Users¶
User accounts control access to the Knosc platform. Each user is assigned a role which defines their privilege set.
Endpoints¶
| Method | Path | Description |
|---|---|---|
| GET | /api/user |
List users |
| GET | /api/user/{id} |
Get user |
| POST | /api/user |
Create user |
| PUT | /api/user/{id} |
Update user |
| DELETE | /api/user/{id} |
Delete user |
| GET | /api/profile |
Get own profile |
Required privilege: Users / View (read) · Users / Edit (write)
User Object¶
{
"id": 12,
"User Fullname": "Jane Doe",
"Username": "jane.doe@acme.com",
"User Email": "jane.doe@acme.com",
"User Phone": "+1 555 000 0000",
"First Signin": false,
"Password Expiration": "2025-06-01",
"Role Name": "Procurement Manager",
"Role Description": "Full procurement read/write access",
"User Status": "Active",
"2FA Enabled": true,
"Privileges": [
{ "type": "Procurement", "access": "Edit" },
{ "type": "Demand", "access": "View" }
]
}
| Field | Type | Description |
|---|---|---|
id |
integer | Internal user identifier |
User Fullname |
string | Display name |
Username |
string | Login username (typically email) |
User Email |
string | Email address |
User Phone |
string | null | Phone number |
First Signin |
boolean | true if user has never logged in |
Password Expiration |
string | null | Password expiry date (ISO 8601) |
Role Name |
string | Assigned role name |
Role Description |
string | Role description |
User Status |
string | Active or Inactive |
2FA Enabled |
boolean | Whether 2FA is active |
Privileges |
array | Effective privilege list |
Constraints¶
- Superuser and Service accounts cannot be modified except by another Superuser.
- Usernames must be unique across the organisation.
- Passwords must be at least 8 characters.
- Email addresses must be unique.
- Deleting a user performs a soft delete (status →
Inactive) to preserve audit history.