Summary

This document outlines the requirements for a Role-Based Access Control (RBAC) system that allows for granular control over permissions at the organization, team, and project level. These permissions enable the application to determine a user’s capabilities for a given resource.

TL;DR

• Every user is associated with an organization, either a default one created upon sign up or a pre-defined one they were invited to.
• Users have a single role used for their association with an organization. This role is associated with the individual permissions they have at the organization, team, and project level.
• Users are granted full CRUD permissions to their organization role for every organization and team they create.
• Roles do not define what actions users can execute. Permissions define users’ capabilities. Roles enable linking a user to multiple permissions across an organization.

Objectives

• Implement a RBAC system where users are assigned a single role per organization.
• Maintain granular control over permissions at the organization, team, and project levels.
• Ensure scalability and flexibility for future expansion of the system.

Data Model

Tables

• organizations: Stores organization details.
  • one-to-many : projects and teams
• teams: Enables grouping of organization users
  • one-to-one : organization
  • An organization can have many teams.