User Account Management¶

CONPROSOFT uses ASP.NET SQL Membership for authentication and role-based access control. All user management is performed through the application's SYSTEM ADMIN → Membership screens.

Creating Users¶

Users can be created in two ways:

Administrator-created: Navigate to SYSTEM ADMIN → Membership and use the membership user creation screens. The account is active immediately.
Self-registration: Users can register via the login page. Self-registered accounts are automatically created with isApproved = false and cannot log in until an Administrator approves the application under SYSTEM ADMIN → Membership → Membership Applications.

Assigning Roles¶

Roles control which modules and screens a user can access. Assign roles via Membership Users In Roles.

Role	Access Granted
`Administrators`	Full access to all modules and configuration
`Manager`	HR, Procurement, Finance, Reporting, Admin functions
`Supervisor`	HR operations, Task Manager, some Procurement
`Employee`	Time Sheet, Leave Application, Task Manager (own records)
`Readonly`	All screens visible, all write actions disabled
`Procurement`	Procurement module (Requisitions, POs, GRNs, Payments)
`HumanResources`	HR module
`TaskManager`	Task Manager module
`QualityManagement`	Quality Management module
`SafetyManagement`	Safety Management module
`Reporting`	Reports section

A user can hold multiple roles. For example, a Manager would typically hold Administrators or Manager plus any relevant module roles.

Assigning Users to Projects¶

Data visibility in CONPROSOFT is project-scoped for non-Administrator users. After creating a user account, assign them to the relevant projects via SYSTEM ADMIN → Project Users. Without a project assignment, the user will see no data in project-scoped screens.

Modifying Users¶

Update email addresses and display names via the membership screens.
Adjust role memberships when responsibilities change.
Update project assignments via Project Users.

Deactivating Users¶

Disable the account via the membership management screen.
Remove role assignments if required.
Remove project assignments via Project Users if the user should no longer appear in lookups.

Do not delete user accounts if they are referenced in historical records (timesheets, leave applications, purchase orders) — disabling is safer.

Unlocking Locked Accounts¶

Accounts are locked after repeated failed login attempts (controlled by the ASP.NET Membership configuration). To unlock:

Navigate to SYSTEM ADMIN → Membership.
Find the user and use the unlock action.

If the unlock screen is not accessible, an Administrator can unlock accounts directly in SQL Server:

UPDATE aspnet_Membership
SET IsLockedOut = 0, FailedPasswordAttemptCount = 0
WHERE UserId = (SELECT UserId FROM aspnet_Users WHERE UserName = 'username')

User Profile Pictures¶

User profile pictures (displayed in the navbar) are stored in the UserPictures table. Manage them via SYSTEM ADMIN → User Pictures (~/pages/user-pictures).

Creating Users¶

Access the relevant membership or user controller (e.g. aspnet_Membership wrapper).
Capture user details (username, email, etc.).
Assign appropriate roles to grant access to required modules.

Modifying Users¶

Update email addresses, display names, or status as required.
Adjust role memberships when responsibilities change.

Deactivating Users¶

Disable accounts of users who leave the organisation or no longer require access.
Ensure their responsibilities are reassigned where necessary.

Password Policies¶

Enforce strong password policies.
Use built-in membership features or external identity providers as applicable.

The detailed screens and steps may differ slightly depending on how the membership controllers are surfaced in the UI; document those specifics here.