User Management

User Roles

System Users are assigned roles that determine the kind of operations that can perform. Known roles are:

Group Coordinators

Manage assigned Root Group and any subgroups below it. Primary functions include:

• Create, Update, Delete subgroups below assigned root group
• Set and modify budgets for all subgroups below assigned root group
• Add/Remove people and their associated inventory to assigned root group and all subgroups

Group Leader

Manage assigned sub-group and any subgroups below it. Primary functions are the same as group coordinator except group leaders only have access the subgroup they are assigned and the subgroups below them.

Inventory Administrators

Inventory administrators use the system to manage the assignment of inventory to people in root groups and to record financial transactions against them. Primary functions include:

• Validate the submitted root group lists against defined budget
• Set Root Group budget types and quantities
• Add/Remove people and their associated inventory to all root group and all subgroups below them

FFN Coordinator

Manages FFN subscriptions and associated mail lists , Reports, and FFN related operations.

OCF Membership Coordinator

Manages OCF Membership, subscriptions and associated mail lists , Reports, and Elections related operations.

System Administrator

Full access to all operations and system configurations.

1. The system shall provide a user interface to allows the association of System Users with System User Roles. (add and remove) . Only System Users with a role of System Administrator can modify the roles for other System Users.
2. A System User can more than one Role.

User Authentication

Anyone accessing the system must authenticate using an account name and password. Successful authentication will associate the user with their appropriate role and display the parts of the system relevant to that role.

1. The system shall not allow access to any system functions without establishing a authenticated session via presentation of valid username and password credentials. Any unauthenticated page accesses shall result in immediate redirection to a login page.
2. The system shall provide a user interface that allows system users to present username and password credentials.
3. The system shall provide a password reset mechanism to allow system users to auto-generate a new password and have it emailed to the address defined in their Person record.
4. The system shall provide a user interface to allows the creation of username and passwords for People records that are System Users.

Password Management

1. The system shall enforce the use of strong passwords
2. The system shall store password values as salted hashes - never clear text. The passwords will never be visible to anyone including system administrators. The salt value used by the password will be known only to developers with access to application source code and to OCF management - on request.
3. The system shall provide a user interface that allows system users change their passwords,

Activity Logging

System authentication and data modifications performed by system users will be logged in a query-able data store.

1. The system shall log all authentication operations including
   1. Date and Time
   2. username
   3. success or fail
2. The system shall log all “Write” database operations including
   1. Operation Type (add user, remove inventory, change password etc.)
   2. UID of the user performing he operation
   3. The data elements used to perform the operation

-- JimReed - 08 Jul 2012