hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 1 Activity

cleanup scribbled+temp-documents

Browse Source
This commit is contained in:
Michael Hoennig 2024-03-28 09:25:08 +01:00
parent d236a7aca4
commit ca9a865019
10 changed files with 3 additions and 642 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
doc/rbac-schema-f.md → doc/ideas/rbac-schema-f.md
View File

2
doc/ideas/simplified-grant-structure.md
View File

@ -1,3 +1,5 @@
(this is just a scribbled idea, that's why it's still in German)
Ich habe mal wieder vom RBAC-System geträumt 🙈 Ok, im Halbschlaf darüber nachgedacht trifft es wohl besser. Und jetzt frage ich mich, ob wir viel zu kompliziert gedacht haben.
Bislang gingen wir ja davon aus, dass, wenn komplexe Entitäten (z.B. Partner) erzeugt werden, wir wir über den INSERT-Trigger den Rollen der verknüpften Entitäten (z.B. den Rollen der Personendaten des Partners) auch Rechte an den komplexeren Entitäten und umgekehrt geben müssen.

76
doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md
View File

@ -1,76 +0,0 @@
### all grants to membershipReferrer_canViewButNotUpdateRelatedMembership
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000113[hs_office_membership#M-1000113]
perm:SELECT:on:hs_office_membership#M-1000113{{SELECT
ref:b1b1192e-f2bf-4b9f-836b-90e98903bedc}}
role:hs_office_membership#M-1000113.referrer[referrer
ref:7c95cd77-a124-40ab-87f3-4cd2f33ad32f]
end
subgraph hs_office_partner#P-10001[hs_office_partner#P-10001]
perm:SELECT:on:hs_office_partner#P-10001{{SELECT
ref:74c87064-7e9b-4ead-9344-4f18ba246b80}}
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
perm:SELECT:on:hs_office_person#HostsharingeG{{SELECT
ref:38e63031-3245-4e57-b59d-b4f08334adec}}
role:hs_office_person#HostsharingeG.referrer[referrer
ref:b31417b9-6c56-4e79-93dd-c6c11a080370]
end
subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
perm:SELECT:on:hs_office_person#FirstGmbH{{SELECT
ref:5cbe42d4-e8d3-40e9-bddd-5635c151c57a}}
role:hs_office_person#FirstGmbH.referrer[referrer
ref:86a4ece0-087f-46ea-94b4-b1f3294ba356]
end
subgraph hs_office_contact#firstcontact[hs_office_contact#firstcontact]
perm:SELECT:on:hs_office_contact#firstcontact{{SELECT
ref:21cc5d9e-d98e-4953-a9e6-d33a5753876f}}
role:hs_office_contact#firstcontact.referrer[referrer
ref:ca3c3e01-fb66-465e-93ee-cbad0e5ee70e]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH{{SELECT
ref:b52dd840-289a-4c92-98a1-3ee629318608}}
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant[tenant
ref:d9395077-4c0b-44d6-924e-811041402abe]
end
role:hs_office_contact#firstcontact.referrer --> perm:SELECT:on:hs_office_contact#firstcontact
role:hs_office_membership#M-1000113.referrer --> perm:SELECT:on:hs_office_membership#M-1000113
role:hs_office_membership#M-1000113.referrer --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant
role:hs_office_person#FirstGmbH.referrer --> perm:SELECT:on:hs_office_person#FirstGmbH
role:hs_office_person#HostsharingeG.referrer --> perm:SELECT:on:hs_office_person#HostsharingeG
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_partner#P-10001
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_contact#firstcontact.referrer
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#FirstGmbH.referrer
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#HostsharingeG.referrer
```

2
doc/rbac.md
View File

@ -1,6 +1,6 @@
## *hsadmin-ng*'s Role-Based-Access-Management (RBAC)
The requirements of *hsadmin-ng* option table-m row- and column-level-security for read and write access to business-objects.
The requirements of *hsadmin-ng* include table-, row- and column-level-security for read and write access to business-objects.
More precisely, any access has to be controlled according to given rules depending on the accessing users, their roles and the accessed business-object.
Further, roles and business-objects are hierarchical.

105
doc/temp/coop-share-select.md
View File

@ -1,105 +0,0 @@
### all grants to coop-share-select
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000101[hs_office_membership#M-1000101]
role:hs_office_membership#M-1000101.admin[admin
ref:6a6eca16-878f-4daf-8814-71bfeef9d531]
role:hs_office_membership#M-1000101.owner[owner
ref:9899101f-f59a-4432-bb5f-85841f94e0b1]
role:hs_office_membership#M-1000101.referrer[referrer
ref:13d84099-cae3-4b9c-9f84-b0c4ca383f64]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:e36961c1-3250-4429-9c0f-b85d1d625e2f]
end
subgraph hs_office_coopsharestransaction#ref1000101-1[hs_office_coopsharestransaction#ref1000101-1]
perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1{{SELECT
ref:6e847eb3-3fb3-41f5-ab10-6aedbaa298e8}}
end
subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
role:hs_office_person#FirstGmbH.admin[admin
ref:54293c05-fbc4-45b6-b9f0-aab8705f2cf7]
role:hs_office_person#FirstGmbH.owner[owner
ref:599ae17d-862a-44fc-a7cc-4e0b40c5c785]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:0e110d55-665d-4994-85ed-986d3e890214]
role:hs_office_person#HostsharingeG.owner[owner
ref:b92395bf-e4f4-46e6-ad29-2289879171a2]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:e92b7f7f-20d4-4c89-a572-e0b2c59ed265]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent
ref:f42a648f-4474-47c7-bba8-9d1082cf76d7]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:776e5533-4630-4d55-957b-25ca16220324]
end
subgraph users[users]
user:person-FirstGmbH(person-FirstGmbH@example.com
ref:661ac654-7ed8-4723-a1c5-41d886cef684)
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:a0c798f6-ea35-4725-857e-0358dfd57b8e)
user:superuser-alex(superuser-alex@hostsharing.net
ref:0849f284-6379-4694-98a6-b777fa80a902)
user:superuser-fran(superuser-fran@hostsharing.net
ref:a780bed7-d970-4c04-8e78-85e33a28af91)
end
role:global#global.admin --> role:hs_office_person#FirstGmbH.owner
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000101.admin --> role:hs_office_membership#M-1000101.referrer
role:hs_office_membership#M-1000101.owner --> role:hs_office_membership#M-1000101.admin
role:hs_office_membership#M-1000101.referrer --> perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1
role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000101.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000101.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000101.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

71
doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md
View File

@ -1,71 +0,0 @@
### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
perm:DELETE:on:hs_office_membership#M-1000114{{DELETE
ref:5defb5eb-e9b1-4a1a-8476-a91be89a756f}}
role:hs_office_membership#M-1000114.owner[owner
ref:3da05812-0992-473c-ba8c-0e66ca33f039]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:c40db171-9d99-4feb-8d91-d9befb053373]
role:hs_office_person#HostsharingeG.owner[owner
ref:626f0656-d00e-471d-a145-72a96180d0d2]
end
subgraph users[users]
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272)
user:superuser-alex(superuser-alex@hostsharing.net
ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a)
user:superuser-fran(superuser-fran@hostsharing.net
ref:4740f067-13c8-4507-a9b8-c8469c476f5b)
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff]
end
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000114.owner --> perm:DELETE:on:hs_office_membership#M-1000114
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000114.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

101
doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md
View File

@ -1,101 +0,0 @@
### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-select
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
perm:SELECT:on:hs_office_membership#M-1000114{{SELECT
ref:296e0eae-f64c-43c5-818a-84674d7f9af6}}
role:hs_office_membership#M-1000114.admin[admin
ref:2e6a4161-6244-4414-9bee-0a059ed76e79]
role:hs_office_membership#M-1000114.owner[owner
ref:3da05812-0992-473c-ba8c-0e66ca33f039]
role:hs_office_membership#M-1000114.referrer[referrer
ref:fc27995b-e981-4dfe-9d6b-d9e824b1b5c2]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72]
end
subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
role:hs_office_person#FirstGmbH.admin[admin
ref:870be03d-84ff-4a77-bfe8-8aaab81ee923]
role:hs_office_person#FirstGmbH.owner[owner
ref:1ea6bff9-6d8f-4377-8cf9-7c11f00066e1]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:c40db171-9d99-4feb-8d91-d9befb053373]
role:hs_office_person#HostsharingeG.owner[owner
ref:626f0656-d00e-471d-a145-72a96180d0d2]
end
subgraph users[users]
user:person-FirstGmbH(person-FirstGmbH@example.com
ref:375cf977-3c7b-4590-9b5c-ea7a5f6af971)
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272)
user:superuser-alex(superuser-alex@hostsharing.net
ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a)
user:superuser-fran(superuser-fran@hostsharing.net
ref:4740f067-13c8-4507-a9b8-c8469c476f5b)
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent
ref:c949357d-2537-4646-9375-8f01c8ff41e4]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff]
end
role:global#global.admin --> role:hs_office_person#FirstGmbH.owner
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer
role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin
role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114
role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000114.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000114.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

79
doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md
View File

@ -1,79 +0,0 @@
### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
perm:SELECT:on:hs_office_membership#M-1000114{{SELECT
ref:9c63ac3a-6868-4295-9aa7-5050458660d0}}
role:hs_office_membership#M-1000114.admin[admin
ref:50d4ac22-73e0-4099-8d22-dfb8fbbc09c8]
role:hs_office_membership#M-1000114.owner[owner
ref:9d1cf21e-6fd3-4d63-9ad4-235aceae23ea]
role:hs_office_membership#M-1000114.referrer[referrer
ref:d27f9a49-9247-4439-a45a-ca220a86cf8f]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:ee4b7242-17ac-4116-b0ee-7047b3d8b5d9]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:47c7a3fd-4ccd-4502-b78e-35244041edba]
role:hs_office_person#HostsharingeG.owner[owner
ref:ed265996-7729-46f9-b179-e87a33505930]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:dd17fffe-15df-4df1-9457-363ffce49ee8]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:f6acdf0e-8a5b-4962-aeb8-880096717aee]
end
subgraph users[users]
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:5d19b678-9ba8-4f63-be72-5720faf32b96)
user:superuser-alex(superuser-alex@hostsharing.net
ref:4576db49-1670-43ec-aaf1-6439dc1e9b01)
user:superuser-fran(superuser-fran@hostsharing.net
ref:291e0d76-f70d-4cef-ba45-6fd630f1ae8d)
end
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer
role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin
role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000114.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

101
doc/temp/membership-select.md
View File

@ -1,101 +0,0 @@
### all grants to membership-select
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph global#global[global#global]
role:global#global.admin[admin
ref:d1900267-5848-4bed-851b-70bde78ea586]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:a4be908f-202f-412a-b25d-8bf42082ef86]
role:hs_office_person#HostsharingeG.owner[owner
ref:2032c07b-0227-4eb2-bcbf-8c417ef673c1]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin
ref:aa6dc584-7e50-4f9e-85ff-23792683802f]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent
ref:a8688860-53c3-45ff-92ce-9442d28d9196]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner
ref:d0fb0a29-f7f0-48f9-82be-151c4ea3f4ec]
end
subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG]
role:hs_office_person#ThirdOHG.admin[admin
ref:c8b186f5-17d0-460e-aa39-cca1f5f8404d]
role:hs_office_person#ThirdOHG.owner[owner
ref:a0ed218b-a0cf-417d-8f82-73eae57e67f8]
end
subgraph users[users]
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:cc50ddc1-a722-47d7-984f-3094877e4496)
user:person-ThirdOHG(person-ThirdOHG@example.com
ref:494c39a5-b410-4578-8d69-d026493c6731)
user:superuser-alex(superuser-alex@hostsharing.net
ref:a580e215-2243-4c7e-a9e3-169b237b86b4)
user:superuser-fran(superuser-fran@hostsharing.net
ref:ce6958ec-5e7a-4209-95b2-346c2eaaa22c)
end
subgraph hs_office_membership#M-1000303[hs_office_membership#M-1000303]
perm:SELECT:on:hs_office_membership#M-1000303{{SELECT
ref:a1eb00eb-3f0f-471c-bf97-ce415e6991ab}}
role:hs_office_membership#M-1000303.admin[admin
ref:a7eece29-79d1-4d41-beb8-2900b899e087]
role:hs_office_membership#M-1000303.owner[owner
ref:8eee38e9-7bb2-4ad7-b427-3999e1c66fd1]
role:hs_office_membership#M-1000303.referrer[referrer
ref:49506b45-aa23-495e-8938-e54b635691ae]
end
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_person#ThirdOHG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
role:hs_office_membership#M-1000303.admin --> role:hs_office_membership#M-1000303.referrer
role:hs_office_membership#M-1000303.owner --> role:hs_office_membership#M-1000303.admin
role:hs_office_membership#M-1000303.referrer --> perm:SELECT:on:hs_office_membership#M-1000303
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_membership#M-1000303.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_membership#M-1000303.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000303.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
user:superuser-fran --> role:global#global.admin
```

108
doc/temp/partner-updated.md
View File

@ -1,108 +0,0 @@
### all grants to partner-updated
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
flowchart TB
subgraph global#global[global#global]
role:global#global.admin[admin
ref:b7a0455f-4704-41f5-8ddc-70692bc46c01]
end
subgraph hs_office_partner#P-20036[hs_office_partner#P-20036]
perm:SELECT:on:hs_office_partner#P-20036{{SELECT
ref:da2165d9-fb71-46ed-87bc-fed19e5de092}}
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin
ref:dbefd579-063d-4e06-a9c4-e7ab27288dea]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent
ref:3cd435a3-9f4f-4acc-a035-f781329db167]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner
ref:4438ef8f-1fad-4a46-b562-3bdac51b7932]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant[tenant
ref:14d138a2-1142-4ae8-b089-a8659654dcc5]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:fb52b042-8204-4f96-86c7-ebf7e215aba4]
role:hs_office_person#HostsharingeG.owner[owner
ref:1483555f-72af-40fc-bfed-5c9d13304d94]
end
subgraph hs_office_contact#sixthcontact[hs_office_contact#sixthcontact]
role:hs_office_contact#sixthcontact.admin[admin
ref:3bb16898-f7f4-4dc3-9a45-8756462cc246]
role:hs_office_contact#sixthcontact.owner[owner
ref:625707ee-ef28-4e38-8be5-e0126158f86f]
end
subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG]
role:hs_office_person#ThirdOHG.admin[admin
ref:eccc1981-a813-4d6b-95cd-33ea310b1e8f]
role:hs_office_person#ThirdOHG.owner[owner
ref:bffe1bc4-5a28-4bb5-8008-1d9189eed0dd]
end
subgraph users[users]
user:contact-admin(contact-admin@sixthcontact.example.com
ref:4781a32f-7e5b-436f-8fa0-724cc1b8d74a)
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:e5f21c56-448f-4e69-8421-ad92439ea2db)
user:person-ThirdOHG(person-ThirdOHG@example.com
ref:92c46960-abce-4763-9b10-d6682abed8ff)
user:superuser-alex(superuser-alex@hostsharing.net
ref:bd7ba8ed-57cb-40e0-ab8a-c897f107bddc)
user:superuser-fran(superuser-fran@hostsharing.net
ref:5800fee5-7919-4ef8-9ff8-353f1159925a)
end
role:global#global.admin --> role:hs_office_contact#sixthcontact.owner
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_person#ThirdOHG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
role:hs_office_contact#sixthcontact.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
role:hs_office_contact#sixthcontact.owner --> role:hs_office_contact#sixthcontact.admin
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant --> perm:SELECT:on:hs_office_partner#P-20036
user:contact-admin --> role:hs_office_contact#sixthcontact.owner
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
user:superuser-fran --> role:global#global.admin
```