docs(adr-0025): authorization model — privileges × roles × scopes
CI / a11y (pull_request) Successful in 3m22s
Docs site / build (pull_request) Successful in 3m29s
CI / perf (pull_request) Successful in 6m35s
CI / scan (pull_request) Successful in 3m10s
CI / commits (pull_request) Successful in 3m26s
CI / check (pull_request) Successful in 3m37s
CI / a11y (pull_request) Successful in 3m22s
Docs site / build (pull_request) Successful in 3m29s
CI / perf (pull_request) Successful in 6m35s
CI / scan (pull_request) Successful in 3m10s
CI / commits (pull_request) Successful in 3m26s
CI / check (pull_request) Successful in 3m37s
Proposes a three-orthogonal-axis authorization model: - Privileges (Entra app roles): coarse portal-level capabilities. v1 catalogue ships one entry, Portal.Admin. - Functional roles (Entra security groups mapped to a curated slug catalogue): what someone does in APF. 22 v1 entries grouped into workforce / governance / volunteer / external. - Scopes (apf_portal-side user_scopes table, future Pléiades feed): where a role applies. 6 v1 kinds (self / etablissement / delegation / region / siege / unrestricted). Replaces stargate's linear hierarchy (Admin ⊃ Directeur ⊃ RH ⊃ Collaborateur) which conflated portal privilege with business role and ignored geographic scope entirely. Specifies the Entra-side setup (one app role + one security group per functional role), the Principal shape consumed by portal guards, and the deterministic projection to ADR-0024's flat-roles[] AI-service contract. Ten test-tenant personas documented for the user to provision in the freshly available test tenant. Status: proposed. Implementation phasing recorded in §"More Information" — types + Principal builder, guards, drift CI gate, test-tenant seed, in that order.
This commit is contained in:
@@ -68,3 +68,4 @@ ADRs are listed in numerical order. To slice by topic, filter on the `Tags` colu
|
||||
| [0022](0022-docs-site-vitepress.md) | Documentation site — VitePress + Mermaid plugin, separate static deployment | accepted | `process`, `infrastructure` | 2026-05-15 |
|
||||
| [0023](0023-charts-d3-observable-plot.md) | Charts + dashboards — D3 + Observable Plot wrapped in `libs/shared/charts` | accepted | `frontend`, `accessibility`, `performance` | 2026-05-16 |
|
||||
| [0024](0024-ai-service-relay-grpc-sse-bridge.md) | AI service relay — vendored gRPC protos, NestJS gRPC client, SSE bridge to the SPA, POC unsigned principal | accepted | `backend`, `security`, `observability` | 2026-05-19 |
|
||||
| [0025](0025-authorization-model-privileges-roles-scopes.md) | Authorization model — three orthogonal axes (privileges × functional roles × scopes), Entra-backed | proposed | `security`, `backend`, `data` | 2026-05-20 |
|
||||
|
||||
Reference in New Issue
Block a user