View source | View content page | Page history | Printable version   

Projects:Password Management/Functional Specifications


Report UI Pattern - Functional Specifications


Currently there are some issues to improve in the way Openbravo ERP manages users passwords.


The purpose of this project is to enhance the password management solving a number of issues found on this topic.

Functional Requirements

User roles & profiles

Openbravo Admin
This role has permission to do administrative tasks in Openbravo ERP, this includes the security policies management. Thus he can modify users' passwords.
Standard User
A standard user (with no security management permissions) is able to change her own password.

Business process definition

The process definition for this project is based on a list of requested features:

Functional requirements based on business processes

Num Requirement Importance Status Estimated time Comments
0 Define password reference  ?? To be started 1d It must be decided if all this new implementations are going to be done for a new reference or for the current isEncrypted standard column
1.1 Ask to re-enter the password when inserting or modifying it Must have To be started 1d
1.2 Modify Initial Client Setup to request passwords for the users to be created Must have To be started 1d
1.3 Extended password length to 20 characters to allow stronger passwords Must have To be started 2h
1.4 Do not allow in UI to insert passwords with less than 7 characters Must have To be started 4h
1.5 Distinguish in UI when a user has password or it is blank Should have To be started 1d
1.6 Allow entering the password without need of saving the current record Should have To be started 1d This would require to send the encrypted password by HTTP POST
1.7 Add to user tab a process to auto-generate passwords and send it by mail to user Should have To be started 2d This would require to have properly set the user's e-mail
1.8 Check the password complexity when creating it Should have To be started 1d
1.9 Define and manage expiration time for passwords Nice to have To be started 2d
1.10 Maintain a password history in order not to allow reentering an already used password Nice to have To be started 4d
1.11 Block a user after some failed login tryouts Nice to have To be started 3d

Closed Discussion Items

Retrieved from ""

This page has been accessed 8,973 times. This page was last modified on 8 June 2012, at 05:29. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.