Account – Settings – Roles
- Path:
/account/settings/roles(TBD) - Parent:
settings.md
Purpose (business goal)
Section titled “Purpose (business goal)”Define and manage role bundles used across the org/workspaces.
User roles & permissions
Section titled “User roles & permissions”- Org Admin
- Permissions:
roles.manage(TBD)
Reference: Roles & Permissions Model
Layout structure
Section titled “Layout structure”- Role list
- Role detail editor (permissions matrix)
Components used
Section titled “Components used”TBD
States
Section titled “States”- Empty: no custom roles
- Loading: fetch roles
- Error: unauthorized / validation errors
- Complete: roles managed
Business logic (high-level)
Section titled “Business logic (high-level)”- Roles map to permissions; changes require audit.
Domain refs: Roles & Permissions Model
API dependencies
Section titled “API dependencies”GET /rolesPOST /rolesPUT /roles/{id}
Enterprise constraints
Section titled “Enterprise constraints”- Role changes have org-wide blast radius; enforce least-privilege workflows and approvals (TBD).
- Prevent privilege escalation and ensure changes are auditable and attributable.
Edge cases
Section titled “Edge cases”- Role is in use by users/workspaces; deletion/disable behavior is TBD.
- Concurrent edits to the same role; conflict resolution is TBD.
Security & compliance considerations
Section titled “Security & compliance considerations”- Prevent privilege escalation; audit role edits
Reference: Security & Compliance
Analytics events (if applicable)
Section titled “Analytics events (if applicable)”TBD
Reference: Analytics Events (MVP)