User Guide
Overview
This guide provides instructions for administrators responsible for managing and maintaining the Secure Controlled Guns and Ammunition Inventory Management System (SCGAIMS).
Administrators are responsible for ensuring the system remains operational, secure, and capable of supporting accountability requirements relating to firearms and ammunition inventory management.
Primary responsibilities include:
- Inventory administration
- Investigation oversight
- Audit review
- User administration
- Role management
- Security governance
- System maintenance
Administrator Responsibilities
Administrators serve as the highest privileged operational users within SCGAIMS.
Key responsibilities include:
Inventory Management
Audit Oversight
Investigation Oversight
System Configuration
Security Governance
User Administration
Role Administration
Administrative Access
Authentication
Administrators must authenticate using approved credentials.
Future production deployments will utilize:
Auth0
OAuth 2.0
OpenID Connect
Multi-Factor Authentication (Planned)
Authorization
Administrative functionality is restricted through:
Role-Based Access Control (RBAC)
Only authorized users assigned the Administrator role may perform privileged administrative actions.
Inventory Administration
Overview
Administrators maintain inventory records for all controlled firearms and ammunition managed by the system.
Inventory administration ensures accurate accounting of assets available for operational use.
Viewing Inventory
Purpose
Provides visibility into current inventory holdings.
API Endpoint
GET /inventory/
Information Available
Inventory records may include:
Inventory Identifier
Item Name
Serial Number
Quantity
Item Type
Status
Inventory Verification
Administrators should periodically verify:
Inventory Accuracy
Quantity Integrity
Serial Number Accuracy
Transaction Consistency
Inventory Review Procedure
- Retrieve inventory records.
- Verify inventory quantities.
- Compare inventory records with physical inventory counts.
- Investigate inconsistencies.
- Document findings.
Transaction Monitoring
Overview
Administrators are responsible for monitoring inventory transactions.
Transaction monitoring helps identify:
Inventory Movement
Usage Patterns
Inventory Shortages
Operational Trends
Issue Records Review
Purpose
Review historical inventory issue and return activities.
Endpoint
GET /issue-records/
Information Available
Issue records include:
Quantity Issued
Quantity Returned
Issue Date
Discrepancy Status
Associated Investigation
Administrative Review Activities
Administrators should periodically:
- Review issue records
- Identify patterns
- Assess discrepancies
- Verify accountability controls
Audit Log Administration
Purpose
Audit logs provide accountability and traceability across the system.
Endpoint
GET /audit-logs/
Audit Review Objectives
Administrative review should focus on:
Unauthorized Activity
Unexpected Changes
Investigation Activity
Inventory Modifications
System Usage Patterns
Information Captured
Audit entries may include:
User Identifier
Action
Timestamp
Target Record
Additional Details
Recommended Review Frequency
| Activity | Frequency |
|---|---|
| Audit Review | Weekly |
| Inventory Review | Weekly |
| Investigation Review | Daily |
| Configuration Review | Monthly |
Investigation Oversight
Overview
Administrators are responsible for ensuring inventory discrepancies are investigated properly.
Investigation Lifecycle
Open
|
v
Review
|
v
Resolution
|
v
Closed
Investigation Objectives
Investigations help determine:
Cause of Discrepancy
Operational Error
Inventory Mismanagement
Documentation Errors
Potential Security Issues
Resolving Investigations
Endpoint
POST /resolve-investigation/
Example Request
{
"investigation_id": 1,
"resolution_notes": "Investigation completed. Operational usage confirmed."
}
Administrative Duties
Before closing investigations:
- Review issue records.
- Review audit logs.
- Verify supporting evidence.
- Document findings.
- Record resolution notes.
User Administration
Overview
User management is performed through Auth0.
Administrators are responsible for:
User Provisioning
Role Assignment
Account Management
Permission Review
User Creation
Users should be created through:
Auth0 Dashboard
Information Required
Name
Email Address
Role Assignment
User Deactivation
When personnel leave the organization or no longer require access:
Account Disabled
Permissions Reviewed
Access Revoked
Role Management
Available Roles
Current operational roles include:
Administrator
Supervisor
Officer
Administrator
Responsibilities:
System Administration
Inventory Oversight
Security Governance
Audit Review
Supervisor
Responsibilities:
Investigation Management
Transaction Review
Audit Visibility
Officer
Responsibilities:
Inventory Issuance
Inventory Returns
Operational Activity
Permission Management
Current Permissions
Examples include:
issue:inventory
return:inventory
resolve:investigation
view:records
view:auditlogs
Administrative Responsibilities
Administrators should periodically verify:
Role Assignments
Permission Accuracy
Least Privilege Enforcement
Security Administration
Security Objectives
Administrators support the protection of:
Inventory Data
Operational Data
Audit Records
Investigation Data
Environment Variable Management
Sensitive configuration values must remain outside source code.
Examples:
DB_PASSWORD
AUTH0_CLIENT_SECRET
AUTH0_CLIENT_ID
Security Verification
Administrators should periodically confirm:
Credentials are not stored in source code.
.env remains excluded from GitHub.
Environment values are current.
Secret Protection
Never expose:
Database Passwords
API Keys
Auth0 Client Secrets
Access Tokens
Backup and Recovery
Database Backup
Periodic database backups should be maintained.
Recommended frequency:
Daily
Verify Restorability
Administrators should periodically test:
Backup Recovery
Data Integrity
Record Availability
System Maintenance
Routine Maintenance Activities
Daily
Review Investigations
Review Transaction Activity
Review Audit Logs
Weekly
Inventory Verification
Issue Record Review
Data Validation
Monthly
Permission Review
Role Review
Security Review
Configuration Review
Troubleshooting
Inventory Retrieval Issues
Symptoms
Inventory Not Displaying
Empty Responses
Server Errors
Resolution
Verify:
Database Connectivity
Inventory Records Exist
API Service Availability
Audit Log Issues
Symptoms
Missing Audit Records
Resolution
Verify:
Audit Logging Logic
Database Connectivity
API Responses
Investigation Resolution Issues
Symptoms
Unable to Close Investigation
Resolution
Verify:
Valid Investigation Identifier
Database Connectivity
Authorization Permissions
Administrative Best Practices
Inventory Governance
Maintain regular inventory reviews.
Audit Review
Perform periodic audit inspections.
Principle of Least Privilege
Grant only required permissions.
Incident Documentation
Document all discrepancies and investigations.
Change Management
Review administrative changes before implementation.
Compliance and Accountability
Administrators play a key role in ensuring:
Accountability
Transparency
Traceability
Security Governance
These objectives directly support the purpose of SCGAIMS and help mitigate inventory management deficiencies associated with controlled firearms and ammunition.
Administrative Checklist
Daily
✅ Review Open Investigations
✅ Review Recent Audit Logs
✅ Monitor Inventory Activity
Weekly
✅ Verify Inventory Records
✅ Review Issue Records
✅ Review Discrepancies
Monthly
✅ Conduct Permission Review
✅ Conduct Role Review
✅ Review Security Configuration
✅ Verify Backup Procedures
Conclusion
Administrators serve a critical role within SCGAIMS by maintaining inventory integrity, overseeing investigations, reviewing audit records, managing user access, and enforcing security governance requirements. Effective administration ensures that the accountability, transparency, auditability, and traceability objectives of the platform are consistently maintained, supporting the secure management of firearms and ammunition inventories.