User Tools

Site Tools


use-cases:user-update
Use case name

#4: User update information

Goal

Update some information about an user (not related with security)

Scope

Server (Software)

Level

Summary

Pre-conditions
  1. The user to update has to be registered (objective)
  2. If the actioner is different from the objective user, he needs to have a higher level credential than the objective
Primary actor

A registered user (actioner)

Trigger

A registered user uses the web server interface (or an appropiate public API method) to delete another registered user LEANDRO: 'delete'? shouldn't this be 'modify' ?

Main Success Scenario
  1. The actioner selects an user and clicks on update information option
  2. As alternative: the actioner sends a valid request with all information to the Public server API
  3. The server verifies the actioner credentials
  4. If the request is not for himself, the server will verify that the actioner current credentials are enough (policy: higher than the objective user)
    1. LEANDRO: Policy: admin or himself
  5. The server changes his information
  6. The server notifies to the actioner that the operation is OK
Details

DAVIDE: Other topics are: It's interesting to maintain an unique external UID for each researcher that can't change, for example email?

IVAN: That may be a compulsory, unique (alias) key to some numeric id, since mail can change.

use-cases/user-update.txt · Last modified: 2012/04/15 20:50 by leandro