Use
Case: Executive, UserAdmin Package: Modify_UserInfo
User information may have to be updated or modified. A user is
allowed to change her/his own non-restricted data
(i.e. affiliation, address and password) while only an
administrator can modify restricted data such as name and
group.
As an API to change information exists, implementation security
issues may be present and should be considered e.g. by verifying
that only allowed fields have been changed.
What is the interface for the input? GUI?
Command line? or Both?
Goal: Modify user information in
the database.
Contact Author: P. Grosbol
Role(s)/Actor(s):
Primary:
- Administrator, with special privileges to modify user information.
- User, can modify only non-restricted data fields.
Secondary:
- Database with user information.
- Archive, receives transaction log?
Priority:
Major
Performance:
On the order of seconds
Frequency of Use:
A few times per week
Preconditions:
- Database with AlmaUser information is available.
Basic
Course:
- User/administrator logs into the system and gets authenticated.
- Depending on if it's a user or an administrator, different
privileges are granted i.e. a normal user can only modify
standard fields of s/he own information while an administrator
can modify any information.
- The user information is shown (in the case of a normal user it
will always be their own whereas an administrator can select the
user for which data have to be modified. Password information
is blanked out.
- User/administrator modifies the data. For password changes, a
confirmation is required.
- The modified information is saved in the database.
- User/administrator logs out.
- Alternative Course:
- Administrator fails the authentication.
- The processing is terminated.
Postconditions:
- Modified information on an AlmaUser is stored in the database.
- A transaction log is saved.
Issues
to be Determined or Resolved:
- none at this time
Last modified: 19sep03