Skip to main content

Overview

The Seguridad system implements a comprehensive role-based access control (RBAC) system that assigns users to specific roles based on their organizational unit, function, and security clearance. Each role determines which modules, features, and data the user can access.

Permission Structure

Roles are defined by the permisos field in the usuario table. This field contains either numeric codes or text identifiers that map to specific modules and access levels.
The permission code is set during user creation and can be modified by administrators through the user management interface (alta_usuarios.php).

Role Categories

Administrator Roles

System Administrator

Permission Code: 0
Landing Page: index1.php
Description: Full system access with administrative privilegesCapabilities:
  • Access to all modules and features
  • User management and role assignment
  • System-wide data access
  • Configuration management

Administrative Staff

Permission Code: 100
Landing Page: admin/cabecera1.php
Description: Administrative operations and oversightCapabilities:
  • Administrative module access
  • User oversight functions
  • Cross-regional data visibility

Regional Unit Roles

Regional Units (Unidades Regionales) are the primary operational divisions. Each UR has dedicated access to their regional data:
UnitCodeLanding Page
UR 11ur1/cabecera1.php
UR 22ur2/cabecera1.php
UR 33ur3/cabecera1.php
UR 44ur4/cabecera1.php
UR 55ur5/cabecera1.php
Each Regional Unit has identical functionality but operates on data specific to their geographic jurisdiction.

Judicial Personnel Roles

Judicial roles provide read-only consultation access to case data for court officials:
Permission Codes: 20, 200
Landing Pages: consulta/index1.php, consulta2/index1.phpProvides general consultation capabilities for judicial review and case oversight.
Courts serving the first judicial circumscription:
CourtCodeLanding Page
Juzgado 121primera_circuncripcion/juzgado1/menu_consulta.php
Juzgado 222primera_circuncripcion/juzgado2/menu_consulta.php
Juzgado 323primera_circuncripcion/juzgado3/menu_consulta.php
Juzgado 424primera_circuncripcion/juzgado4/menu_consulta.php
Juzgado 525primera_circuncripcion/juzgado5/menu_consulta.php
Juzgado 626primera_circuncripcion/juzgado6/menu_consulta.php
Juzgado 727primera_circuncripcion/juzgado7/menu_consulta.php
Permission Code: 28
Landing Page: tercera_circuncripcion/juzgado3/menu_consulta.phpConsultation access for the third judicial circumscription.

Specialized Department Roles

Specialized units handle specific types of cases and investigations:

Traffic Department

Code: 99
Page: transito/index1.phpTraffic accident investigations and vehicle-related incidents.

Suicide Investigation

Code: 98
Page: suicidio/index1.phpSpecialized unit for suicide case investigation and documentation.

Traffic Homicide

Code: 97
Page: homicidio_accidente_transito/index1.phpInvestigations of fatalities resulting from traffic incidents.

Dependent Resources

Code: 96
Page: recursos_dependientes/index1.phpManagement of dependent personnel and resources.

Home Escape Cases

Code: 95
Page: fuga_hogar/index1.phpMissing persons and runaway cases.

UNICEF Unit

Code: 94
Page: unicef/index1.phpChild protection cases coordinated with UNICEF.

Toxicology

Code: 93
Page: toxico/cabecera1.phpDrug-related crimes and toxicology investigations.

Subsecretaría

Code: 92
Page: subsecretaria/index1.phpUndersecretary office operations and oversight.

Data Entry Unit

Code: 91
Page: carga_datos/index1.phpDedicated data entry and records management.

Operations

Code: 90
Page: operaciones/index1.phpOperational planning and tactical operations.

Federal Crimes Unit

Federal Crimes Department

Permission Code: 4444
Landing Page: delitos-federales/index1.php
Description: Federal-level crime investigation and prosecution supportJurisdiction:
  • Federal crimes
  • Cross-jurisdictional cases
  • Federal law enforcement coordination

Special Access Roles

These roles provide limited access to specific functions:
RoleCodeLanding PageFunction
Vehicle Search800buscar_dominio.phpSearch vehicle by license plate
Preventive Records801buscarpreventivosoloconsultas.phpQuery preventive records
Map Consultation807consultaMapa.phpGeographic data visualization

Text-Based Roles

Some roles use text identifiers instead of numeric codes:
Permission Code: Sub-jefe
Landing Page: consulta_mapa_simple.php
Description: Deputy chief access with map-based oversight capabilities
Permission Code: dirseguridad
Landing Page: dirgral/index1.php
Description: Director-level access to security operations and strategic planning
Permission Code: comisaria
Landing Page: comisarias/cabecera1.php
Description: Local police station operations and community policing
Permission Code: operaciones
Landing Page: operativos
Description: Operational management and field operations coordination

Role Assignment Process

Administrators assign roles through the user management interface:
1

Access User Management

Navigate to CARGA DE DATOS > Usuarios or directly to alta_usuarios.php
2

Create or Select User

  • Click Nuevo for new users
  • Click Modificar next to existing users to edit
3

Enter User Information

Required fields:
  • Username (lowercase, max 16 characters)
  • Password and confirmation
  • Description/Initials
  • Circunscripción (jurisdiction)
  • Categoria (permission code)
4

Set Permission Code

Enter the appropriate numeric or text permission code in the Categoria field
5

Optional: Set Data Entry Authorization

Configure “Autorizar carga fuera Periodo” to restrict data entry before a specific date
6

Save User

Click Guardar for new users or Modificar to update existing users
Only users with administrative privileges (code 0 or 100) can access the user management interface.

Permission Features

Data Entry Period Restriction

Administrators can restrict when users can enter data: 
// Field: autorizado_carga_fuera_periodo
// Format: dd-mm-yyyy (e.g., 01-01-2016)
// Effect: Users cannot enter data dated before this date
This feature helps maintain data quality by preventing backdated entries without authorization.

Bulk Permission Management

Administrators can disable data entry for all users simultaneously:

Batch Period Restriction

The “Inhabilitar CFP a TODOS” button in user management allows administrators to set a global data entry restriction date for all users except administrators.Use Case: End-of-period data freezes for reporting or auditing

User Attributes

Each user account includes the following attributes:

Username (usd)

Unique identifier, lowercase, max 16 characters

Password (pwd)

Authentication credential, max 16 characters

Permissions (permisos)

Role code determining access level

Circunscripción

Geographic jurisdiction assignment

Nota/Description

User description or full name

Authorization Date

Data entry period restriction

Viewing User List

The user management page displays all users with their key attributes: 
Format: Username > Permissions > Circunscripción > Nota > Authorization Date
Example: jdoe > 1 > UR1 Posadas > John Doe > 01-01-2024
Users are sorted by:
  1. Authorization date
  2. Username (alphabetically)

Common Role Scenarios

Scenario: Police officer working in Regional Unit 5Configuration:
  • Username: oficial.ur5
  • Permission Code: 5
  • Circunscripción: UR5 Oberá
  • Access: Full CRUD operations for UR5 preventive reports

Role Security Considerations

Important Security Notes:
  • Permission codes are stored and compared as plain text
  • No role hierarchy or inheritance system exists
  • Role changes take effect immediately upon login
  • No audit trail for role modifications
  • Consider implementing:
    • Role change logging
    • Temporary role elevation
    • Role expiration dates
    • Multi-factor authentication for privileged roles

Next Steps

Authentication

Learn about the authentication and session management system

Navigation

Explore module navigation and system workflows

Build docs developers (and LLMs) love

Get started for freeTalk to us