User Account Management

User Account Management

The Claim Processing System provides robust user account management features, allowing users to register, log in, manage their profiles, and operate within defined roles. This section outlines how to interact with these core functionalities.

Registering a New User Account

To gain access to the Claim Processing System, new users must register an account. This typically involves providing essential credentials which are then secured by the system.

Process:

1. Access the Registration Endpoint: Navigate to the designated registration page or API endpoint (e.g., /register).
2. Provide Details:
   • Username: A unique identifier for your account.
   • Password: A strong password for security. The system will encrypt this password securely.
   • Email: A valid email address for notifications and account recovery.
3. Submit Registration: Upon successful submission, your account will be created with an initial active status.

Example (Conceptual API Call):

POST /register
Content-Type: application/json

{
    "username": "john.doe",
    "passwordHash": "myStrongPassword123!",
    "email": "john.doe@example.com"
}

System Behavior:

• Your password is automatically hashed and stored securely.
• Your account is created with a Submitted claim status.
• A timestamp for account creation is recorded.

Logging In

After registration, users can log in to authenticate themselves and gain access to the system's features. The system utilizes secure token-based authentication (JWT and OAuth2).

Process:

1. Access the Login Endpoint: Navigate to the login page or API endpoint (e.g., /login).
2. Provide Credentials:
   • Username: The username you registered with.
   • Password: Your account password.
3. Submit Login: Upon successful authentication, the system will return an access token (JWT).

Example (Conceptual API Call):

POST /login
Content-Type: application/json

{
    "username": "john.doe",
    "password": "myStrongPassword123!"
}

System Behavior:

• The provided password is compared against the stored hashed password.
• If credentials are valid, a JSON Web Token (JWT) is issued. This token must be included in subsequent authenticated requests (typically in the Authorization header as a Bearer token).
• Your last login timestamp is updated.

Managing Personal Profiles

Users can manage their personal profile details, such as email and other account-related information. While some attributes like role and status might require administrative privileges to modify, basic contact information is generally user-updatable.

Process:

1. Authenticate: Ensure you are logged in and have a valid access token.
2. Access Profile Update Endpoint: Send a request to the user update API endpoint, typically using your userId (e.g., /users/{userId}).
3. Provide Updated Details: Include the fields you wish to update in the request body.

Example (Conceptual API Call to update email):

PUT /users/123
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
    "email": "john.doe.new@example.com"
}

System Behavior:

• The system verifies your identity using the provided JWT.
• The specified fields (e.g., email) are updated in your user profile.
• The updatedAt timestamp for your profile is refreshed.

Understanding User Roles

The Claim Processing System employs a role-based access control (RBAC) mechanism to manage user permissions. Each user is assigned a specific role, which dictates the functionalities they can access and the operations they can perform within the system.

While specific roles and their associated permissions are defined by system administrators, common roles might include:

• Standard User: Can submit claims, view their own claim statuses, and manage their personal profile.
• Administrator: Has full control over the system, including managing user accounts (creating, updating roles, deleting), overseeing all claims, and accessing reports.
• Claim Processor: Can review, update the status of, and approve/reject claims.

Key Points:

• Your assigned role is determined during account creation or by an administrator.
• The role field in your user profile (UserDTO) indicates your current role.
• Access to certain features or data will be automatically restricted or granted based on your role. If you attempt an action for which you lack permission, the system will typically return an authorization error.