Notify Administrators When a User Updates Personal Information

This guide explains how the new security enhancement works in the DiliTrust LEM module: admins can now receive an automatic notification whenever a user’s personal information is modified. This feature reinforces transparency, prevents fraudulent identity changes, and improves activity-tracking integrity.

✨ What This Feature Does

When enabled, the platform automatically notifies all tenant administrators whenever a user updates one of the following personal details:

• Name
• Surname
• Email address
• Phone number

Notifications are sent as:

• ? Email alerts
• ? In-app notifications

Each notification clearly displays:

• The administrator’s name
• The date and time of the update
• The user who made the change (the actor)
• The old → new values for each modified field

This behavior is defined in the official specification and localized in EN, FR, IT, ES, DE, and PT.

☝ Why This Matters

• ⭐ Reinforces personal data integrity by keeping admins aware of identity-sensitive modifications.
• ⭐ Prevents misuse such as attempting to falsify activity logs (actor identity is preserved in logs).
• ⭐ Improves security compliance with better visibility on profile changes.
• ⭐ Supports multi-tenant environments by notifying only the relevant tenants where the user exists.

This feature is confirmed and validated in the project documentation and Jira specification.

✋ How to Enable or Disable Notifications

Administrators can choose whether the tenant should receive these notifications. The setting must be enabled in the tenant security configuration.

When enabled:

• All administrators in that tenant receive notifications for any user updates hosted in that same tenant.

When disabled:

• No notification is sent to any admin in that tenant.

This ensures full tenant-level control and avoids unwanted notifications in cross-tenant scenarios.

✍ How the Notification Looks

The email content follows a standardized template, based on these specification:

• Greeting using the admin’s name and surname
• Date and timestamp of the change
• The user who performed the update
• A list of modified fields with old → new values
• Localized signature (“The DiliTrust team”)

Translations for EN, FR, IT, ES, DE, and PT are fully included in the specification and used automatically depending on the admin’s language.

⚡ Behavior in Multi-Tenant Environments

The platform ensures accurate and secure notification routing:

• Admins receive an email only if the user exists in their tenant.
• If notifications are disabled in a tenant, no admin from that tenant receives an email.
• Admins always see the —who performed the change—not the user being updated.

These behaviors were validated during QA testing and corrected where needed, as documented in the QA feedback section of the project file.

⏳ Limitations

The following limitations apply to this feature:

• ⚠️ Processing time: Notifications may require additional processing time when large volumes of data or many tenants/users are involved (as noted in project documentation).
• ⚠️ Email change rules: Email modification may be restricted depending on whether the user belongs to one or multiple tenants. This security rule remains unchanged.
• ⚠️ Notification content is fixed: Email and in-app message content is hard-coded for security reasons and cannot be customized.
• ⚠️ User does not receive a notification when an admin edits their profile — this feature only notifies admins.

⭕ Troubleshooting

Admins are not receiving notifications

• Check that notifications are enabled in the tenant.
• Verify that the user exists in the admin’s tenant.
• Confirm that the admin has a valid email address.

The email shows the wrong actor

QA identified and resolved an issue where the email displayed the updated user instead of the user performing the change. This fix is included in the release (see QA feedback in project plan) :contentReference[oaicite:4]{index=4}.

Admins receive notifications when they should not

This behavior has been corrected (cross-tenant misrouting issues identified and fixed in QA).

❓ FAQ

Does the user also receive a notification?

❌ No. Only tenant administrators receive notifications.

Are phone number changes included?

✔️ Yes — confirmed during security review and included in the final scope.

Is the feature available to all tenants?

✔️ Yes. Each tenant can independently enable or disable it.

Does this change permissions?

❌ No. It only adds visibility. Users keep their existing rights to modify their personal information (unless restricted by tenant rules).

⭐ Summary

This feature adds an important security layer to DiliTrust LEM by informing administrators whenever personal details are updated by any user. It enhances visibility, protects profile integrity, and ensures better auditing — especially in multi-tenant environments.

For more details, you may refer to the full project plan :contentReference[oaicite:6]{index=6} and the Jira specification.