Skip to main content

Overview

The Security module manages user accounts and access control for the Mas Agua platform. Administrators can:
  • View all user accounts
  • Edit user credentials
  • Manage user profiles and permissions
  • Control account status (enabled/disabled)

Accessing Security Settings

Navigate to Configuration > Seguridad to manage user accounts.

User Profiles

Mas Agua supports four user profile levels:

Super Admin

Full system access and configuration control

Moderador

Moderation and advanced user permissions

Operador

Operational access for day-to-day tasks

Lector

Read-only access to dashboards and reports

User Table

The user management interface displays:
ColumnDescription
NombreFull name (first_name + last_name)
EmailUser email address
PerfilUser profile (role)
ContraseñaPassword (hidden by default, toggle to view)
EstadoAccount status (Habilitado/Deshabilitado)
ActionsEdit button

Profile Mapping

From src/modules/configSecurity/utils/DataTable/ColumnsUsers.jsx:6: 
{
  1: 'Super Admin',
  2: 'Moderador',
  3: 'Lector',
  4: 'Operador'
}

Viewing User Details

Password Visibility

Click the visibility toggle icon to show/hide passwords:
  • Hidden: ••••••••
  • Visible: Actual password text
Passwords are stored and displayed in plain text. This is not a security best practice. Consider implementing password hashing in production.

User Status

User status is indicated by:
  • Green circle + “Habilitado”: Active user account
  • Red circle + “Deshabilitado”: Disabled user account
Status values:
  • status > 0: Enabled
  • status = 0: Disabled

Editing Users

1

Open User Editor

Click the Edit button (pencil icon) in the Actions column.
2

Edit Form Opens in New Tab

A new tab opens with the user edit form showing:
  • User name (read-only)
  • Password field (editable)
3

Modify Password

Enter the new password in the text field.
password
string
required
User password (minimum validation required)
4

Save Changes

Click Guardar to save the updated password.
5

Confirmation

Success message appears: “Se guardo correctamente los cambios del usuario”The tab closes automatically and returns to the user list.

User Data Structure

From src/modules/configSecurity/utils/DataTable/dataUser.js: 
interface User {
  id: number;
  first_name: string;
  last_name: string;
  email: string;
  password: string;       // Plain text (security concern)
  id_profile: number;     // 1=SuperAdmin, 2=Moderador, 3=Lector, 4=Operador
  status: number;         // >0 = enabled, 0 = disabled
}

Example User Configuration

{
  "id": 42,
  "first_name": "Juan",
  "last_name": "Rodriguez",
  "email": "juan.rodriguez@masagua.com",
  "password": "SecurePass123",
  "id_profile": 4,
  "status": 1
}
This represents:

Filtered User Display

From src/modules/configSecurity/views/index.jsx:42: 
data={listUsers.filter((usr) => usr.id_profile !== 1)}
Super Admin users (id_profile = 1) are hidden from the user management table.

Tab-Based Editing

The user editing system uses a tab-based interface:

Tab Creation

{
  name: `Edicion de: ${user.last_name}`,
  id: user.id,
  link: '/editUserRecloser',
  component: <EditUserRecloser data={user} />
}

Tab Behavior

  • Clicking Edit opens a new tab
  • If tab already exists for that user, it switches to existing tab
  • Saving closes the tab and returns to user list
  • Multiple user edit tabs can be open simultaneously

API Integration

The current implementation shows a success message but doesn’t make actual API calls (see src/modules/configSecurity/components/EditUserRecloser/EditUserRecloser.jsx:31).In production, you would implement:
await request('/api/users/update', 'PUT', {
  id: user.id,
  password: newPassword
});

Security Considerations

Critical Security Issues in Current Implementation:
  1. Plain text passwords: Passwords are stored and displayed without hashing
  2. Password visibility: Toggle reveals passwords in UI
  3. No password complexity requirements: Any password length accepted
  4. No audit logging: User changes are not tracked
  5. Client-side only validation: No server-side security checks
Implement bcrypt or similar hashing:
const bcrypt = require('bcrypt');
const hashedPassword = await bcrypt.hash(password, 10);
Store only hashed passwords in database.
Enforce password requirements:
  • Minimum 8 characters
  • At least one uppercase letter
  • At least one number
  • At least one special character
const passwordRegex = /^(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/;
Never show actual passwords:
  • Remove visibility toggle
  • Show only ”********” in table
  • Provide “Reset Password” instead of “Edit Password”
Track all user management actions:
interface AuditLog {
  timestamp: Date;
  admin_user: string;
  action: 'password_change' | 'status_change';
  target_user: string;
}

Permission Matrix

ActionSuper AdminModeradorOperadorLector
View users
Edit users
Create users
Delete users
View dashboards
Edit dashboards
Configure alarms
Configure PLCs
The exact permission matrix depends on implementation. The table above shows typical role-based access patterns.

Best Practices

User Account Management

  • Review user accounts regularly
  • Disable accounts for inactive users
  • Use principle of least privilege (assign minimum required profile)
  • Audit password changes
  • Implement password rotation policy

Profile Assignment

  • Lector: For stakeholders needing read-only access
  • Operador: For operators managing day-to-day operations
  • Moderador: For team leads and senior operators
  • Super Admin: For IT administrators only

Troubleshooting

This is by design. Super Admin users (id_profile = 1) are filtered from the display for security.
Use the tab close button or save the form. The tab should auto-close on successful save.
Currently, changes may not persist to backend. Check if API integration is implemented in your environment.

Future Enhancements

1

User Creation Form

Add ability to create new users with:
  • Email validation
  • Profile selection
  • Initial password generation
2

User Deletion

Implement soft delete:
  • Set status to deleted
  • Maintain audit trail
  • Prevent login
3

Two-Factor Authentication

Add 2FA for enhanced security:
  • TOTP (Google Authenticator)
  • SMS codes
  • Email verification
4

Session Management

Implement:
  • Session timeouts
  • Concurrent login limits
  • Force logout capability

See Also

  • Variables - Role-based access to variable configuration
  • Alarms - Permission-based alarm management