3.1. User management

This section explains the general principles how user will be managed in the system. It explains the core concepts that need to be implemented.

IMPORTANT: Please note that when we talk about users, we mean API users. The system is designed around APIs which can then be used to implement user interfaces, or to be directly integrated into third-party systems.

Organisation

An Organisation represents an entity to which users or datasets can be linked to. An organisation can be an operator, MyConnectivity, a Syndic ABC, …

When creating a user other than an Application Administrator, the Administrator has to assign that user to an organisation in order to signal that the user belongs to that specific entity. This is important for two reasons:

We want to know which organisation performed which changes to the vertical cabling database.
Some organisation might receive an account that will allow them to manage their own users. Exact requirements on how such an access can be granted need to be evaluated and decided. (delegated administration)

When a new vertical cabling dataset is produced, this dataset will be assigned to an Organisation. The exact assignment rules will be described in the user stories linked with data production.

User

A user with a role other than Application Administrator, will always belong to exactly one organisation. The organisation to which the user belongs has following implications:

When a user performs an action, it performs the action on behalf of that organisation.
The user is managed by the organisation’s administrators

The exact definition of a dataset and how a dataset is assigned to an organisation will be described in dedicated user stories

Examples

Organisation Administrator

An organisation administrator can only see/manage users that belong to his organisation:

Processes Linked to User Management

Organisation Processes

The creation, modification or deletion of processes for organisations will be a manual one. The Organisations that want to be part of the system will send a request to MyConnectivity (e.g. per e-mail). MyConnectivity will analyse the request and if the request is accepted, MyConnectivity will create the organisation in the System

User Processes

7.1. User management process

Potential future use cases:

The cases described below, are cases that do not exist as of today but might become relevant in the future. These cases will not be implemented as part of a first version of the application.

Fine grade access control

In the future building managers, building owners, and other stakeholders could receive access to the System. In these cases, the users should only be able to access resources they have been assigned to. Such a access limitation could be based on Addresses, but might also be necessary on a Site, Block or Unit level.

A possible implementation of such a restriction could be to create a link “hasAccessTo”, that would link the user to the resources it is allowed to access. If such a relation exists, the system should behave exactly as for any other user, except that it will only return datasets that have been assigned to the user.

1.1. Change log

2.1. Context

2.2. Document purpose and scope

2.3. Targeted audience

3.1. User management

3.2. Roles

4.1. User - Profile management [canceled]

4.2. User - Change password

4.3. User - Manage user secrets [canceled]

4.4. Application Administrator - Create users

4.5. Application Administrator - Update users

4.6. Application Administrator - Delete users

4.7. Application Administrator - Recover users marked for deletion

4.8. Application Administrator - Create access tokens [new]

4.9. Application Administrator - Delete access tokens [new]

4.10. Application Administrator - View audit logs

4.11. Application Administrator - View all data on the platform

4.12. Application Administrator - Restore deleted records

4.13. Application Administrator - Un-reject/approve an approved/rejected record

4.14. Application Administrator - Export all

4.15. Application Administrator - Monitoring

4.16. Application Administrator - Alerting

4.17. Application Administrator - Lightweight Administration Panel

4.18. Application Administrator - Define webhooks [new]

4.19. Organisation Administrator - Create organisation users

4.20. Organisation Administrator - Update organisation users

4.21. Organisation Administrator - Delete organisation users

4.22. Organisation Approver - Recover organisation users marked for deletion

4.23. Organisation Administrator - Create organisation access tokens [new]

4.24. Organisation Administrator - Delete organisation access tokens [new]

4.25. Organisation Administrator - View organisation audit logs

4.26. Organisation Administrator - Un-reject/approve an approved/rejected record lined to organisation

4.27. Organisation Administrator - Restore records deleted by the organisation

4.28. Editor - Create temporary address

4.29. Editor - Create an additional temporary address for an existing site

4.30. Editor - Create an additional temporary address for an existing block

4.31. Editor - Add a site

4.32. Editor - Update a site

4.33. Editor - Delete a site

4.34. Editor - Add a block

4.35. Editor - Update a block

3.36. Editor - Delete a block

4.37. Editor - Add a unit

4.38. Editor - Update a unit

4.39. Editor - Delete a unit

4.40. Editor - Add an equipment

4.41. Editor - Update an equipment

4.42. Editor - Delete an equipment

4.43. Editor - Attach pictures [postponed]

4.44. Editor - Delete Pictures [postponed]

4.45. Editor - Search a site by address

4.46. Editor - Send an update vertical cabling request

4.47. Approver - Approve deleted site request

4.48. Approver - Approve deleted block request

4.49. Approver - Approve deleted unit request

4.50. Approver - Approve deleted equipment request

4.51. Approver - Approve or reject update vertical cabling request

4.52. Organisation Approver - Approve deleted site request for organisation

4.53. Organisation Approver - Approve deleted block request for organisation

4.54. Organisation Approver - Approve deleted unit request for organisation

4.55. Organisation Approver - Approve delete equipment request for organisation

4.56. Organisation Approver - Approve or reject update vertical cabling request for organisation

4.57. Analyst - Access to all data

4.58. Analyst - Querying data

4.59. Analyst - Query historical data

4.60. Analyst - Query audit logs

4.61. Analyst - Export data [to be reviewed]

4.62. Analyst - Integrate external applications [to be reviewed]

4.63. Analyst - Un-reject/approve an approved/rejected record

4.64. Viewer - Search sites/blocks/units/equipments by address

4.65. Viewer - Read single entries by ID

4.66. Viewer - Read different versions of connections

4.67. ETL - Retrieve addresses

4.68. ETL - Create and update addresses

6.1. User management

6.2. Address ingestion

6.3. Versioning, approvals and audit logs

6.4. Data privacy

6.5. Data quality

6.6. Data governance