User Management

Manage user accounts, assign roles, and control access to DFIRe.

Overview

User management in DFIRe is accessed via Settings > User Accounts. The interface has two tabs:

  • Users: Create, edit, and manage user accounts
  • Role Editor: Configure permissions for each role

For detailed information about the Role Editor and permission configuration, see Application Security.

Access Control

DFIRe uses a two-tier access control system:

1. Role-Based Permissions

Each user is assigned a role that determines their system-wide capabilities:

  • Can the user create new cases?
  • Can the user access system settings?
  • Can the user view all cases regardless of assignment?

2. Case-Level Access

For each case, access is determined by team assignment:

  • Lead Investigator: Full control of the case
  • Investigator: Read/write access to case content
  • Viewer: Read-only access

A user must have both the role permission to perform an action and be assigned to the case (unless they have "View/Edit All Cases" permission).

Creating Users

  1. Navigate to Settings > User Accounts

    You need administrator permissions to manage users.

  2. Click "Add User"
  3. Fill in User Details
    • First Name / Last Name: Display name
    • Username: Unique identifier for login
    • Email: Used for notifications
    • Role: Select the user's role
    • Password: Set the initial password
  4. Configure Account Status

    The "Account Active" toggle determines whether the user can log in.

  5. Optional: Link Slack Account

    Enter the user's Slack User ID if you use Slack integration. Find this in Slack by clicking the user's profile > More > Copy member ID.

  6. Click "Save User"

SSO Users: When SSO is configured, users are created automatically on first login. You may need to adjust their role after their first login.

Preconfigured Roles

DFIRe includes these default roles:

Role Description
View Only Read-only access to cases they're assigned to
Standard user Create and manage cases they're assigned to, add evidence and notes
Team Lead Standard user permissions plus view/edit all cases and manage teams
DFIRe Admin Full system access including user management, settings, and audit logs

Administrators can modify these roles or create additional custom roles using the Role Editor. See Application Security for details on the Role Editor.

Editing Users

Click the edit button next to any user to modify their account:

  • Update profile information: Name, email, username
  • Change role: Select a different role from the dropdown
  • Reset password: Enter a new password (leave blank to keep current)
  • Enable/disable account: Toggle the "Account Active" switch
  • Update Slack ID: Link or unlink Slack integration

SSO Users

Users who authenticate via SSO are indicated with an SSO badge showing their identity provider. For SSO users:

  • Password fields are hidden (authentication is managed by the identity provider)
  • Profile information may be synced from the identity provider
  • You can still change their role and account status

Disabling Users

When a user should no longer have access:

  1. Go to Settings > User Accounts
  2. Click the edit button for the user
  3. Turn off "Account Active"
  4. Click "Save User"

Disabling a user:

  • Prevents them from logging in
  • Preserves their audit trail and case history
  • Shows a "Disabled" badge on the user list
  • Does not delete any data

Recommendation: Disable users rather than deleting them. This preserves the audit trail and historical records.

Force Logout

Administrators can immediately terminate all of a user's active sessions:

  1. Go to Settings > User Accounts
  2. Click the edit button for the user
  3. Click "Force Logout"
  4. Confirm the action

This is useful when:

  • A user's credentials may have been compromised
  • An employee is leaving and you need immediate access revocation
  • You've changed a user's role and want it to take effect immediately

The user will need to log in again on all devices.

User List

The user list displays:

  • Profile picture: From SSO provider or initials placeholder
  • Name and username: With email address
  • Status badges:
    • SSO badge - Shows the identity provider (Google, Microsoft, etc.)
    • Disabled badge - Account is deactivated
    • ROOT badge - Superuser with full system access
  • Role: The user's assigned role
  • Slack status: Whether their Slack account is linked

Password Policy

DFIRe enforces password requirements via Django's built-in validation:

  • Minimum 12 characters
  • Cannot be too similar to personal information
  • Cannot be a commonly used password
  • Cannot be entirely numeric

Password Reset

Users with local accounts (non-SSO) can reset their own password:

  1. Click on profile menu in the top navigation
  2. Select "Change Password"
  3. Enter current password and new password
  4. Click "Change Password" to save

Administrators can also reset passwords for users via the User Accounts settings.

Superusers

Superusers (shown with a "ROOT" badge) have unrestricted access to the entire system, bypassing all permission checks. Superuser status:

  • Is set during initial installation or via command line
  • Cannot be granted or revoked through the web interface
  • Should be limited to system administrators only

Non-superuser administrators cannot edit superuser accounts.