Skip to main content

Overview

Centinela implements a role-based access control (RBAC) system with five distinct user profiles. Each profile has specific permissions that control access to features and data within the system.

User Profiles

The system defines the following user profiles: 
// configSecurity/utils/DataTable/ColumnsUsers.jsx:6-11
const profile = {
  1: 'Super Admin',
  2: 'Moderador',
  3: 'Lector',
  4: 'Operador',
}
Profile 5 (External User) is handled separately with restricted access. See External Users for details.

Profile Definitions

Full System AccessSuper Admins have unrestricted access to all system features and configurations:
  • Complete user management
  • System configuration
  • Security settings
  • All monitoring and control features
  • Data export and reporting
  • Menu customization
  • Variable configuration
Super Admin users are filtered from the user management table to prevent accidental modification.
// configSecurity/views/index.jsx:42
data={listUsers.filter((usr) => usr.id_profile !== 1)}
System ManagementModerators can:
  • View and manage users (except Super Admins)
  • Configure charts and dashboards
  • Manage alarms and notifications
  • Access all monitoring features
  • Configure diagrams and visualizations
Moderators cannot:
  • Modify Super Admin users
  • Change critical system configurations
  • Access certain administrative functions
Read-Only AccessReaders have view-only permissions:
  • View dashboards and charts
  • Monitor real-time data
  • Access diagrams
  • View notifications
Readers cannot:
  • Modify any configurations
  • Create or edit users
  • Change system settings
  • Control equipment
Operational ControlOperators can:
  • Control pumps and equipment
  • Manage operational parameters
  • View real-time monitoring
  • Acknowledge alarms
  • Create operational reports
Operators cannot:
  • Modify user accounts
  • Change system configurations
  • Access security settings

Route Access Control

Access to routes is controlled based on user profile: 
// App.jsx:126-128
{(isExternalUser ? externalRoutes : userRoutes).map((route) => (
  <Route key={route.path} path={route.path} element={route.element} />
))}

Internal User Routes

Profiles 1-4 have access to these routes:
/home
all profiles
Main dashboard with system overview
/config/security
admin/moderador
User management interface
// App.jsx:60
{ path: '/config/security', element: <ConfigSecurity /> }
/chart
all profiles
Charts and analytics dashboard
/config/menu
admin/moderador
Menu configuration
/config/diagram
admin/moderador/operador
Diagram management
/config/pumps
admin/moderador/operador
Pump control configuration
/config/vars
admin/moderador
Variable configuration
/config/alarm
admin/moderador
Alarm configuration

External User Routes

Profile 5 has restricted access: 
// App.jsx:89-91
const externalRoutes = [
  { path: '/', element: <ExternalUser /> }
]
External users attempting to access internal routes are automatically redirected to their dashboard:
// App.jsx:130
{isExternalUser && <Route path="*" element={<Navigate to="/" />} />}

User Management Interface

The security configuration page displays all users (except Super Admins): 
// configSecurity/views/index.jsx:39-40
<h1 className='text-2xl mb-3'>Usuarios Mas Agua</h1>
<TableCustom
  data={listUsers.filter((usr) => usr.id_profile !== 1)}
  columns={ColumnsUser(editUserRecloser)}
  ...
/>

User Table Columns

The user management table displays:
first_name
string
User’s first and last name combined
// ColumnsUsers.jsx:17-19
Cell: ({ row }) => {
  return <p>{`${row.original?.first_name} ${row.original?.last_name}`}</p>
}
email
string
User’s email address (used for login)
id_profile
number
User’s role displayed as profile name
// ColumnsUsers.jsx:29-31
Cell: ({ row }) => {
  return <p>{`${profile[row.original?.id_profile]}`}</p>
}
password
string
User’s password (masked by default with show/hide toggle)
// ColumnsUsers.jsx:36-47
Cell: ({ row }) => {
  const [showPassword, setShowPassword] = useState(false)
  return (
    <div className='flex items-center'>
      <p>{showPassword ? row.original?.password : '••••••••'}</p>
      <IconButton onClick={() => setShowPassword(!showPassword)}>
        {showPassword ? <VisibilityOff /> : <Visibility />}
      </IconButton>
    </div>
  )
}
status
number
User status (1 = Enabled, 0 = Disabled)
// ColumnsUsers.jsx:52-60
Cell: ({ row }) => {
  return (
    <div className='flex items-center w-full'>
      <Circle color={row.original?.status > 0 ? 'success' : 'error'} />
      <p>{`${row.original?.status > 0 ? 'Habilitado' : 'Deshabilitado'}`}</p>
    </div>
  )
}

Editing Users

Authorized users can edit user information through the security interface: 
// configSecurity/views/index.jsx:13-31
const editUserRecloser = (data) => {
  const existingTabIndex = tabs.findIndex((tab) => tab.name === `Edicion de: ${data.last_name}`)
  
  if (existingTabIndex !== -1) {
    setTabCurrent(existingTabIndex)
  } else {
    setTabs((prevTabs) => [
      ...prevTabs,
      {
        name: `Edicion de: ${data.last_name}`,
        id: data.id,
        link: '/editUserRecloser',
        component: <EditUserRecloser data={data} />,
      },
    ])
    setTabCurrent(tabs.length)
  }
  navigate('/tabs')
}

Edit User Form

The user edit interface allows modification of:
  • User password
  • (Name is displayed but read-only)
// EditUserRecloser.jsx:52-72
<TextField
  type='text'
  label={``}
  disabled
  value={`${data.last_name} ${data.first_name}`}
/>

<TextField
  error={errors.password ? true : false}
  type='text'
  label={`Contraseña`}
  {...register('password', { required: 'El Campo es requerido' })}
  value={data.password}
  defaultValue={data.password}
/>
Password changes in the edit interface update the user’s credentials. Ensure users are notified of any password changes.

User Status Management

Users can be enabled or disabled:
  • Status 1: User is active and can log in
  • Status 0: User is disabled and cannot access the system
// dataUser.js example:
{
  id: 21,
  first_name: 'Admin',
  last_name: 'Devoto',
  email: 'admin@devoto.coop',
  id_profile: 2,
  status: 1,  // Enabled
  ...
}

Permission Matrix

FeatureSuper AdminModeradorLectorOperadorExternal
View Dashboards⚠️ Limited
Edit Users
Configure System
Control Equipment
Configure Alarms
View Reports⚠️ Limited
Export Data

Best Practices

Least Privilege

Assign users the minimum profile level needed for their role

Regular Audits

Periodically review user permissions and disable inactive accounts

Strong Passwords

Enforce password complexity requirements for all users

Monitor Access

Track user logins and actions for security compliance
When creating new users, ensure they’re assigned to the appropriate profile based on their job responsibilities and access requirements.

Example User Data

Here’s an example of user data structure: 
// configSecurity/utils/DataTable/dataUser.js:80-92
{
  id: 22,
  first_name: 'Victor',
  last_name: 'Roteda',
  email: 'coopvictorroteda@gmail.com',
  password: 'Roteda5678',
  id_profile: 2,  // Moderador
  status: 1,      // Enabled
  date_create: '2023-11-24 12:32:24',
  user_create: 0,
  date_edit: '2024-04-15 12:08:42',
  user_edit: 0,
}

Next Steps

Authentication

Learn about the authentication flow

External Users

Configure external user access