hs.hsadmin.ng/src/main/resources/db/changelog/273-hs-office-debitor-rbac.md

### hs_office_debitor RBAC Roles

```mermaid
flowchart TB;

subgraph bankaccount;
direction TB;

    %% oversimplified version for now
    %%   
    %% Beware: role:debitor.tenant should NOT be granted role:bankaccount.tenent
    %% because otherwise, later in the development,
    %% e.g. package admins could see the debitors bank account,
    %% except if we do NOT use the debitor in the hosting super module.

    %% role:bankaccount.owner        
    role:bankaccount.owner --> perm:bankaccount.*;
end;

subgraph debitor[" "];
direction TB;

    %% role:debitor.owner
    role:debitor.owner --> perm:debitor.*;
    role:debitor.owner --> role:bankaccount.owner;

    %% role:debitor.admin
    role:debitor.admin --> perm:debitor.edit;
    role:debitor.owner --> role:debitor.admin;

    %% role:debitor.tenant
        role:debitor.tenant --> perm:debitor.view;
    %% super-roles
        role:debitor.admin --> role:debitor.tenant;
        role:partner.admin --> role:debitor.tenant;
        role:person.admin --> role:debitor.tenant;
        role:contact.admin --> role:debitor.tenant;
    %% sub-roles
        role:debitor.tenant --> role:partner.tenant;
        role:debitor.tenant --> role:person.tenant;
        role:debitor.tenant --> role:contact.tenant;
end;

subgraph global;
direction TB;
    role:global.admin --> role:debitor.owner;
end;
        

```
adds HsOfficePartner 2022-10-03 11:09:36 +02:00			`### hs_office_debitor RBAC Roles`

			```mermaid
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`flowchart TB;`

			`subgraph bankaccount;`
			`direction TB;`

			`%% oversimplified version for now`
			`%%`
			`%% Beware: role:debitor.tenant should NOT be granted role:bankaccount.tenent`
			`%% because otherwise, later in the development,`
			`%% e.g. package admins could see the debitors bank account,`
			`%% except if we do NOT use the debitor in the hosting super module.`

			`%% role:bankaccount.owner`
			`role:bankaccount.owner --> perm:bankaccount.*;`
			`end;`

			`subgraph debitor[" "];`
			`direction TB;`

adds HsOfficePartner 2022-10-03 11:09:36 +02:00			`%% role:debitor.owner`
			`role:debitor.owner --> perm:debitor.*;`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`role:debitor.owner --> role:bankaccount.owner;`
adds HsOfficePartner 2022-10-03 11:09:36 +02:00
			`%% role:debitor.admin`
			`role:debitor.admin --> perm:debitor.edit;`
			`role:debitor.owner --> role:debitor.admin;`

			`%% role:debitor.tenant`
			`role:debitor.tenant --> perm:debitor.view;`
			`%% super-roles`
			`role:debitor.admin --> role:debitor.tenant;`
			`role:partner.admin --> role:debitor.tenant;`
			`role:person.admin --> role:debitor.tenant;`
			`role:contact.admin --> role:debitor.tenant;`
			`%% sub-roles`
			`role:debitor.tenant --> role:partner.tenant;`
			`role:debitor.tenant --> role:person.tenant;`
			`role:debitor.tenant --> role:contact.tenant;`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`end;`

			`subgraph global;`
			`direction TB;`
			`role:global.admin --> role:debitor.owner;`
			`end;`


adds HsOfficePartner 2022-10-03 11:09:36 +02:00			```