System Architecture
Architectural Overview
The Secure Controlled Guns and Ammunition Inventory Management System (SCGAIMS) is designed as a secure web-based inventory management platform that centralizes the management, accountability, auditing, and investigation of controlled firearms and ammunition.
The architecture follows a layered approach consisting of:
- Presentation Layer
- Identity and Access Management Layer
- Application Layer
- Data Layer
- Infrastructure and Supporting Services Layer
This separation of concerns improves maintainability, scalability, security, and operational management.
High-Level Architecture
The following components comprise the overall SCGAIMS architecture:
+------------------------+
| Users |
+------------------------+
|
v
+------------------------+
| Auth0 |
| Authentication & RBAC |
+------------------------+
|
v
+------------------------+
| SCGAIMS Django |
| Application |
+------------------------+
|
v
+------------------------+
| PostgreSQL Database |
| (Supabase) |
+------------------------+
Supporting Services
Cloudflare
Microsoft 365
GitHub
GitHub Actions
Architectural Components
Presentation Layer
The presentation layer provides the user-facing interface through which users interact with the system.
Users include:
- Administrators
- Officers
- Supervisors
- Auditors
This layer is responsible for:
- Viewing inventory records
- Initiating inventory issue operations
- Processing inventory returns
- Managing investigations
- Reviewing audit logs
- Accessing administrative features
Identity and Access Management Layer
Authentication and authorization are handled through Auth0.
Auth0 provides:
- User authentication
- Identity management
- Role-Based Access Control (RBAC)
- Centralized user management
- Multi-Factor Authentication (future enhancement)
The platform currently defines the following roles:
Administrator
Responsible for:
- System administration
- Investigation oversight
- User administration
- Inventory management
Supervisor
Responsible for:
- Reviewing discrepancies
- Managing investigations
- Operational oversight
Officer
Responsible for:
- Inventory issuance
- Inventory return processing
- Daily operational activities
Application Layer
The application layer consists of the Django backend responsible for business logic processing.
Core functional modules include:
Inventory Management Module
Responsible for:
- Inventory creation
- Inventory updates
- Inventory tracking
- Stock visibility
Shift Management Module
Responsible for:
- Shift creation
- Shift validation
- Shift status management
Inventory transactions are associated with active shifts.
Inventory Issuance Module
Responsible for:
- Issuing firearms
- Issuing ammunition
- Transaction recording
- Quantity validation
The system validates inventory availability before approving issuance requests.
Inventory Return Module
Responsible for:
- Processing returns
- Recording returned quantities
- Comparing issued and returned quantities
Discrepancy Detection Module
Responsible for validating inventory returns.
The system automatically evaluates:
Issued Quantity
vs
Returned Quantity
If a mismatch occurs:
Discrepancy Flag = True
and an investigation record is generated.
Investigation Management Module
Responsible for:
- Investigation creation
- Investigation review
- Investigation resolution
Investigation records support accountability and compliance processes.
Audit Logging Module
Responsible for recording significant system activities.
Examples include:
- Inventory issuance
- Inventory returns
- Inventory modifications
- Investigation updates
- Administrative actions
Audit records provide accountability, traceability, and non-repudiation.
Data Layer
SCGAIMS utilizes PostgreSQL hosted through Supabase.
The database is responsible for:
- Inventory storage
- User transaction history
- Audit records
- Investigation records
- Shift information
The relational database structure enforces data integrity through:
- Primary Keys
- Foreign Keys
- Referential Integrity Constraints
Supabase Platform
Supabase provides:
- Managed PostgreSQL hosting
- Secure database access
- Cloud-based availability
- Scalability
Benefits include:
- Reduced infrastructure complexity
- Centralized database management
- Rapid deployment
Infrastructure Components
Cloudflare
Cloudflare provides:
- DNS hosting
- DNS security
- Domain management
The SCGAIMS domain:
scgaims.online
is managed through Cloudflare.
Microsoft 365
Microsoft 365 provides:
- Organizational email services
- Domain integration
- Future notification capabilities
Example addresses include:
admin@scgaims.online
audit@scgaims.online
armory@scgaims.online
GitHub
GitHub serves as the primary source control platform.
Functions include:
- Repository hosting
- Version control
- Collaboration
- Documentation management
Repository:
SCGAIMS
GitHub Actions
GitHub Actions is intended to support future DevSecOps automation.
Planned capabilities include:
- Continuous Integration (CI)
- Continuous Deployment (CD)
- Security scanning
- Automated validation
Data Flow
Inventory Issuance Workflow
Officer
|
v
Issue Request
|
v
Inventory Validation
|
v
Record Transaction
|
v
Update Inventory
|
v
Generate Audit Log
Inventory Return Workflow
Officer
|
v
Return Inventory
|
v
Validate Quantities
|
v
Discrepancy Check
|
+---- No ----> Close Transaction
|
+---- Yes ---> Create Investigation
|
v
Generate Audit Record
Authentication Flow
User
|
v
Auth0 Authentication
|
v
Identity Validation
|
v
Role Assignment
|
v
SCGAIMS Access
The authentication architecture ensures that access to system resources is controlled through authenticated identities and role assignments.
Security Architecture
SCGAIMS incorporates multiple security controls.
These include:
- Role-Based Access Control (RBAC)
- Centralized Identity Management
- Audit Logging
- Environment Variable Management
- Database Access Control
- Secure Cloud-Based Infrastructure
Sensitive configuration data is stored outside source code using environment variables.
Examples include:
- Database credentials
- Auth0 client secrets
- API configuration values
Conclusion
The SCGAIMS architecture provides a secure, layered, and scalable foundation for the management of controlled firearms and ammunition inventories. Through the integration of Django, PostgreSQL, Auth0, Cloudflare, Microsoft 365, and GitHub, the system enables secure inventory operations while supporting accountability, auditability, and security governance objectives.