'.$view_style.'">'.($user->settings ?? '-').'</span>';
 
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $view .= '<select class="edit-mode" name="settings" style="'.$edit_style.'">
                 <option value="">-</option>';
     foreach ($all_profiles as $profile) {
@@ -491,7 +493,7 @@ $view .= '<div class="content-block">
             <div class="table order-table">
                 <table>';
 
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', '');
     $soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', '');
 
@@ -561,7 +563,7 @@ if (!$is_new_user) {
                     <td>
                         <span class="view-mode">'.$user->login_count.'</span>';
 
-    if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+    if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
         $view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">';
     } else {
         $view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">';
diff --git a/users.php b/users.php
index 5cff75a..c78f55d 100644
--- a/users.php
+++ b/users.php
@@ -133,8 +133,6 @@ $view .= '
                     <th class="responsive-hidden">'.$User_service.'</th>
                     <th>'.$User_username.'</th>
                     <th>'.$User_partnerhierarchy.'</th>
-                    <th>'.$User_permission.'</th>
-                    <th>'.$User_profile.'</th>
                     <th class="responsive-hidden">'.$User_lastlogin.'</th>
                 </tr>
             </thead>
@@ -164,8 +162,6 @@ $view .= '
                     <td class="responsive-hidden">'.(($response->service &&  $response->service !='')? '<span class="status enabled">'.$enabled:'<span class="status">'.$disabled).'</td>
                     <td>'.$response->username.'</td>
                     <td>'.$partner_hierarchy.'</td>
-                    <td>'.$$permission_user.'</td>
-                    <td>'.$response->settings.'</td>
                     <td class="responsive-hidden">'.getRelativeTime($response->lastlogin).'</td>
                 </tr>
                 ';