Skip to content

User management

The central server supports a basic user management system, utilizing roles for access control. Upon first startup on an empty database the server will prompt and allow the unauthenticated user to create an admin user. As soon as this user is created, the server features will only be accessible to this user until more are created.

Roles

The central server supports the following roles:

  • Admin: full access to everything:

    • Create and delete other users.
    • Updated own password and details (users cannot delete themselves)
    • Delete the current license (this renders the server inoperable until a valid license is entered)
    • Everything else the Manager role has access to

  • Manager: full access to the server except for user management and license deletion

    • Manage, create, update, delete scales
    • Execute scale commands (such as zero, tare, request for ASCII reconfiguration, etc.)
    • Change all application settings
    • Update the app license with a new one
    • Everything else the basic user has access to

  • Basic user: limited "read-only" access to the server, represents an user without any role

    • View dashboard & fetch historical information
    • View scale specific historical information and current status (parameter history, weight history, logs, etc.)
    • View application logs

When creating a user as an admin, there is a choice to assign one or more roles, currently these are Admin and Manager. If a user has the Admin role then the Manager role is redundant.

An email may be assigned to each user. This currently does not serve a functional purpose in the server, just for organization.

Users and sessions

When an admin updates another user, their authenticated session will become invalid if any of the fields are changed: username (used to login with), password, or roles. This also includes the case when the admin updates their own account, they will be forced to re-authenticate immediately.

Updating the password of a user requires the old password to be entered. If this password is forgotten, the user must be deleted and re-created.

If there is only one Admin user remaining and its password is forgotten - there is currently no way of recovering the password! There will soon be a special executable in the installation folder that could be used to wipe all users from the database, which would prompt an admin account creation next time the interface is accessed.

The passwords are stored using a one-way secure hashing algorithm, therefore it is not possible to retrieve the original password - only deletion by an authorized user.