adelorenzo/konstruct
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add Phase 4 — RBAC with 3-tier roles and invitation flow

Browse Source 
Three roles: platform admin (full SaaS), customer admin (tenant-scoped),
customer operator (read-only). Email invitation flow for tenant user
onboarding. 6 new requirements (RBAC-01 through RBAC-06).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Adolfo Delorenzo
2026-03-24 12:40:43 -06:00
parent 0e0ea5fb66
commit 7252845455
4 changed files with 36 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.planning/REQUIREMENTS.md
View File

@@ -47,6 +47,15 @@ Requirements for beta-ready release. Each maps to roadmap phases.
- [x] **PRTA-05**: Operator can manage subscription plans and billing via Stripe integration
- [x] **PRTA-06**: Portal displays agent cost tracking and usage metrics per tenant
### RBAC & User Management
- [ ] **RBAC-01**: Platform admin role with full access to all tenants, agents, users, and platform settings
- [ ] **RBAC-02**: Customer admin role scoped to a single tenant with full control over agents, channels, billing, API keys, and user management
- [ ] **RBAC-03**: Customer operator role scoped to a single tenant with read-only access to agents, conversations, and usage dashboards
- [ ] **RBAC-04**: Customer admin can invite users (admin or operator) by email — invitee receives activation link to set password and enable access
- [ ] **RBAC-05**: Portal navigation, pages, and UI elements adapt based on user role (platform admin sees tenant picker, customer admin sees their tenant, operator sees read-only views)
- [ ] **RBAC-06**: API endpoints enforce role-based authorization — unauthorized actions return 403 Forbidden, not just hidden UI
## v2 Requirements
Deferred to future release. Tracked but not in current roadmap.
@@ -120,9 +129,16 @@ Which phases cover which requirements. Updated during roadmap creation.
| PRTA-04 | Phase 3 | Complete |
| PRTA-05 | Phase 3 | Complete |
| PRTA-06 | Phase 3 | Complete |
| RBAC-01 | Phase 4 | Pending |
| RBAC-02 | Phase 4 | Pending |
| RBAC-03 | Phase 4 | Pending |
| RBAC-04 | Phase 4 | Pending |
| RBAC-05 | Phase 4 | Pending |
| RBAC-06 | Phase 4 | Pending |
**Coverage:**
- v1 requirements: 25 total
- v1 requirements: 25 total (all complete)
- RBAC requirements: 6 total (Phase 4)
- Mapped to phases: 25
- Unmapped: 0