Commit Graph

1 Commits

Author SHA1 Message Date
Julien Gautier a7dfd83571 docs(adr-0025): authorization model — privileges × roles × scopes
CI / a11y (pull_request) Successful in 3m22s
Docs site / build (pull_request) Successful in 3m29s
CI / perf (pull_request) Successful in 6m35s
CI / scan (pull_request) Successful in 3m10s
CI / commits (pull_request) Successful in 3m26s
CI / check (pull_request) Successful in 3m37s
Proposes a three-orthogonal-axis authorization model:

- Privileges (Entra app roles): coarse portal-level capabilities.
  v1 catalogue ships one entry, Portal.Admin.
- Functional roles (Entra security groups mapped to a curated
  slug catalogue): what someone does in APF. 22 v1 entries grouped
  into workforce / governance / volunteer / external.
- Scopes (apf_portal-side user_scopes table, future Pléiades
  feed): where a role applies. 6 v1 kinds (self / etablissement /
  delegation / region / siege / unrestricted).

Replaces stargate's linear hierarchy (Admin ⊃ Directeur ⊃ RH ⊃
Collaborateur) which conflated portal privilege with business
role and ignored geographic scope entirely.

Specifies the Entra-side setup (one app role + one security
group per functional role), the Principal shape consumed by
portal guards, and the deterministic projection to ADR-0024's
flat-roles[] AI-service contract. Ten test-tenant personas
documented for the user to provision in the freshly available
test tenant.

Status: proposed. Implementation phasing recorded in §"More
Information" — types + Principal builder, guards, drift CI gate,
test-tenant seed, in that order.
2026-05-20 16:52:15 +02:00