Proposes a three-orthogonal-axis authorization model:
- Privileges (Entra app roles): coarse portal-level capabilities.
v1 catalogue ships one entry, Portal.Admin.
- Functional roles (Entra security groups mapped to a curated
slug catalogue): what someone does in APF. 22 v1 entries grouped
into workforce / governance / volunteer / external.
- Scopes (apf_portal-side user_scopes table, future Pléiades
feed): where a role applies. 6 v1 kinds (self / etablissement /
delegation / region / siege / unrestricted).
Replaces stargate's linear hierarchy (Admin ⊃ Directeur ⊃ RH ⊃
Collaborateur) which conflated portal privilege with business
role and ignored geographic scope entirely.
Specifies the Entra-side setup (one app role + one security
group per functional role), the Principal shape consumed by
portal guards, and the deterministic projection to ADR-0024's
flat-roles[] AI-service contract. Ten test-tenant personas
documented for the user to provision in the freshly available
test tenant.
Status: proposed. Implementation phasing recorded in §"More
Information" — types + Principal builder, guards, drift CI gate,
test-tenant seed, in that order.