Skip to main content

User Guide

Overview

This guide provides instructions for administrators responsible for managing and maintaining the Secure Controlled Guns and Ammunition Inventory Management System (SCGAIMS).

Administrators are responsible for ensuring the system remains operational, secure, and capable of supporting accountability requirements relating to firearms and ammunition inventory management.

Primary responsibilities include:

  • Inventory administration
  • Investigation oversight
  • Audit review
  • User administration
  • Role management
  • Security governance
  • System maintenance

Administrator Responsibilities

Administrators serve as the highest privileged operational users within SCGAIMS.

Key responsibilities include:

Inventory Management

Audit Oversight

Investigation Oversight

System Configuration

Security Governance

User Administration

Role Administration

Administrative Access

Authentication

Administrators must authenticate using approved credentials.

Future production deployments will utilize:

Auth0

OAuth 2.0

OpenID Connect

Multi-Factor Authentication (Planned)

Authorization

Administrative functionality is restricted through:

Role-Based Access Control (RBAC)

Only authorized users assigned the Administrator role may perform privileged administrative actions.


Inventory Administration

Overview

Administrators maintain inventory records for all controlled firearms and ammunition managed by the system.

Inventory administration ensures accurate accounting of assets available for operational use.


Viewing Inventory

Purpose

Provides visibility into current inventory holdings.


API Endpoint

GET /inventory/

Information Available

Inventory records may include:

Inventory Identifier

Item Name

Serial Number

Quantity

Item Type

Status

Inventory Verification

Administrators should periodically verify:

Inventory Accuracy

Quantity Integrity

Serial Number Accuracy

Transaction Consistency

Inventory Review Procedure

  1. Retrieve inventory records.
  2. Verify inventory quantities.
  3. Compare inventory records with physical inventory counts.
  4. Investigate inconsistencies.
  5. Document findings.

Transaction Monitoring

Overview

Administrators are responsible for monitoring inventory transactions.

Transaction monitoring helps identify:

Inventory Movement

Usage Patterns

Inventory Shortages

Operational Trends

Issue Records Review

Purpose

Review historical inventory issue and return activities.


Endpoint

GET /issue-records/

Information Available

Issue records include:

Quantity Issued

Quantity Returned

Issue Date

Discrepancy Status

Associated Investigation

Administrative Review Activities

Administrators should periodically:

  • Review issue records
  • Identify patterns
  • Assess discrepancies
  • Verify accountability controls

Audit Log Administration

Purpose

Audit logs provide accountability and traceability across the system.


Endpoint

GET /audit-logs/

Audit Review Objectives

Administrative review should focus on:

Unauthorized Activity

Unexpected Changes

Investigation Activity

Inventory Modifications

System Usage Patterns

Information Captured

Audit entries may include:

User Identifier

Action

Timestamp

Target Record

Additional Details

ActivityFrequency
Audit ReviewWeekly
Inventory ReviewWeekly
Investigation ReviewDaily
Configuration ReviewMonthly

Investigation Oversight

Overview

Administrators are responsible for ensuring inventory discrepancies are investigated properly.


Investigation Lifecycle

Open
|
v
Review
|
v
Resolution
|
v
Closed

Investigation Objectives

Investigations help determine:

Cause of Discrepancy

Operational Error

Inventory Mismanagement

Documentation Errors

Potential Security Issues

Resolving Investigations

Endpoint

POST /resolve-investigation/

Example Request

{
"investigation_id": 1,
"resolution_notes": "Investigation completed. Operational usage confirmed."
}

Administrative Duties

Before closing investigations:

  1. Review issue records.
  2. Review audit logs.
  3. Verify supporting evidence.
  4. Document findings.
  5. Record resolution notes.

User Administration

Overview

User management is performed through Auth0.

Administrators are responsible for:

User Provisioning

Role Assignment

Account Management

Permission Review

User Creation

Users should be created through:

Auth0 Dashboard

Information Required

Name

Email Address

Role Assignment

User Deactivation

When personnel leave the organization or no longer require access:

Account Disabled

Permissions Reviewed

Access Revoked

Role Management

Available Roles

Current operational roles include:

Administrator

Supervisor

Officer

Administrator

Responsibilities:

System Administration

Inventory Oversight

Security Governance

Audit Review

Supervisor

Responsibilities:

Investigation Management

Transaction Review

Audit Visibility

Officer

Responsibilities:

Inventory Issuance

Inventory Returns

Operational Activity

Permission Management

Current Permissions

Examples include:

issue:inventory

return:inventory

resolve:investigation

view:records

view:auditlogs

Administrative Responsibilities

Administrators should periodically verify:

Role Assignments

Permission Accuracy

Least Privilege Enforcement

Security Administration

Security Objectives

Administrators support the protection of:

Inventory Data

Operational Data

Audit Records

Investigation Data

Environment Variable Management

Sensitive configuration values must remain outside source code.

Examples:

DB_PASSWORD

AUTH0_CLIENT_SECRET

AUTH0_CLIENT_ID

Security Verification

Administrators should periodically confirm:

Credentials are not stored in source code.

.env remains excluded from GitHub.

Environment values are current.

Secret Protection

Never expose:

Database Passwords

API Keys

Auth0 Client Secrets

Access Tokens

Backup and Recovery

Database Backup

Periodic database backups should be maintained.

Recommended frequency:

Daily

Verify Restorability

Administrators should periodically test:

Backup Recovery

Data Integrity

Record Availability

System Maintenance

Routine Maintenance Activities

Daily

Review Investigations

Review Transaction Activity

Review Audit Logs

Weekly

Inventory Verification

Issue Record Review

Data Validation

Monthly

Permission Review

Role Review

Security Review

Configuration Review

Troubleshooting

Inventory Retrieval Issues

Symptoms

Inventory Not Displaying

Empty Responses

Server Errors

Resolution

Verify:

Database Connectivity

Inventory Records Exist

API Service Availability

Audit Log Issues

Symptoms

Missing Audit Records

Resolution

Verify:

Audit Logging Logic

Database Connectivity

API Responses

Investigation Resolution Issues

Symptoms

Unable to Close Investigation

Resolution

Verify:

Valid Investigation Identifier

Database Connectivity

Authorization Permissions

Administrative Best Practices

Inventory Governance

Maintain regular inventory reviews.


Audit Review

Perform periodic audit inspections.


Principle of Least Privilege

Grant only required permissions.


Incident Documentation

Document all discrepancies and investigations.


Change Management

Review administrative changes before implementation.


Compliance and Accountability

Administrators play a key role in ensuring:

Accountability

Transparency

Traceability

Security Governance

These objectives directly support the purpose of SCGAIMS and help mitigate inventory management deficiencies associated with controlled firearms and ammunition.


Administrative Checklist

Daily

✅ Review Open Investigations

✅ Review Recent Audit Logs

✅ Monitor Inventory Activity


Weekly

✅ Verify Inventory Records

✅ Review Issue Records

✅ Review Discrepancies


Monthly

✅ Conduct Permission Review

✅ Conduct Role Review

✅ Review Security Configuration

✅ Verify Backup Procedures


Conclusion

Administrators serve a critical role within SCGAIMS by maintaining inventory integrity, overseeing investigations, reviewing audit records, managing user access, and enforcing security governance requirements. Effective administration ensures that the accountability, transparency, auditability, and traceability objectives of the platform are consistently maintained, supporting the secure management of firearms and ammunition inventories.