User Profile
Overview
User profiles in HGE Uslimato come in two flavours:
- Self-view (
/profile) — personal landing page for each authenticated account - Admin view (
/users/:id) — deep view for any user in the tenant
Both share the same tabbed layout and design language, but expose a different set of tabs.
Self-view — /profile
The self-view is the user's personal home. It opens with a personalised header:
- Initials avatar (Uslimato Green accent)
- Greeting "Hi, {{firstName}}"
- Email and role badge
- Tenant badge with the current tenant name
- Super-admin badge (only for super admins)
Quick actions
Below the header three shortcuts are available:
- Open settings →
/settings - Go to My Workplace →
/mein-arbeitsplatz - New request →
/mein-arbeitsplatz/anfrage
Tabs
| Tab | Contents |
|---|---|
| Info | Name, email, role, last login, member since, tenant info |
| Edit profile | Self-service editor for first name, last name, display name and avatar |
| My devices | Table of the user's own assigned assets (clickable) |
Edit profile (self-service)
The Edit profile tab lets every authenticated user maintain their own identity fields without involving an administrator. The same panel works in both the classic shell and the Uslimato Experience.
Editable fields
| Field | Notes |
|---|---|
| First name | Up to 100 characters; synced with HGE ID |
| Last name | Up to 100 characters; synced with HGE ID |
| Display name | Shown in the sidebar, ticket cards, audit log — up to 255 characters; synced with HGE ID |
| Avatar | JPEG / PNG / WebP, max 5 MB, served as 256 × 256 WebP; counts against your tenant's storage quota |
| Read-only in this release — email changes require re-verification and are not yet self-service |
How saving works
- Your changes are submitted to HGE ID first. If HGE ID is temporarily unavailable, nothing is saved and you receive an error message.
- On success, your profile is updated in every tenant where you have a membership — HGE ID is the global source of truth, so the same identity shows up everywhere.
- An audit-log entry is written only in the active tenant so the timeline is not duplicated.
- On your next login, all tenant profiles are automatically reconciled — consistency is guaranteed.
Avatars
- App-only: avatars are stored securely and served from a protected route. They are never pushed to HGE ID because avatars must stay private for GDPR reasons (personal data).
- Per-tenant: each tenant carries its own avatar. If you switch tenants, the other tenant uses its own (or the JWT picture / initials).
- Fallback chain: if no app avatar is set, the UI uses the HGE ID
pictureclaim (e.g. social-provider photo). If neither is available, it falls back to your initials in Uslimato Green. - Storage quota: avatar uploads count against your tenant's storage quota. If the upload would exceed your plan's storage limit, it is rejected with an error message.
Limits & safeguards
- Rate limit: a maximum of 10 profile updates per hour. After that, a waiting period is shown before further changes are allowed.
- Input validation: control characters are rejected; excess whitespace is trimmed; empty strings clear the field; values normalised to NFC.
- Audit log: every successful profile change is logged to the audit log. Avatar paths are intentionally not logged (privacy reasons).
Admin view — /users/:id
Admin users (or group members with users:manage) see an extended view with up to five tabs:
| Tab | Contents | Access |
|---|---|---|
| Info | Identity + role info + last login | All |
| Assets | Every asset currently assigned to the user | All |
| Permissions | Group membership + derived permission list | All |
| KPIs | Admin KPI snapshot (see below) | Admin only |
| Audit | The most recent 50 audit-log entries for this user | Admin only |
Non-admins never see the "KPIs" and "Audit" tabs — a manual attempt to access them is rejected server-side and snaps back to the Info tab on the client.
KPIs (admin)
This tab shows a quick snapshot of a user's activity:
- Assigned assets
- Movements (started)
- Tickets reported
- Tickets assigned
- Tickets closed
- First login
- Last login
All counts are tenant-isolated. ITSM numbers fall back to 0 when the tenant does not have ITSM licensed.
Audit (admin)
The 50 most recent audit entries where this user is the actor. Each entry shows:
- Timestamp
- Action (e.g. asset update, login)
- Entity (type + short ID)
- IP address (when captured)
Both admin tabs (KPIs and Audit) require the users:manage permission. All data is tenant-isolated — accessing users from other tenants is not possible.
Related topics
- User Management — list, import, provisioning
- Permissions & Groups — roles and
users:manage - Self-Service Portal — "My Workplace"