User Management
The User Management module allows administrators to create, configure, and oversee user accounts within the system. It is the central hub for identity management and role assignment.
Access
To access this module, navigate to System > IAM > User Management.
- Required Permission:
System:User:List
User Attributes
Each user profile consists of the following key attributes:
| Attribute | Description |
|---|---|
| Username | Unique identifier used for login. Cannot be duplicate. |
| Real Name | The user's full display name. |
| Role | Determines the user's permissions and access level (e.g., Admin, Accountant). A user can have multiple roles. |
| Department | The organizational unit the user belongs to. Used for reporting and data segregation. |
| Status | Enabled: User can log in. Disabled: User is blocked from logging in. |
| Home Path | The default page the user is redirected to after a successful login (e.g., /dashboard/analytics). |
| MFA Status | Indicates whether the user has enabled Multi-Factor Authentication (2FA). |
| Locked Until | If present, indicates the account is temporarily locked due to excessive failed login attempts. |
Operations
Creating a User
- Permission:
System:User:Create - Click the Create button in the toolbar.
- Default Password: New users are created with the default password
123456. They should be instructed to change this immediately upon their first login.
Editing a User
- Permission:
System:User:Update - Click the Edit (pencil) icon in the operations column.
- Administrators can update all attributes, including assigning new Roles or Departments.
- Self-Service: Users can edit their own Real Name and Home Path via their Profile page, but cannot change their own Role or Status.
Deleting a User
- Permission:
System:User:Delete - Click the Delete (trash can) icon.
- Safeguard: You cannot delete your own account while logged in.
- Soft Delete: Users are "soft deleted" (marked as inactive in the database) to preserve audit trails.
Impersonation
- Permission:
System:Auth:Impersonate - Purpose: Allows an administrator to log in as a specific user to reproduce bugs or verify permissions.
- How to use:
- Select a user from the list.
- Click the Impersonate button (or "Quick Impersonate" from the toolbar).
- You will be instantly logged in as that user without needing their password.
- Exiting: To return to your admin account, click the Exit Impersonation button in the top navigation bar.
Security Features
Account Locking
To prevent brute-force attacks, the system automatically locks an account after 5 failed login attempts.
- The lock duration is temporary (typically 15-30 minutes).
- The "Locked Until" column in the user list shows when the account will automatically unlock.
Session Management
Administrators can view and revoke active sessions for any user via System > Operations > Session Management. This is useful if a device is lost or compromised.