Skip to content

Feature 03: User Self-Service Profile

Version Date Author Change Description Approval Status
1.0 2025-09-04 Senior Business Analyst Initial Draft (with password management) Superseded
2.0 2025-09-11 Senior Systems Analyst Revised for Google SSO Integration; removed password functionality Pending Review

1.0 Introduction

1.1 Purpose

This document defines the business requirements for the user self-service profile feature. This feature allows authenticated users to view their own profile information and update a limited set of personal details. With the integration of Google Directory for authentication, password management is no longer within the scope of this application and has been removed from this feature's requirements.

  • For detailed user interaction flows, see the Use Case document.
  • For the quality assurance and validation strategy, see the Test Plan.

2.0 Business Requirements

2.1 Profile Viewing

Authenticated users must have access to a dedicated "My Profile" page where they can view their account information.

  • 2.1.1 Displayed Information: The profile page must display the following user data:
  • Primary Email Address (Username)
  • Display Name
  • Account Status (e.g., Active)
  • A list of all roles assigned directly to the user.
  • A list of all groups the user is a member of.
  • 2.1.2 Read-Only Fields: Certain fields are synchronized from the identity provider or managed by administrators and must be presented as read-only to the user. These include:
  • Primary Email Address
  • Account Status
  • Assigned Roles
  • Group Memberships

2.2 Profile Editing

Users should be able to modify certain non-critical personal information to keep their profile up-to-date.

  • 2.2.1 Mutable Information: Users must have the ability to edit and save changes to their Display Name.
  • 2.2.2 Data Validation: Standard validation rules must be applied to all editable fields. For example, the Display Name cannot be empty.

3.0 Business Rules

  • Rule 3.1: A user must only be able to view and edit their own profile. They cannot access the profile page of any other user.
  • Rule 3.2: The user's primary email address must not be editable through the self-service profile page, as it is the primary identifier linked to their Google account.
  • Rule 3.3: Any changes made to mutable fields, such as the Display Name, must be reflected throughout the application (e.g., in the header/shell) upon a successful save.

4.0 Scope

4.1 In Scope

  • Viewing all personal profile data as specified in 2.1.1.
  • Editing and saving mutable profile information (Display Name).
  • Client-side validation for editable fields.

4.2 Out of Scope

  • Password Management: Changing or resetting passwords is explicitly out of scope, as this is managed by Google.
  • Administrators editing a user's profile (covered in Feature 07).
  • Changing a user's primary email, status, roles, or group memberships.

5.0 Assumptions and Dependencies

  • 5.1: The application has a valid, active session for the user.
  • 5.2: The backend services can provide all the necessary profile information for the logged-in user.