Users and Roles
A robust user role and permission management system, empowering administrators to control user access and capabilities.
A robust user role and permission management system, empowering administrators to control user access and capabilities.
The ComUnity Toolkit empowers project administrators with a robust and intuitive user role and permission management system, designed to streamline project governance and enhance security. With this feature, administrators can easily control the actions individual users can perform on specific data entities, based on predefined permission rules.
At the core of this functionality is the Data model, which serves as the foundation for permission control within entities. When users register in your application, their default user role is set as User. However, project administrators have the flexibility to customise user access and capabilities by assigning them to one of the three default user roles: Administrator, Staff, or User. Moreover, the ComUnity Toolkit provides the capability for administrators to define custom user roles to cater to specific project requirements.
Each role, whether default or custom, provides a starting point for permissions. However, the specific permissions for each role are configured and customised using the Table Security feature. This allows project administrators to have granular control over user access at the entity level. With Table Security, you can define and manage permissions for specific entities within your project. By selecting from a list of supported roles and customising the CRUD permissions (Create, Read, Update, Delete) for individual entities, you can finely tune the access and actions that users can perform, enhancing security and control.
Additionally, the user management utility in the ComUnity Toolkit allows administrators to delete users and reset user passwords. This ensures efficient management of user accounts and enhances security protocols within your project.
By leveraging the Data model, supported roles, Table Security, and the user management utility, you can effectively manage user permissions, account deletion, and password resets to align precisely with your project's specific requirements. This flexibility empowers you to grant or restrict access at both the data and entity levels, ensuring that users have the appropriate access and capabilities within your project while maintaining data integrity and security. Whether utilising the default user roles or creating custom roles, the ComUnity Toolkit offers a comprehensive permission control system to meet the diverse needs of your project.
The Manage Users section provides a comprehensive set of instructions on how to effectively manage user accounts within the ComUnity Toolkit. As a project administrator, you have the ability to view users, delete user accounts, and reset passwords, empowering you to maintain control over user access and enhance security protocols.
To effectively manage users in your project, follow these steps:
Open your project in the Toolkit and then select the Users & Roles tab in the sidebar.
Within the Users & Roles tab, you will find three sub-tabs: Users, Roles, and Credentials. The initial tab labelled as Users, shows a comprehensive list of all registered users in your application, if any exist.
To delete a user, locate the user in the list and click on the trash icon or delete button associated with that user - functionality currently disables.
To add a new user role to an existing user, locate the user in the list a, click on the green plus icon. This will open a modal where you can assign user roles.
Select the appropriate role for the new user from the available options.
It's important to note that a user can have multiple roles, granting them different levels of access and permissions within your project.
Throughout the process, you will find helpful tooltips associated with each button, providing a brief description of their functions. This ensures a seamless user experience and helps you navigate the user management system with ease.
By following these steps, you will be able to efficiently manage users, assign roles, and maintain control over user access and permissions within your project.
In the ComUnity Toolkit, you have full control over managing user roles to precisely define access and permissions for different users within your project. By default, the Toolkit provides three pre-defined roles: Administrator, Staff, and User.
Here's a step-by-step guide on how to manage user roles:
Open your project in the Toolkit and navigate to Project Settings then select the Users & Roles tab then navigate to the Roles tab.
On the Roles tab, you will find the default roles listed, including Administrator, Staff, and User.
To add a custom role, locate and click the Add Role button.
A dialog box will appear, allowing you to enter the name of the new role.
If you need to remove an existing role, click on the corresponding delete icon next to the role you wish to delete.
A confirmation prompt will appear, ensuring you want to proceed with the deletion. Confirm the action if you are certain about removing the role.
By managing user roles effectively, you can precisely define the access privileges and permissions granted to different users, allowing for efficient project governance and enhanced security.
The ability to create custom roles enables you to tailor user access and permissions to meet the specific requirements of your project, ensuring a personalised and secure user experience.
Authentication in ComUnity Development Toolkit is an integrated service which provides functionality to create and manage user accounts/profiles, securely store personal user data(passwords and emails) and also to validate and verify user credentials when users access resources in your applications. In the ComUnity Toolkit, user registration and authentication are handled by two entities: Auth and UserProfile. The Auth entity is responsible for managing authentication-related properties such as AuthId, CellNumber, Password, NewPassword, ConfirmPassword, Name, Surname, and OTP. On the other hand, the UserProfile entity focuses on user profile information, including properties like Id, Cell, Name, Surname, Email, StreetAddress, ContactByEmail, ContactByPush, and Photo.
To ensure secure authentication and user data management, the ComUnity Toolkit follows best engineering practices. It leverages technologies such as JSON Web Tokens (JWT) for authentication, which provide a secure and efficient method for verifying user identity. Additionally, all user data stored within the UserProfile entity is encrypted to protect sensitive information and maintain data integrity.
By utilising these technologies and implementing strong security measures, the ComUnity Toolkit ensures that user registration and authentication processes are robust and follow industry-standard practices. This approach safeguards user privacy and helps maintain a secure environment for user interactions within the toolkit.
When you build your projects in the ComUnity Development Toolkit, the system will create a fully featured authentication service which can be visualised and customised through specific data entities and their corresponding editing pages.
In the ComUnity Development Toolkit, you have the flexibility to configure custom Rule Sets for validating authentication credentials. These Rule Sets are enforced during Server Side Form Validation when receiving HTTP requests from the client. This feature allows you to define specific validation rules and customise error messages for authentication credential validation failures.
To configure Rule Sets for authentication validation, follow these steps:
Open your project in the Toolkit and navigate to Project Settings then select the Users & Roles tab then navigate to the Credentials tab.
Here, you will find a preselected list of authentication credentials, such as Cell, Email, and Plain.
To add more credentials, locate and click the Add Rule Set button.
Select a credential from the list to configure its authentication validation rules as as configuration properties.
LoginMinLength: Specifies the minimum number of characters required in a valid username (account name, email address, or mobile number) used during authentication.
LoginMinLengthMessage: Defines a custom error message to display when the LoginMinLength check fails.
PasswordMinLength: Specifies the minimum length of the plain text password (before encryption).
PasswordMinLengthMessage: Defines a custom error message to display when the PasswordMinLength is invalid.
PasswordMinCapitalLetterCount: Specifies the minimum number of capital letter characters required in a valid password.
PasswordMinCapitalLetterCountMessage: Defines a custom error message to display when the PasswordMinCapitalLetterCount rule is broken.
PasswordMinSmallLetterCount: Specifies the minimum number of lowercase letter characters required in a valid password.
PasswordMinSmallLetterCountMessage: Defines a custom error message to display when the PasswordMinSmallLetterCount rule is broken.
PasswordMinNumericCount: Specifies the minimum number of digits required in a valid password.
PasswordMinNumericCountMessage: Defines a custom error message to display when the PasswordMinNumericCount rule is broken.
PasswordMinNonalphanumericCount: Specifies the minimum number of non-alphanumeric characters required in a valid password.
PasswordMinNonalphanumericCountMessage: Defines a custom error message to display when the PasswordMinNonalphanumericCount rule is broken.
PasswordReuseProhibitCount: Specifies the number of times a user can change their password before they are allowed to reuse a previous password.
PasswordLifetimeDays: Specifies the lifetime of a valid password credential in days.
PasswordLifetimeDaysMessage: Defines a custom error message to display when the PasswordLifetimeDays has expired.
MaxFailedLogins: Specifies the maximum number of failed login attempts permitted before a user account is locked.
PinSlidingWindowSecsMessage: Defines a custom error message to display when the authenticated session is invalid due to the expiration of the PinSlidingWindowSecs window.
PasswordIntruderDelaySecs: Specifies the time in seconds a user has to wait between two successive login attempts in case of suspicious login activity.
PasswordIntruderDelaySecsMessage: Defines a custom error message to display when login fails due to enforced delay between successive login attempts by platform intruder detection.
PinRequiredMessage: Specifies a custom error message to display on the client, indicating that a One Time Password (OTP) is required.
SmsPinRazorTemplate: Allows you to create an SMS template for sending One Time Passwords (OTP) using Razor Pages.
DisableAutoRegistration: Disables the automatic creation of a default UserProfile record when logging in for the first time.
By configuring these Rule Sets, you can ensure that authentication credentials adhere to the defined validation rules and enhance the security of your application.