The page describes Sage's best practices for manipulating user profile data in the application. In general, we avoid updating the database directly when we can use APIs to perform the work.
If a Synapse user is unable to access their account, it may require administrator action to restore access. Changes to user profiles must be approved by ACT to ensure continuity of access restrictions. Specifically, if a user is locked out an administrative change to their primary email address can allow them to complete a password reset. This change requires meeting ACT's requirements for verifying identity.
Currently, Synapse will only allow the user to call the API that adds an email address to a their profile (for some function, this restriction can be overridden by administrators; this function is not one of them). To make this change, spoof the user's identity by using an API key or session token from the database to make this call.
TODO add specific API call . (In the interim, this approach can be used.)