Access the Mind Measure Platform →
Operations
Operational Playbooks

Playbooks

Operational procedures and common tasks for managing the Mind Measure Core platform.

User Management

Onboard a University

  • Create Institution Record

    INSERT INTO institutions (name, slug) 
VALUES ('University Name', 'university-slug');

  • Configure Allowed Domains

    INSERT INTO allowed_domains (institution_id, domain) 
VALUES (institution_id, 'university.edu');

  • Set Up Admin User

    INSERT INTO memberships (user_id, institution_id, role) 
VALUES (admin_user_id, institution_id, 'admin');

  • Configure Institution Settings

    • Upload institution branding
    • Set up mental health resources
    • Configure assessment parameters
    • Set up notification preferences

Promote a User to Admin

  • Verify User Identity

    SELECT id, email FROM auth.users WHERE email = 'user@university.edu';

  • Update Membership Role

    UPDATE memberships 
SET role = 'admin' 
WHERE user_id = user_id AND institution_id = institution_id;

  • Grant Additional Permissions

    • Access to user management
    • Resource management capabilities
    • Reporting and analytics access
    • System configuration rights

  • Notify User

    • Send email confirmation
    • Provide admin dashboard access
    • Share admin documentation
    • Schedule training if needed

Promote a User to Superadmin

  • Verify Superuser Authority

    • Confirm authorization from system administrator
    • Document promotion reason
    • Update audit logs

  • Execute Promotion Function

    SELECT make_superuser_by_email('admin@mindmeasure.co.uk');

  • Verify Permissions

    SELECT * FROM memberships WHERE user_id = user_id AND role = 'superadmin';

  • Update Documentation

    • Record in admin user list
    • Update contact information
    • Notify other superadmins

System Administration

Rotate Keys

  • Generate New Keys

    # Generate new JWT secret
openssl rand -base64 32
 
# Generate new service role key
supabase gen keys

  • Update Environment Variables

    # Update production environment
SUPABASE_JWT_SECRET=new_jwt_secret
SUPABASE_SERVICE_ROLE_KEY=new_service_key

  • Restart Services

    # Restart Supabase services
supabase restart
 
# Restart application servers
npm run restart:prod

  • Verify Functionality

    • Test authentication
    • Verify API access
    • Check admin dashboard
    • Monitor error logs

Database Maintenance

  • Run Database Vacuum

    VACUUM ANALYZE;

  • Check Index Usage

    SELECT schemaname, tablename, attname, n_distinct, correlation
FROM pg_stats
WHERE schemaname = 'public'
ORDER BY tablename, attname;

  • Monitor Query Performance

    SELECT query, calls, total_time, mean_time
FROM pg_stat_statements
ORDER BY total_time DESC
LIMIT 10;

  • Update Statistics

    ANALYZE;

Backup and Recovery

  • Create Manual Backup

    # Create database dump
pg_dump -h db_host -U postgres -d mind_measure > backup_$(date +%Y%m%d).sql

  • Verify Backup Integrity

    # Test backup restoration
psql -h test_host -U postgres -d test_db < backup_file.sql

  • Test Recovery Procedure

    • Simulate data loss scenario
    • Restore from backup
    • Verify data integrity
    • Update recovery documentation

Security Operations

Incident Response

  • Initial Assessment

    • Identify security incident type
    • Assess potential impact
    • Document initial findings
    • Notify relevant stakeholders

  • Containment

    • Isolate affected systems
    • Preserve evidence
    • Prevent further damage
    • Implement temporary fixes

  • Investigation

    • Analyze logs and data
    • Identify attack vectors
    • Determine scope of compromise
    • Document findings

  • Recovery

    • Restore systems from clean backups
    • Implement security patches
    • Update security configurations
    • Monitor for recurring issues

  • Post-Incident

    • Conduct lessons learned review
    • Update security procedures
    • Implement additional safeguards
    • Report to relevant authorities

Access Review

  • User Access Audit

    SELECT u.email, m.role, i.name as institution
FROM auth.users u
JOIN memberships m ON u.id = m.user_id
JOIN institutions i ON m.institution_id = i.id
ORDER BY i.name, m.role;

  • Permission Validation

    • Review user roles and permissions
    • Verify access appropriateness
    • Document access decisions
    • Update access controls

  • Clean Up

    • Remove inactive users
    • Revoke unnecessary permissions
    • Update role assignments
    • Document changes

Monitoring and Alerting

Health Checks

  • Database Health

    SELECT 
  pg_database_size('mind_measure') as db_size,
  (SELECT count(*) FROM pg_stat_activity) as active_connections,
  (SELECT count(*) FROM pg_stat_activity WHERE state = 'active') as active_queries;

  • Application Health

    • Check API response times
    • Monitor error rates
    • Verify authentication flows
    • Test critical user journeys

  • Infrastructure Health

    • Server resource utilization
    • Network connectivity
    • Storage capacity
    • Backup status

Alert Configuration

  • Critical Alerts

    • Database connection failures
    • Authentication system down
    • High error rates
    • Security incidents

  • Warning Alerts

    • High resource utilization
    • Slow query performance
    • Backup failures
    • Unusual access patterns

  • Info Alerts

    • Successful deployments
    • Scheduled maintenance
    • User activity summaries
    • System updates

Deployment Procedures

Production Deployment

  • Pre-Deployment

    • Run full test suite
    • Verify staging environment
    • Review change documentation
    • Notify stakeholders

  • Deployment

    • Deploy to production
    • Monitor deployment logs
    • Verify functionality
    • Check error rates

  • Post-Deployment

    • Monitor system health
    • Verify user functionality
    • Check performance metrics
    • Document any issues

Rollback Procedures

  • Identify Rollback Need

    • Monitor error rates
    • Check user reports
    • Review system logs
    • Assess impact

  • Execute Rollback

    • Revert to previous version
    • Restore database if needed
    • Verify system stability
    • Notify users if necessary

  • Post-Rollback

    • Investigate root cause
    • Plan fix for next deployment
    • Update procedures
    • Document lessons learned

Compliance and Auditing

Data Privacy Compliance

  • GDPR Compliance

    • Data subject access requests
    • Right to deletion
    • Data portability
    • Consent management

  • HIPAA Compliance

    • Protected health information handling
    • Access controls
    • Audit trails
    • Breach notification

  • Institutional Privacy

    • Student data protection
    • FERPA compliance
    • Institutional policies
    • Data retention policies

Audit Procedures

  • Regular Audits

    • User access reviews
    • Data usage audits
    • Security configuration reviews
    • Compliance assessments

  • Audit Documentation

    • Audit findings
    • Remediation plans
    • Compliance status
    • Improvement recommendations

  • Audit Follow-up

    • Implement recommendations
    • Monitor compliance
    • Update procedures
    • Schedule next audit
OperationsCoding Standards