Each state/jurisdiction creates a User Admin account or accounts. The User Admin(s) can add users, assign and change user roles and assign and edit passwords. Users currently cannot manage their own passwords. This functionality is forthcoming.
Passwords must be at least 8 characters. There are no other inherent password restrictions, but the User Admin can specify password requirements. Usernames must be at least 5 characters; using email addresses as usernames is recommended.
MMRIA leverages CouchDB 2.0 for role-based security. The four user roles are Abstractor, Committee Reviewer, Form Designer, and User Admin. The User Admin role allows for user management. Passwords must be 8 characters minimum, and further password requirements are configurable by the User Admin at the state/jurisdiction level. Passwords are stored as a salted SHA1 hash.
Auditing fields exist to note who created a record, who last modified a record, and the date and time of record creation and last modification. The application sends logging messages to the standard output; the standard output can be redirected to a text file.