User management is a critical component of any software system, involving the administration of user accounts, roles, permissions, and authentication mechanisms. It ensures that users have the appropriate access to system resources and functionality while maintaining security and compliance.
Below are some important points for User Management -
Assign Users to Root Tenants: All the users(CITIZEN/EMPLOYEE) get created at the root tenant level, ensuring that user data is scoped to the tenant.
Manage User Roles within a Tenant: Allow for managing user roles specific to each root tenant or sub-tenant. This will ensure that the user is restricted from doing the transactions in other tenants for which the user does not have access
Standardized Roles: We will have the predefined roles below.
CITIZEN (Will have access at root tenant level)
EMPLOYEE (Will have the access at subtenant level)
ADMIN (Can do everything within root tenant and subtenant)
SUPERADMIN (Only allowed to do tenant operations and the permissions cannot be edited)
USER (user role can perform operations on its data. Example: profile update)
Users can sign up for accounts themselves, typically used for public-facing systems where end-users (e.g., citizens) need access. Self-register users will get only the “CITIZEN” role
Self-user registration is a two-step process
Create the user an active flag as “False”
Activate the user by verifying the email/mobile number
Implement an API for admins to create users with various roles (Citizen/Employee/Admin). This should include input fields for user details and role selection.
Develop functionality to block a user. Blocking should prevent the user from logging in and accessing any system resources.
Admin will select the user
Admin performs block action for the user
Block action will call the user/_block API
Update the status of the user from Active to Blocked
Publish an event on the queue. This can be used if a notification needs to be sent to the user
Allow admins to unlock previously blocked users.
Admin will select the user
Admin performs block action for the user
Unblock action will call the user/_unblock API
Update the status of the user from Blocked to Active
Publish an event on the queue. This can be used if a notification needs to be sent to the user
Provide an admin interface to change user passwords. Ensure that passwords meet security guidelines.
Implement functionality to delete users. Ensure that this operation securely removes user data or marks it for deletion.
Admin will select the user
Admin performs delete action for the user
Delete action will call the user/_delete API
Update the status of the user from AnyStatus to Deleted
Publish an event on the queue. This can be used if a notification needs to be sent to the user
Allow admins to assign additional roles and tenants to users. This should include validation to prevent conflicts or over-privileged roles.
Provide functionality to remove roles and tenant associations from users.
Enable admins to map specific roles to users, defining their permissions within the system.
Implement functionality to remove specific roles from users.