docs(adr-0025): promote to accepted + sync persona matrix with test tenant #205
Reference in New Issue
Block a user
Delete Branch "docs/adr-0025-accepted"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
ADR-0025 was merged as
proposedin #201. The test tenant (apfrd.onmicrosoft.com) has since been provisioned with the full role / user matrix — 4 privileges + 24 security groups + 19 users with all assignments per the persona table. The ADR is now the implementation reference, so this PR:proposedtoaccepted.notes/test-tenant-role-assignments.mdandnotes/entra-group-members.md).CLAUDE.mdroll-up.No code changes. No implementation skeleton — that lands in the next PR (proposed:
feat(libs/feature/auth): authorization types + Principal builder skeleton).What lands
docs/decisions/0025-authorization-model-privileges-roles-scopes.mdstatus: proposed → accepted; privilege catalogue extended from 1 to 4 entries; persona matrix rewritten from 10 to 19 entries; newProvisioned in the test tenant (2026-05-20)subsection capturing the four app-role GUIDs.docs/decisions/README.mdproposed → accepted.CLAUDE.md0001 → 0024 accepted→0001 → 0025 accepted; Architecture list grows an "Authorization model" bullet.The two operator-facing notes files (
notes/test-tenant-role-assignments.md,notes/entra-group-members.md) are gitignored and unchanged — they served their purpose during tenant provisioning and remain as runbooks.Notes for the reviewer
Portal.Adminas the sole v1 entry and listed the other three under "anticipated near-future entries". The test tenant has all four; the catalogue should match. The three new entries are explicitly marked "provisioned; consumer surface deferred" so a reader does not look for non-existent surfaces.apf-role-partenairestays empty in v1. Placeholder per the original ADR; no consuming surface to test against. The group exists in Entra so the schema is locked, but a user assignment without a guard to exercise would be theatre. The first partner-facing feature adds the user.infra/test-tenant.entra.jsononce the implementation PR creates it — referenced by name only inlibs/feature/auth/src/lib/entra-group-to-role.ts.prettier --writedamage. The persona matrix is a wide table; Prettier sometimes reflows wide markdown tables. The diff is clean — Prettier left the table intact on this run.Test plan
prettier --check docs/decisions/0025-authorization-model-privileges-roles-scopes.md— passes (hook ran on commit).0020, references to other ADRs unchanged).docs/decisions/README.mdreflectsaccepted.CLAUDE.mdroll-up line + Architecture list updated; no other instances of "0024" needed bumping.notes/role-user.txt).What's next
With ADR-0025 accepted, the implementation phasing recorded in its
§More Informationopens:libs/feature/authextension :authorization.types.ts(catalogue constants for the 4 privileges + 24 functional roles + 6 scope kinds),entra-group-to-role.ts(slug map skeleton with placeholder GUIDs ; the operator drops real GUIDs intoinfra/test-tenant.entra.jsonseparately),Principalbuilder hook on the OIDC callback, no new guards yet.@RequireRole+@RequireScopedecorators + guard tests : real composition tests against the 19 personas.@RequireRole('...')literal in code is in the catalogue.prisma/seed.tsforuser_scopes: depends on thePerson+Userschema (proposed ADR-0026).