Skip to content
⌘K
Stub sessionsuper admin

Access Control

Role lattice × permission scopes. Deny by default — an absent grant is a refusal.

4 roles · 10 scopes
4 roles × 10 scopescoreARLEGIS CORElegalARTONfinanceARLEGIS CORE
users:adminaudit:readaccess:admintelemetry:readdirectory:admindata:adminanalytics:readbilling:adminrevenue:readsubscriptions:admin
super admin10/10 scopes
legal admin3/10 scopes
finance admin3/10 scopes
auditor4/10 scopes
granted directlyinherited from the role latticeempty — denied by default

The lattice is code-owned in @arlegis/domain-registry and versioned through git. Database-backed per-user grants and editing land with the entitlement wave; this matrix is the authoritative read.