User Management
The User Management module is a core component of the UBU Digital Finance Solution, handling all aspects of user accounts, profiles, and access control.
Overview
This module provides comprehensive functionality for managing users within the system, including:
- User registration and profile management
- User activation and deactivation
- User role assignment
- Organizational unit assignment
- User code generation
Features
User Registration
The system supports creating user accounts with the following information:
- Full name
- Email address (must be unique)
- Phone number (must be unique)
- Role assignment
- Organizational unit assignment
When a new user is created:
- A unique user code is automatically generated
- A temporary password is created and sent to the user's email
- The user is assigned to the specified role and organizational unit
- The user account is activated by default
User Profile Management
Users can view and update their profile information, including:
- Full name
- Email address
- Phone number
Administrators can update additional user information, including:
- Role assignment
- Organizational unit assignment
- Account status (active/inactive)
Two-Factor Authentication
The system supports optional two-factor authentication (2FA) for enhanced security:
- Users can enable or disable 2FA for their account
- When 2FA is enabled, users must enter a one-time password (OTP) after password authentication
- OTPs are time-limited and expire after a configurable period
User Status Management
Administrators can activate or deactivate user accounts:
- Active users can log in and access the system
- Inactive users are prevented from logging in
- User status changes are logged for audit purposes
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/user/ |
POST | Create a new user |
/user/profile |
GET | Get current user's profile |
/user/ |
GET | Get all users (admin only) |
/user/{user_id}/two-factor |
PUT | Update two-factor authentication settings |
/user/{user_id} |
GET | Get a specific user's profile |
/user/{user_id} |
PUT | Update a user's information |
/user/{user_id}/status |
PUT | Update a user's active status |
Data Model
The User Management module uses the following database tables:
Users: Stores user account informationUserRole: Maps users to rolesUserOrganizationalUnit: Maps users to organizational units
For detailed schema information, see the Database Schema documentation.
Permissions
The following permissions are related to user management:
| Permission Key | Description |
|---|---|
create_user |
Create new user accounts |
view_users |
View the list of all users |
view_user_profile |
View a specific user's profile |
update_user |
Update user information |
activate_deactivate_user |
Activate or deactivate user accounts |
reset_password |
Reset a user's password |
Implementation Details
User Code Generation
User codes are automatically generated using a custom algorithm that ensures uniqueness. The code format follows a specific pattern and is used for user identification throughout the system.
Password Management
- Initial passwords are automatically generated and sent to users via email
- Passwords are stored as bcrypt hashes, never in plaintext
- Password reset functionality generates a new temporary password
Email Notifications
The system sends email notifications for the following events:
- New user account creation (with temporary password)
- Password reset
- Account status changes