User Management
The User Management module handles user authentication, authorization, and role-based access control (RBAC) within PulseCRM.
Overview
This module provides:
- User authentication and authorization
- Role-based access control (RBAC)
- User-account relationships
- Permission management
Core Components
Key Tables
users
Primary table for user information:
- id: Primary key
- email: User email (unique)
- password_hash: Encrypted password
- active: Account status
- created_at: Creation timestamp
- updated_at: Last update timestamp
roles
Defines user roles in the system:
- id: Primary key
- name: Role name
- description: Role description
- permissions: Array of permissions
- created_at: Creation timestamp
permissions
System permissions catalog:
- id: Primary key
- name: Permission identifier
- description: Permission description
- category: Permission category
- created_at: Creation timestamp
Features
Authentication
- Email/password authentication
- Token-based session management
- Password policy enforcement
- Multi-factor authentication
- Session management
Authorization
- Role-based access control
- Permission management
- Access level hierarchy
- Feature access control
- Resource permissions
User Management
- User creation and setup
- Profile management
- Account associations
- Status management
- Activity tracking
Role Management
- Role definition
- Permission assignment
- Role hierarchy
- Custom roles
- Role templates
API Endpoints
Authentication
Login
POST /api/auth/login
Request body:
{
"email": "string",
"password": "string",
"mfaToken": "string (optional)"
}
Response:
{
"token": "string",
"user": {
"id": "string",
"email": "string",
"roles": ["string"],
"permissions": ["string"]
},
"expiresAt": "string"
}
Session Validation
GET /api/auth/session
Returns current session information.
User Management
Create User
POST /api/users
Request body:
{
"email": "string",
"password": "string",
"roles": ["string"],
"accounts": [{
"accountId": "string",
"isPrimary": "boolean"
}]
}
Update User
PUT /api/users/{email}
Update user information:
{
"active": "boolean",
"roles": ["string"],
"accounts": ["string"]
}
Role Management
List Roles
GET /api/roles
Returns available roles and their permissions.
Create Role
POST /api/roles
Create new role:
{
"name": "string",
"description": "string",
"permissions": ["string"],
"inheritsFrom": ["string"]
}
User Types
System Administrator
- Full system access
- User management
- System configuration
- Security management
Account Administrator
- Account-level management
- User assignment
- Role management
- Account configuration
Standard User
- Feature access based on role
- Limited management capabilities
- Account-specific access
- Basic user features
API User
- API access
- Limited system access
- Integration capabilities
- Monitored usage
Best Practices
-
User Management
- Strong password policies
- Regular access reviews
- Activity monitoring
- Session management
-
Role Configuration
- Least privilege principle
- Clear role definitions
- Regular role audits
- Permission documentation
-
Security
- MFA enforcement
- Session timeouts
- Access logging
- Regular audits
-
Compliance
- Data protection
- Access controls
- Audit trails
- Policy enforcement
Integration Points
Account Management
- User-account relationships
- Account-level permissions
- Access hierarchies
- Resource sharing
API & Integration
- API authentication
- Token management
- Integration permissions
- Access control
Audit Logging
- User activities
- Permission changes
- Access attempts
- Security events
Security Features
Password Security
- Minimum length requirements
- Complexity rules
- History tracking
- Expiration policies
Session Management
- Token-based authentication
- Session timeouts
- Concurrent session limits
- IP tracking
Access Control
- Role-based permissions
- Resource-level access
- IP restrictions
- Time-based access
Audit Logging
- Login attempts
- Permission changes
- Critical actions
- Security events