Sync wiki from project files
@@ -6,4 +6,5 @@ This page is generated from repository and product-directory project files.
|
||||
|
||||
- [Repo-README](Repo-README) - `/mnt/DATA/git/govoplan-access/README.md`
|
||||
- [Repo-docs-ACCESS-MODULE-BOUNDARY](Repo-docs-ACCESS-MODULE-BOUNDARY) - `/mnt/DATA/git/govoplan-access/docs/ACCESS_MODULE_BOUNDARY.md`
|
||||
- [Repo-docs-IDENTITY-ACCOUNT-FUNCTION-MODEL](Repo-docs-IDENTITY-ACCOUNT-FUNCTION-MODEL) - `/mnt/DATA/git/govoplan-access/docs/IDENTITY_ACCOUNT_FUNCTION_MODEL.md`
|
||||
- [Repo-docs-OPENDESK-IDENTITY-BOUNDARY](Repo-docs-OPENDESK-IDENTITY-BOUNDARY) - `/mnt/DATA/git/govoplan-access/docs/OPENDESK_IDENTITY_BOUNDARY.md`
|
||||
|
||||
64
Repo-docs-IDENTITY-ACCOUNT-FUNCTION-MODEL.md
Normal file
64
Repo-docs-IDENTITY-ACCOUNT-FUNCTION-MODEL.md
Normal file
@@ -0,0 +1,64 @@
|
||||
<!-- codex-wiki-sync:563b1b7d950e185399744df6 -->
|
||||
|
||||
> Mirrored from `/mnt/DATA/git/govoplan-access/docs/IDENTITY_ACCOUNT_FUNCTION_MODEL.md`.
|
||||
> Origin: `repository`.
|
||||
> Active tasks and changing state belong in Gitea issues; this wiki page is durable project context.
|
||||
|
||||
---
|
||||
# Identity, Account, Function, Role, And Right Model
|
||||
|
||||
GovOPlaN access should distinguish identity facts from organizational
|
||||
responsibility and authorization decisions.
|
||||
|
||||
Directory services, identity providers, and IDM systems may authenticate people
|
||||
and provide membership facts. GovOPlaN access owns the platform projection used
|
||||
for sessions, tenant membership, groups, functions, roles, delegation, and
|
||||
permission decisions.
|
||||
|
||||
## Semantic Layers
|
||||
|
||||
- Identity: the real person, service, or external subject.
|
||||
- Account: the login or technical account used to authenticate.
|
||||
- Tenant membership: the person's participation in a tenant.
|
||||
- Organization unit: the administrative unit where responsibility applies.
|
||||
- Function: a responsibility held in an organization unit, such as case clerk,
|
||||
intake desk, treasurer, or committee secretary.
|
||||
- Role: a permission bundle or workflow authority attached to a function,
|
||||
group, or explicit assignment.
|
||||
- Right: the concrete scope or action permission evaluated at runtime.
|
||||
|
||||
The UI and API should avoid collapsing these layers into one generic group
|
||||
concept. Directory groups can feed mappings, but they should not silently become
|
||||
business authority without a governed mapping rule.
|
||||
|
||||
## Boundary
|
||||
|
||||
Access owns:
|
||||
|
||||
- account and tenant membership projection
|
||||
- groups, roles, function assignments, and delegation facts
|
||||
- permission decisions and explain responses
|
||||
- identity and membership change events
|
||||
- SCIM/OIDC/SAML/LDAP mapping effects when implemented
|
||||
|
||||
Access does not own:
|
||||
|
||||
- mailboxes, calendars, files, cases, tasks, or postboxes
|
||||
- module-specific ACL records beyond stable principal/group/role references
|
||||
- external provider internals except where they mutate access-owned state
|
||||
|
||||
## Required Explainability
|
||||
|
||||
Access decisions should be explainable in concrete terms:
|
||||
|
||||
- actor identity/account
|
||||
- tenant membership
|
||||
- organization unit
|
||||
- function assignment or group membership
|
||||
- role source
|
||||
- permission/right checked
|
||||
- delegation or system-actor context
|
||||
- policy or lock that changed the result
|
||||
|
||||
This shape is required for postbox role access, workflow actions, service
|
||||
directory personalization, delegated administration, and audit review.
|
||||
Reference in New Issue
Block a user