User Management Service
Component Detail
Description
Business logic layer for creating, updating, deactivating, and role-assigning user accounts within an admin's org scope. Enforces that org_admin can only modify users within their own org tree, and that super_admin has cross-org visibility. Validates role transitions and triggers downstream effects (e.g., removing paused mentor from chapter listing on certification expiry).
user-management-service
Summaries
The User Management Service is a critical shared capability that governs who can access the platform and what they can do within it. By enforcing org-scoped permissions for every account action — creation, deactivation, role assignment, and status changes — it ensures that administrators cannot inadvertently or maliciously modify users outside their authority. Its downstream automation (removing paused or expired-certification mentors from public listings) reduces the risk of compliance violations and protects participants from encountering unqualified mentors, directly supporting HLF's duty of care and grant obligations. As a shared service, it reduces duplication and ensures consistent rule enforcement across all administrative workflows.
User Management Service is a high-complexity, high-criticality shared backend component that multiple features depend on. Its three dependencies — admin-repository, org-hierarchy-service, and admin-rls-guard — must all be production-ready before this service can be fully tested. The role transition validation logic, privilege hierarchy enforcement, and downstream side effects (certification expiry, pause, deactivation) each require dedicated integration test suites. As a shared component, any regressions here affect all admin-facing features simultaneously.
Plan for a security-focused code review covering privilege escalation scenarios, and allocate time for edge-case testing: demoting a super_admin, reactivating a deactivated user with an expired certification, and bulk reminders for a mixed-state org.
User Management Service is a shared backend service implementing the business logic layer for all user account lifecycle operations within the admin domain. It delegates persistence to admin-repository, resolves org tree membership via org-hierarchy-service, and enforces scope boundaries via admin-rls-guard on every query. getUsersInOrg(orgId, filters) should accept a typed filter object covering role, status, and certification state. assignRole(userId, role) must validate the caller's privilege level against the target role using a role hierarchy matrix before applying.
deactivateUser and reactivateUser trigger downstream effects — these should publish domain events (e.g., UserDeactivated, CertificationExpired) that downstream listeners (chapter listing, notification service) consume, rather than coupling side effects directly into this service. sendCertificationReminder and bulkSendCertificationReminders should be idempotent and rate-limited to prevent notification spam.
Responsibilities
- CRUD operations for user accounts within admin's org scope
- Validate and apply role assignments respecting privilege hierarchy
- Trigger downstream effects on status changes (certification expiry, pause, deactivation)
- Enforce org-scoped RLS for all user queries
Interfaces
getUsersInOrg(orgId, filters) -> List<User>
getUserById(userId) -> User
assignRole(userId, role) -> void
deactivateUser(userId) -> void
reactivateUser(userId) -> void
updateUserProfile(userId, fields) -> User
sendCertificationReminder(userId) -> void
bulkSendCertificationReminders(orgId) -> void
Relationships
Dependencies (3)
Components this component depends on
Dependents (4)
Components that depend on this component
Related Data Entities (5)
Data entities managed by this component