Skip to main content

Overview

User management in the Sistema de Permisos Municipales allows administrators to create, edit, and delete user accounts. Only users with Administrador or Desarrollador roles can manage users.
User management functions are restricted to Administrador and Desarrollador roles only.

User roles

The system supports three user roles:

Desarrollador

Highest level access. Can manage all users including other administrators.

Administrador

Can manage users but cannot edit or delete Desarrollador accounts.

Analista

Standard user with access to permit management functions.

Viewing users

Access the user list to view all registered users: 
GET /usuarios
This endpoint returns a list of all users with their details:
  • ID document (cédula)
  • Full name (nombre, apellido)
  • Position (cargo)
  • User type (tipo_usuario)
  • Username (indicador)

Creating users

1

Access the create user form

Navigate to /usuarios/add to access the user creation form.
2

Fill in user information

Provide the required information:
nombre
string
required
User’s first name (2-50 characters, letters only)
apellido
string
required
User’s last name (2-50 characters, letters only)
cedula
string
required
ID document number (7-9 digits)
cargo
string
required
Job position (4-50 characters, no numbers)
typeUser
string
required
User role: Administrador, Analista, or Desarrollador
3

System generates username

The system automatically generates a unique username from the user’s name:
// Username format: SURNAME + FIRST_INITIAL
// Example: Nolasco Malavé → MALAVEN
// If MALAVEN exists, generates MALAVEN1, MALAVEN2, etc.
4

Initial password set

The system automatically sets the initial password to the user’s cédula number, hashed with bcrypt.
Users should change their password upon first login.

Create user endpoint

POST /usuarios/add
Content-Type: application/x-www-form-urlencoded

nombre=Nolasco&apellido=Malavé&cedula=12345678&cargo=Analista&typeUser=Analista

Validation rules

  • Must contain only letters and hyphens
  • Minimum 2 characters
  • Maximum 50 characters
  • Cannot contain numbers or special characters (except hyphen)
  • First letter automatically capitalized
  • Must be numeric only
  • Minimum 7 digits (valid working age)
  • Maximum 9 digits
  • Must be unique (cannot register duplicate cédulas)
  • Example validation error: “¡Actualmente no existen más de 999.999.999 personas registradas en los registros de ciudadanía venezolana!”
  • Minimum 4 characters
  • Maximum 50 characters
  • Cannot contain numbers
  • Letters and spaces allowed
  • Must be exactly: “Administrador”, “Analista”, or “Desarrollador”
  • Case-sensitive
  • No other values accepted

Editing users

1

Access the edit form

Navigate to /usuarios/edit/:username where :username is the user’s indicador.
2

Modify user information

Update any of the user fields (same validation rules apply).
You cannot edit:
  • Your own account
  • Desarrollador accounts (unless you are also a Desarrollador)
  • The username (indicador) - this is read-only
3

Submit changes

Submit the form to update the user’s information.

Edit user endpoint

POST /usuarios/edit/:username
Content-Type: application/x-www-form-urlencoded

nombre=Nolasco&apellido=Malavé&cedula=12345678&cargo=Senior Analista&typeUser=Administrador&username=MALAVEN

Deleting users

Administrators can delete user accounts: 
POST /usuarios/delete
Content-Type: application/x-www-form-urlencoded

username=MALAVEN
Deletion restrictions:
  • Cannot delete your own account
  • Cannot delete Desarrollador accounts (unless you are also a Desarrollador)
  • Deletion is permanent and cannot be undone

Username generation logic

The system generates unique usernames automatically: 
// Step 1: Create base username
// Format: LASTNAME + FIRST_INITIAL (uppercase, no accents)
// Example: "Malavé" + "N" → "MALAVEN"

// Step 2: Check for existing usernames
// Queries database for usernames starting with "MALAVEN"

// Step 3: Add number suffix if needed
// If MALAVEN exists: MALAVEN1
// If MALAVEN1 exists: MALAVEN2
// And so on...

// From src/routes/usuarios.js
let username = gf.destilde(apellido).toUpperCase() + 
               gf.destilde(nombre.charAt(0)).toUpperCase();

await pool.query('SELECT username FROM usuarios WHERE username LIKE ?', 
  [username+'%'], async (err, result, fields) => {
    let usernames = [];
    for(let i=0; i<result.length; i++){
      usernames.push(result[i].username.toLowerCase());
    }
    usernames.sort();
    username = gf.username(nombre, apellido, usernames).toUpperCase();
});

Common errors

ErrorSolution
¡La cédula introducida ya se encuentra registrada!Each cédula can only be registered once
¡El nombre del usuario no debe contener números!Remove numbers from name fields
¡El usuario debe estar apto para trabajar!Cédula must be at least 7 digits
¡El cargo no debe contener caracteres numéricos!Position field cannot contain numbers
Los únicos valores aceptados como tipo de usuario…Use exactly: Administrador, Analista, or Desarrollador

Best practices

Initial passwords

Inform users to change their password (initially set to their cédula) on first login.

Role assignment

Assign the minimum role needed. Most users should be Analistas.

Regular audits

Periodically review user accounts and remove inactive users.

Cédula privacy

Handle ID documents carefully as they are sensitive personal information.

Next steps

Roles and permissions

Learn more about user roles and access control

Authentication

Understand the authentication system

Build docs developers (and LLMs) love

Get started for freeTalk to us