System administration is a common requirement in many of the systems. This includes user authentication to authorization management to content within a system. There are set of commonly used functions within an legacy administrative module for authentication and authorization such as;
- Maintenance of user authentication credentials within the system in traditional systems.
- System has to maintain critical information of the user and maintain them such as passwords.
- User has to maintain a profile with the system; in other words user has to register on the system.
- To avoid the hassle of remembering password for multiple number of systems, Identity Delegation and Federated Authentication is used instead of maintaining credentials locally.
- In Federated Authentication, third party openID enabled service will be used to authenticate user where the system (Resource Owner) does not need to maintain password and login credentials locally.
2. Authentication Rules
- This will be maintaining reusable profiles for user authentication where they could be assigned to each user.
- This is required in legacy user authentication models.
- This will not be required when used federated authentication where the openID enabled authentication service provider will have to implement authentication rules since login credentials are maintained with them.
- Maintain Roles within the system
- E.g.:- Administrator, Financial Controller, Manager, Data Entry Operator etc.
- Keep track on which user has access to which role.
- This should be a function allowed to system administration personal.
- This will represent the highest node in the system hierarchy.
- E.g.:- If a corporate with multiple subsidiaries, this will be the corporate.
- This will maintain details of subsidiaries or divisions or department details under Organization.
- Maintains main modules of the system.
- Each module will attach to the Organization where it could be consumed by multiple business units.
- E.g.:- General Finance, Administration, Operations etc.
- Maintains each user interface listed under the module
- E.g.:- Tax data entry interface, Journal entry interface under General Finance Module
- Grouping of the above interfaces to increase accessability
- E.g.:- Content authorization management activities under ‘Authorization’ group
- List of data fields within an interface
- E.g:- Tax Type, Rate on Tax data entry interface
- This could be enable as an automated process where list of data fields as maintained within an excel sheet and they sync with the system when required to enhance maintainability.
Above master information will be mapped to each User Authorization on specific business unit where the user could select the business unit upon login to the system as below.
11. User – User Role – Module Mapping
- Map ‘User – User Role’ authorizing structure with selected Module for selected ‘Business Unit’.
- When this feature is enabled, access is granted at Module level where user has full access on all Interface and Interface Fields.
12. User – User Role – Interface Mapping
- Map ‘User – User Role’ authorizing structure with selected Interface for selected ‘Business Unit’.
- When this feature is enabled, access is granted at Interface level where user has full access on a selected Interface and Interface Fields.
13. User – User Role – Interface Fields Mapping
- Map ‘User – User Role’ authorizing structure with selected Interface Field for selected ‘Business Unit’.
- When this feature is enabled, access could be controlled at data field level where critical data fields could be grant / revoke for selected ‘User – User Role’ authorizing structure.
All functionalities (modules) attached and authorized to the user could be generated dynamically upon user authorization.
High-level data flow could be elaborated as below;
Common Validations and Security
This could be maintained at higher level of class hierarchy and override on sub level as and when required.
- Numbers cannot be minus.
- Characters could not be submitted on Numeric fields.
- Standard date format for whole system (could be configurable on property file)
- For session validation, following session attributes are required to be existing upon new resource request from the server.
- LOGGER_KEY_SECURED (specific user credential with cryptographically secured value stored on a session cookie at client side)
- If session is not validated, it be redirected to the index by clearing session and cache data.
- Delete, Update operations must be altered before proceeding.
Database Design
The following illustrates the database Entity Relationship Model of the module.
Detail standard table descriptions are elaborated in below.
- ORGANIZATION
| Field name | data type | length | key | is null | default |
| o_id | int | – | pk | false | – |
| name | varchar | 512 | unique | false | – |
| description | varchar | 2048 | – | true | – |
| reg_no | varchar | 256 | unique | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
- BUSINESS_UNIT
| Field name | data type | length | key | is null | default |
| bu_id | int | – | pk | false | – |
| name | varchar | 512 | unique | false | – |
| display_name | varchar | 512 | unique | false | – |
| description | varchar | 2048 | – | true | – |
| reg_no | varchar | 256 | unique | true | – |
| address_1 | varchar | 1024 | – | true | – |
| address_2 | varchar | 1024 | – | true | – |
| address_3 | varchar | 1024 | – | true | – |
| address_4 | varchar | 1024 | – | true | – |
| contact_Number_1 | varchar | 16 | – | true | – |
| contact_number_2 | varchar | 16 | – | true | – |
| fax_number_1 | varchar | 16 | – | true | – |
| fax_number_2 | varchar | 16 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| o_id | int | – | fk | false | – |
- AUTH_RULES
This table will not be required when using a federated or delegated user authentication mechanism since the password profiles of the user are maintained by the federated or delegated identity service provider such as google, facebook, linkedin etc.
| Field name | data type | length | key | is null | default |
| ar_id | int | – | pk | false | – |
| profile_name | varchar | 256 | unique | false | – |
| password_valid_period | int | – | – | false | – |
| password_grace_period | int | – | – | false | – |
| maximum_login_attempts | int | – | – | false | – |
| password_length | int | – | – | false | – |
| number_of_capitals | int | – | – | false | – |
| number_of_symbols | int | – | – | false | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
- USER
When using a federated or delegated authentication solution, the pass_word and ar_id fields which refer to the authentication features of the user are not required on the user table. Instead of those fields, it may required to add token values which are used to validate single sign on session of the user with the federated or delegated authentication service provider.
| Field name | data type | length | key | is null | default |
| u_id | int | – | PK | false | – |
| user_name | varchar | 256 | unique | false | – |
| pass_word | varchar | 256 | – | false | – |
| first_name | varchar | 512 | – | false | – |
| last_name | varchar | 512 | – | true | – |
| contact_email | varchar | 256 | unique | true | – |
| contact_number | varchar | 16 | – | true | – |
| description | varchar | 2048 | – | true | – |
| login_attempts | int | – | – | true | 0 |
| restrict_times | int | – | – | true | 0 |
| date_last_logged | date | – | – | true | current date (logged) |
| time_last_logged | time | – | – | true | current time (logged) |
| date_last_password_change | date | – | – | true | password change date |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| ar_id | int | – | fk | false | – |
- USER_ROLE
| Field name | data type | length | key | is null | default |
| ur_id | int | – | pk | false | – |
| name | varchar | 256 | unique | false | – |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
- USER_USERROLE
| Field name | data type | length | key | is null | default |
| uur_id | int | – | pk | false | – |
| u_id | int | – | UNIQUE / Composite | false | – |
| ur_id | int | – | false | – | |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
- USER_LOG
| Field name | data type | length | key | is null | default |
| ul_id | int | – | pk | false | – |
| log_type | varchar | 64 | – | false | – |
| time | time | – | – | false | – |
| date | date | – | – | false | – |
| uur_id | int | – | fk | false | – |
- MODULE
| Field name | data type | length | key | is null | default |
| m_id | int | – | pk | false | – |
| title | varchar | 256 | unique | false | – |
| display_title | varchar | 256 | – | false | – |
| description | varchar | 2048 | – | true | – |
| base_url | varchar | 2048 | unique | false | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| o_id | int | – | fk | false | – |
- INTERFACE_GROUP
| Field name | data type | length | key | is null | default |
| ig_id | int | – | pk | false | – |
| title | varchar | 256 | unique | false | – |
| display_title | varchar | 256 | – | false | – |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| m_id | int | – | fk | false | – |
- INTERFACE
| Field name | data type | length | key | is null | default |
| i_id | int | – | pk | false | – |
| title | varchar | 256 | unique | false | – |
| display_title | varchar | 256 | – | false | – |
| node_url | varchar | 64 | unique | false | – |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| ig_id | int | – | fk | false | – |
- INTERFACE_FIELD
| Field name | data type | length | key | is null | default |
| if_id | int | – | pk | false | – |
| form_id | varchar | 256 | unique / CK | false | – |
| i_id | int | – | false | – | |
| is_mandatory | BOOLEAN | – | – | FALSE | false |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
- USERROLE_MODULE
| Field name | data type | length | key | is null | default |
| urm_id | int | – | pk | false | – |
| ur_id |
int | – | Unique / ck | false | – |
| m_id | int | – | false | – | |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| bu_id | int | – | fk | false | – |
- USERROLE_INTERFACE
| Field name | data type | length | key | is null | default |
| uri_id | int | – | pk | false | – |
| ur_id | int | – | Unique / ck | false | – |
| i_id | int | – | false | – | |
| create_granted | boolean | – | – | false | false |
| edit_granted | boolean | – | – | false | false |
| delete_granted | boolean | – | – | false | false |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| bu_id | int | – | fk | false | – |
- USERROLE_INTERFACEFIELD
| Field name | data type | length | key | is null | default |
| urif_id | int | – | pk | false | – |
| ur_id | int | – | Unique / ck | false | – |
| if_id | int | – | false | – | |
| is_visible | Boolean | – | – | false | true |
| is_editable | boolean | – | – | false | true |
| description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| status | int | – | – | true | 1 |
| bu_id | int | – | fk | false | – |
- MODULE_INTERFACE_FIELD_LOG
| Field name | data type | length | key | is null | default |
| mifl_id | int | – | pk | false | – |
| update_description | varchar | 2048 | – | true | – |
| date_created | date | – | – | true | current date |
| time_created | time | – | – | true | current time |
| date_modified | date | – | – | true | current date |
| time_modified | time | – | – | true | current time |
| created_by | varchar | 256 | – | true | current user |
| modified_by | varchar | 256 | – | true | current user |
| uur_id | int | – | fk | false | – |
| if_id | int | – | fk | false | – |
| bu_id | int | – | fk | false | – |
UI/UX Design
- Organization
Description – This will be a basic interface where the user will required to input following basic fields.
Input – Name, Registration No, Description, Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – ORGANIZATION
- Business Unit
Description – Business Units under the Organization will be added via this interface.
Input – Organization (List Box with Organizations), Name (System purpose – technical), Dispalay Name (Display purpose – non technical), Registration No, Address Field (Expandable up to 4 lines), Contat Details (Expandable up to 2 lines), Fax Details (Expandable up to 2 lines), Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – BUSINESS_UNIT
- Authentication Rules (Not required in Federated Authentication)
Description – Basic interface to enter authentication profiles of users
Input – Profile Name, Password Length, Password Valid Period, Password Grace Period, Max Login Attempts, Number of Caps, Numbers of Symbols, Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – AUTH_RULE
- User
Description – This will be a basic interface to enter user details
Input – Authentication Profile (List box of Auth Profiles if delegated identity is not used), Username, Password (if delegated identity is not used), First Name, Last Name, Email, Contact Number, Description, Login Attempts (Read only – Manage by system), Restricted Attempts (Read only – Manage by system), Date-Time Last Logged (Read only – Manage by system), Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – USER
- User Role
Description – A basic interface to enter user role details
Input – Name, Description, Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – USER_ROLE
- User – User Role (User Authentication)
Description – Mapping user to required user roles will continue on this interface.
Input – User (To be select on left side of the screen), User Role (To be displayed on right side of the screen where already grated roles are shown as icon/action to revoke, and not grated roles are shown with check box.
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – USER_USERROLE
- Module
Description – A basic interface to enter module details
Input – Title (System purpose – technical), Display Title (User purpose – non technical), Description, Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – MODULE
- Interface Group
Description – A basic interface to enter interface grouping details
Input – Module (List box to select the Module), Title (System purpose – technical), Display Title (User purpose – non technical), Description, Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – INTERFACE_GROUP
- Interface
Description – A basic interface to enter interface details
Input – Module (List box to select the Module), Title (System purpose – technical), Display Title (User purpose – non technical), Node Url (Interface access link or parameter), Description, Status (active by default)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – INTERFACE
- Interface Field
Description – This is a basic interface to maintain interface fileds
Input – Module (List Box to select the Module), Interface (List Box to select the Interface), Form Id (Field Name on interface), Mandatory (yes / no box), Description, Status (active by default), Upload ( Function to upload interface fields since it will be convenient at the initial data entry over manual entry)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – INTERFACE_FILELD
- (User Role) – Module (Module Authentication)
Description – Mapping of each Module to authorized User Roles.
Inputs – Organization, Business Unit, UserRole (List box on left side), Module (List Box on right side)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – USERROLE_MODULE
- (User Role) – Interface (Interface Authentication)
Description – Mapping of Interface to authorized User Roles
Input – Organization, Business Unit, UserRole (List Box on left side), Module (List Box on middle), Interface (List Box on right)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – USERROLE_INTERFACE
- (User Role) – Interface Field (Interface Field Authentication)
Description – Mapping of Interface Field to authorized User Roles
Input – Organization, Business Unit, UserRole (List Box on left side), Module (List Box on middle), Interface (List Box on right), Field (List Box bottom)
Functions – Create, View, Update, Delete
Algorithms – N/A
Security – Super user security scope
Validations – Common validations
Entities – USERROLE_INTERFACEFIELD
The design could be modified according to the customized requirements and further this design could be extended to manage folowing features such as;
- Alerts and Notifications Management
Manage and keep track of the alerts generated for various validations / conditions for the purpose of populating upon user login.
- Work-flow Management
There will be following features enabled on the above design such as;
– Define a work-flow for specific Interface with number of approval levels.
– Define actor (User or User Role) for each level.
– Integrate work-flow feature on interface tool bar (upon save or based on condition) where the end user could initiate and pull the record on to the work-flow.
- Schedule Management
There will be requirement to schedule reports and jobs to be executed on specific date / time or periodically. In order to cater for that requirement scheduler could be integrated with this module.
- Reports Management
As Interfaces, system generated report authorization could be managed using the Interface functionality of the above design.
Thisara.
Thisara's Research Space 
Reblogged this on Idea to geek.
LikeLike
Good shhare
LikeLike