From ca9a86501982dc1ea6ca14c1c33a9ba47deff314 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Thu, 28 Mar 2024 09:25:08 +0100
Subject: [PATCH] cleanup scribbled+temp-documents

---
 doc/{ => ideas}/rbac-schema-f.md              |   0
 doc/ideas/simplified-grant-structure.md       |   2 +
 ...er_canViewButNotUpdateRelatedMembership.md |  76 ------------
 doc/rbac.md                                   |   2 +-
 doc/temp/coop-share-select.md                 | 105 -----------------
 ...nNotDeleteTheirRelatedMembership-delete.md |  71 ------------
 ...nNotDeleteTheirRelatedMembership-select.md | 101 ----------------
 ...gent_canNotDeleteTheirRelatedMembership.md |  79 -------------
 doc/temp/membership-select.md                 | 101 ----------------
 doc/temp/partner-updated.md                   | 108 ------------------
 10 files changed, 3 insertions(+), 642 deletions(-)
 rename doc/{ => ideas}/rbac-schema-f.md (100%)
 delete mode 100644 doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md
 delete mode 100644 doc/temp/coop-share-select.md
 delete mode 100644 doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md
 delete mode 100644 doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md
 delete mode 100644 doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md
 delete mode 100644 doc/temp/membership-select.md
 delete mode 100644 doc/temp/partner-updated.md

diff --git a/doc/rbac-schema-f.md b/doc/ideas/rbac-schema-f.md
similarity index 100%
rename from doc/rbac-schema-f.md
rename to doc/ideas/rbac-schema-f.md
diff --git a/doc/ideas/simplified-grant-structure.md b/doc/ideas/simplified-grant-structure.md
index 4ed68593..6d89897a 100644
--- a/doc/ideas/simplified-grant-structure.md
+++ b/doc/ideas/simplified-grant-structure.md
@@ -1,3 +1,5 @@
+(this is just a scribbled idea, that's why it's still in German)
+
 Ich habe mal wieder vom RBAC-System geträumt 🙈 Ok, im Halbschlaf darüber nachgedacht trifft es wohl besser. Und jetzt frage ich mich, ob wir viel zu kompliziert gedacht haben.
 
 Bislang gingen wir ja davon aus, dass, wenn komplexe Entitäten (z.B. Partner) erzeugt werden, wir wir über den INSERT-Trigger den Rollen der verknüpften Entitäten (z.B. den Rollen der Personendaten des Partners) auch Rechte an den komplexeren Entitäten und umgekehrt geben müssen.
diff --git a/doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md b/doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md
deleted file mode 100644
index 50e770e6..00000000
--- a/doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md
+++ /dev/null
@@ -1,76 +0,0 @@
-### all grants to membershipReferrer_canViewButNotUpdateRelatedMembership
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-%% too many grants, graph is cropped
-flowchart TB
-
-subgraph hs_office_membership#M-1000113[hs_office_membership#M-1000113]
-
-    perm:SELECT:on:hs_office_membership#M-1000113{{SELECT
-    ref:b1b1192e-f2bf-4b9f-836b-90e98903bedc}}
-
-    role:hs_office_membership#M-1000113.referrer[referrer
-    ref:7c95cd77-a124-40ab-87f3-4cd2f33ad32f]
-
-end
-
-subgraph hs_office_partner#P-10001[hs_office_partner#P-10001]
-
-    perm:SELECT:on:hs_office_partner#P-10001{{SELECT
-    ref:74c87064-7e9b-4ead-9344-4f18ba246b80}}
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    perm:SELECT:on:hs_office_person#HostsharingeG{{SELECT
-    ref:38e63031-3245-4e57-b59d-b4f08334adec}}
-
-    role:hs_office_person#HostsharingeG.referrer[referrer
-    ref:b31417b9-6c56-4e79-93dd-c6c11a080370]
-
-end
-
-subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
-
-    perm:SELECT:on:hs_office_person#FirstGmbH{{SELECT
-    ref:5cbe42d4-e8d3-40e9-bddd-5635c151c57a}}
-
-    role:hs_office_person#FirstGmbH.referrer[referrer
-    ref:86a4ece0-087f-46ea-94b4-b1f3294ba356]
-
-end
-
-subgraph hs_office_contact#firstcontact[hs_office_contact#firstcontact]
-
-    perm:SELECT:on:hs_office_contact#firstcontact{{SELECT
-    ref:21cc5d9e-d98e-4953-a9e6-d33a5753876f}}
-
-    role:hs_office_contact#firstcontact.referrer[referrer
-    ref:ca3c3e01-fb66-465e-93ee-cbad0e5ee70e]
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
-
-    perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH{{SELECT
-    ref:b52dd840-289a-4c92-98a1-3ee629318608}}
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant[tenant
-    ref:d9395077-4c0b-44d6-924e-811041402abe]
-
-end
-
-role:hs_office_contact#firstcontact.referrer --> perm:SELECT:on:hs_office_contact#firstcontact
-role:hs_office_membership#M-1000113.referrer --> perm:SELECT:on:hs_office_membership#M-1000113
-role:hs_office_membership#M-1000113.referrer --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant
-role:hs_office_person#FirstGmbH.referrer --> perm:SELECT:on:hs_office_person#FirstGmbH
-role:hs_office_person#HostsharingeG.referrer --> perm:SELECT:on:hs_office_person#HostsharingeG
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_partner#P-10001
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_contact#firstcontact.referrer
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#FirstGmbH.referrer
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#HostsharingeG.referrer
-```
diff --git a/doc/rbac.md b/doc/rbac.md
index 2f4a27af..2de4d4bb 100644
--- a/doc/rbac.md
+++ b/doc/rbac.md
@@ -1,6 +1,6 @@
 ## *hsadmin-ng*'s Role-Based-Access-Management (RBAC)
 
-The requirements of *hsadmin-ng* option table-m row- and column-level-security for read and write access to business-objects.
+The requirements of *hsadmin-ng* include table-, row- and column-level-security for read and write access to business-objects.
 More precisely, any access has to be controlled according to given rules depending on the accessing users, their roles and the accessed business-object.
 Further, roles and business-objects are hierarchical.
 
diff --git a/doc/temp/coop-share-select.md b/doc/temp/coop-share-select.md
deleted file mode 100644
index 23a80d3b..00000000
--- a/doc/temp/coop-share-select.md
+++ /dev/null
@@ -1,105 +0,0 @@
-### all grants to coop-share-select
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-%% too many grants, graph is cropped
-flowchart TB
-
-subgraph hs_office_membership#M-1000101[hs_office_membership#M-1000101]
-
-    role:hs_office_membership#M-1000101.admin[admin
-    ref:6a6eca16-878f-4daf-8814-71bfeef9d531]
-
-    role:hs_office_membership#M-1000101.owner[owner
-    ref:9899101f-f59a-4432-bb5f-85841f94e0b1]
-
-    role:hs_office_membership#M-1000101.referrer[referrer
-    ref:13d84099-cae3-4b9c-9f84-b0c4ca383f64]
-
-end
-
-subgraph global#global[global#global]
-
-    role:global#global.admin[admin
-    ref:e36961c1-3250-4429-9c0f-b85d1d625e2f]
-
-end
-
-subgraph hs_office_coopsharestransaction#ref1000101-1[hs_office_coopsharestransaction#ref1000101-1]
-
-    perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1{{SELECT
-    ref:6e847eb3-3fb3-41f5-ab10-6aedbaa298e8}}
-
-end
-
-subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
-
-    role:hs_office_person#FirstGmbH.admin[admin
-    ref:54293c05-fbc4-45b6-b9f0-aab8705f2cf7]
-
-    role:hs_office_person#FirstGmbH.owner[owner
-    ref:599ae17d-862a-44fc-a7cc-4e0b40c5c785]
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    role:hs_office_person#HostsharingeG.admin[admin
-    ref:0e110d55-665d-4994-85ed-986d3e890214]
-
-    role:hs_office_person#HostsharingeG.owner[owner
-    ref:b92395bf-e4f4-46e6-ad29-2289879171a2]
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
-    ref:e92b7f7f-20d4-4c89-a572-e0b2c59ed265]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent
-    ref:f42a648f-4474-47c7-bba8-9d1082cf76d7]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
-    ref:776e5533-4630-4d55-957b-25ca16220324]
-
-end
-
-subgraph users[users]
-
-    user:person-FirstGmbH(person-FirstGmbH@example.com
-    ref:661ac654-7ed8-4723-a1c5-41d886cef684)
-
-    user:person-HostsharingeG(person-HostsharingeG@example.com
-    ref:a0c798f6-ea35-4725-857e-0358dfd57b8e)
-
-    user:superuser-alex(superuser-alex@hostsharing.net
-    ref:0849f284-6379-4694-98a6-b777fa80a902)
-
-    user:superuser-fran(superuser-fran@hostsharing.net
-    ref:a780bed7-d970-4c04-8e78-85e33a28af91)
-
-end
-
-role:global#global.admin --> role:hs_office_person#FirstGmbH.owner
-role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
-role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-role:hs_office_membership#M-1000101.admin --> role:hs_office_membership#M-1000101.referrer
-role:hs_office_membership#M-1000101.owner --> role:hs_office_membership#M-1000101.admin
-role:hs_office_membership#M-1000101.referrer --> perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1
-role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
-role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin
-role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000101.owner
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000101.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner
-user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
-user:superuser-alex --> role:global#global.admin
-user:superuser-alex --> role:hs_office_membership#M-1000101.owner
-user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-user:superuser-fran --> role:global#global.admin
-```
diff --git a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md
deleted file mode 100644
index 7296d693..00000000
--- a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md
+++ /dev/null
@@ -1,71 +0,0 @@
-### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-%% too many grants, graph is cropped
-flowchart TB
-
-subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
-
-    perm:DELETE:on:hs_office_membership#M-1000114{{DELETE
-    ref:5defb5eb-e9b1-4a1a-8476-a91be89a756f}}
-
-    role:hs_office_membership#M-1000114.owner[owner
-    ref:3da05812-0992-473c-ba8c-0e66ca33f039]
-
-end
-
-subgraph global#global[global#global]
-
-    role:global#global.admin[admin
-    ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72]
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    role:hs_office_person#HostsharingeG.admin[admin
-    ref:c40db171-9d99-4feb-8d91-d9befb053373]
-
-    role:hs_office_person#HostsharingeG.owner[owner
-    ref:626f0656-d00e-471d-a145-72a96180d0d2]
-
-end
-
-subgraph users[users]
-
-    user:person-HostsharingeG(person-HostsharingeG@example.com
-    ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272)
-
-    user:superuser-alex(superuser-alex@hostsharing.net
-    ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a)
-
-    user:superuser-fran(superuser-fran@hostsharing.net
-    ref:4740f067-13c8-4507-a9b8-c8469c476f5b)
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
-    ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
-    ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff]
-
-end
-
-role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
-role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-role:hs_office_membership#M-1000114.owner --> perm:DELETE:on:hs_office_membership#M-1000114
-role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
-user:superuser-alex --> role:global#global.admin
-user:superuser-alex --> role:hs_office_membership#M-1000114.owner
-user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-user:superuser-fran --> role:global#global.admin
-```
diff --git a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md
deleted file mode 100644
index 95ee82ce..00000000
--- a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md
+++ /dev/null
@@ -1,101 +0,0 @@
-### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-select
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-%% too many grants, graph is cropped
-flowchart TB
-
-subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
-
-    perm:SELECT:on:hs_office_membership#M-1000114{{SELECT
-    ref:296e0eae-f64c-43c5-818a-84674d7f9af6}}
-
-    role:hs_office_membership#M-1000114.admin[admin
-    ref:2e6a4161-6244-4414-9bee-0a059ed76e79]
-
-    role:hs_office_membership#M-1000114.owner[owner
-    ref:3da05812-0992-473c-ba8c-0e66ca33f039]
-
-    role:hs_office_membership#M-1000114.referrer[referrer
-    ref:fc27995b-e981-4dfe-9d6b-d9e824b1b5c2]
-
-end
-
-subgraph global#global[global#global]
-
-    role:global#global.admin[admin
-    ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72]
-
-end
-
-subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
-
-    role:hs_office_person#FirstGmbH.admin[admin
-    ref:870be03d-84ff-4a77-bfe8-8aaab81ee923]
-
-    role:hs_office_person#FirstGmbH.owner[owner
-    ref:1ea6bff9-6d8f-4377-8cf9-7c11f00066e1]
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    role:hs_office_person#HostsharingeG.admin[admin
-    ref:c40db171-9d99-4feb-8d91-d9befb053373]
-
-    role:hs_office_person#HostsharingeG.owner[owner
-    ref:626f0656-d00e-471d-a145-72a96180d0d2]
-
-end
-
-subgraph users[users]
-
-    user:person-FirstGmbH(person-FirstGmbH@example.com
-    ref:375cf977-3c7b-4590-9b5c-ea7a5f6af971)
-
-    user:person-HostsharingeG(person-HostsharingeG@example.com
-    ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272)
-
-    user:superuser-alex(superuser-alex@hostsharing.net
-    ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a)
-
-    user:superuser-fran(superuser-fran@hostsharing.net
-    ref:4740f067-13c8-4507-a9b8-c8469c476f5b)
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
-    ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent
-    ref:c949357d-2537-4646-9375-8f01c8ff41e4]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
-    ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff]
-
-end
-
-role:global#global.admin --> role:hs_office_person#FirstGmbH.owner
-role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
-role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer
-role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin
-role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114
-role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
-role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin
-role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000114.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner
-user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
-user:superuser-alex --> role:global#global.admin
-user:superuser-alex --> role:hs_office_membership#M-1000114.owner
-user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-user:superuser-fran --> role:global#global.admin
-```
diff --git a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md
deleted file mode 100644
index 4dac220b..00000000
--- a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md
+++ /dev/null
@@ -1,79 +0,0 @@
-### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-%% too many grants, graph is cropped
-flowchart TB
-
-subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
-
-    perm:SELECT:on:hs_office_membership#M-1000114{{SELECT
-    ref:9c63ac3a-6868-4295-9aa7-5050458660d0}}
-
-    role:hs_office_membership#M-1000114.admin[admin
-    ref:50d4ac22-73e0-4099-8d22-dfb8fbbc09c8]
-
-    role:hs_office_membership#M-1000114.owner[owner
-    ref:9d1cf21e-6fd3-4d63-9ad4-235aceae23ea]
-
-    role:hs_office_membership#M-1000114.referrer[referrer
-    ref:d27f9a49-9247-4439-a45a-ca220a86cf8f]
-
-end
-
-subgraph global#global[global#global]
-
-    role:global#global.admin[admin
-    ref:ee4b7242-17ac-4116-b0ee-7047b3d8b5d9]
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    role:hs_office_person#HostsharingeG.admin[admin
-    ref:47c7a3fd-4ccd-4502-b78e-35244041edba]
-
-    role:hs_office_person#HostsharingeG.owner[owner
-    ref:ed265996-7729-46f9-b179-e87a33505930]
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
-    ref:dd17fffe-15df-4df1-9457-363ffce49ee8]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
-    ref:f6acdf0e-8a5b-4962-aeb8-880096717aee]
-
-end
-
-subgraph users[users]
-
-    user:person-HostsharingeG(person-HostsharingeG@example.com
-    ref:5d19b678-9ba8-4f63-be72-5720faf32b96)
-
-    user:superuser-alex(superuser-alex@hostsharing.net
-    ref:4576db49-1670-43ec-aaf1-6439dc1e9b01)
-
-    user:superuser-fran(superuser-fran@hostsharing.net
-    ref:291e0d76-f70d-4cef-ba45-6fd630f1ae8d)
-
-end
-
-role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
-role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer
-role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin
-role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114
-role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
-role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
-user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
-user:superuser-alex --> role:global#global.admin
-user:superuser-alex --> role:hs_office_membership#M-1000114.owner
-user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
-user:superuser-fran --> role:global#global.admin
-```
diff --git a/doc/temp/membership-select.md b/doc/temp/membership-select.md
deleted file mode 100644
index e5a643bd..00000000
--- a/doc/temp/membership-select.md
+++ /dev/null
@@ -1,101 +0,0 @@
-### all grants to membership-select
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-%% too many grants, graph is cropped
-flowchart TB
-
-subgraph global#global[global#global]
-
-    role:global#global.admin[admin
-    ref:d1900267-5848-4bed-851b-70bde78ea586]
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    role:hs_office_person#HostsharingeG.admin[admin
-    ref:a4be908f-202f-412a-b25d-8bf42082ef86]
-
-    role:hs_office_person#HostsharingeG.owner[owner
-    ref:2032c07b-0227-4eb2-bcbf-8c417ef673c1]
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin
-    ref:aa6dc584-7e50-4f9e-85ff-23792683802f]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent
-    ref:a8688860-53c3-45ff-92ce-9442d28d9196]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner
-    ref:d0fb0a29-f7f0-48f9-82be-151c4ea3f4ec]
-
-end
-
-subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG]
-
-    role:hs_office_person#ThirdOHG.admin[admin
-    ref:c8b186f5-17d0-460e-aa39-cca1f5f8404d]
-
-    role:hs_office_person#ThirdOHG.owner[owner
-    ref:a0ed218b-a0cf-417d-8f82-73eae57e67f8]
-
-end
-
-subgraph users[users]
-
-    user:person-HostsharingeG(person-HostsharingeG@example.com
-    ref:cc50ddc1-a722-47d7-984f-3094877e4496)
-
-    user:person-ThirdOHG(person-ThirdOHG@example.com
-    ref:494c39a5-b410-4578-8d69-d026493c6731)
-
-    user:superuser-alex(superuser-alex@hostsharing.net
-    ref:a580e215-2243-4c7e-a9e3-169b237b86b4)
-
-    user:superuser-fran(superuser-fran@hostsharing.net
-    ref:ce6958ec-5e7a-4209-95b2-346c2eaaa22c)
-
-end
-
-subgraph hs_office_membership#M-1000303[hs_office_membership#M-1000303]
-
-    perm:SELECT:on:hs_office_membership#M-1000303{{SELECT
-    ref:a1eb00eb-3f0f-471c-bf97-ce415e6991ab}}
-
-    role:hs_office_membership#M-1000303.admin[admin
-    ref:a7eece29-79d1-4d41-beb8-2900b899e087]
-
-    role:hs_office_membership#M-1000303.owner[owner
-    ref:8eee38e9-7bb2-4ad7-b427-3999e1c66fd1]
-
-    role:hs_office_membership#M-1000303.referrer[referrer
-    ref:49506b45-aa23-495e-8938-e54b635691ae]
-
-end
-
-role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
-role:global#global.admin --> role:hs_office_person#ThirdOHG.owner
-role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
-role:hs_office_membership#M-1000303.admin --> role:hs_office_membership#M-1000303.referrer
-role:hs_office_membership#M-1000303.owner --> role:hs_office_membership#M-1000303.admin
-role:hs_office_membership#M-1000303.referrer --> perm:SELECT:on:hs_office_membership#M-1000303
-role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
-role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
-role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
-role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_membership#M-1000303.owner
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_membership#M-1000303.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
-user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
-user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner
-user:superuser-alex --> role:global#global.admin
-user:superuser-alex --> role:hs_office_membership#M-1000303.owner
-user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
-user:superuser-fran --> role:global#global.admin
-```
diff --git a/doc/temp/partner-updated.md b/doc/temp/partner-updated.md
deleted file mode 100644
index 7de527f2..00000000
--- a/doc/temp/partner-updated.md
+++ /dev/null
@@ -1,108 +0,0 @@
-### all grants to partner-updated
-
-```mermaid
-%%{init:{'flowchart':{'htmlLabels':false}}}%%
-
-flowchart TB
-
-subgraph global#global[global#global]
-
-    role:global#global.admin[admin
-    ref:b7a0455f-4704-41f5-8ddc-70692bc46c01]
-
-end
-
-subgraph hs_office_partner#P-20036[hs_office_partner#P-20036]
-
-    perm:SELECT:on:hs_office_partner#P-20036{{SELECT
-    ref:da2165d9-fb71-46ed-87bc-fed19e5de092}}
-
-end
-
-subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin
-    ref:dbefd579-063d-4e06-a9c4-e7ab27288dea]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent
-    ref:3cd435a3-9f4f-4acc-a035-f781329db167]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner
-    ref:4438ef8f-1fad-4a46-b562-3bdac51b7932]
-
-    role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant[tenant
-    ref:14d138a2-1142-4ae8-b089-a8659654dcc5]
-
-end
-
-subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
-
-    role:hs_office_person#HostsharingeG.admin[admin
-    ref:fb52b042-8204-4f96-86c7-ebf7e215aba4]
-
-    role:hs_office_person#HostsharingeG.owner[owner
-    ref:1483555f-72af-40fc-bfed-5c9d13304d94]
-
-end
-
-subgraph hs_office_contact#sixthcontact[hs_office_contact#sixthcontact]
-
-    role:hs_office_contact#sixthcontact.admin[admin
-    ref:3bb16898-f7f4-4dc3-9a45-8756462cc246]
-
-    role:hs_office_contact#sixthcontact.owner[owner
-    ref:625707ee-ef28-4e38-8be5-e0126158f86f]
-
-end
-
-subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG]
-
-    role:hs_office_person#ThirdOHG.admin[admin
-    ref:eccc1981-a813-4d6b-95cd-33ea310b1e8f]
-
-    role:hs_office_person#ThirdOHG.owner[owner
-    ref:bffe1bc4-5a28-4bb5-8008-1d9189eed0dd]
-
-end
-
-subgraph users[users]
-
-    user:contact-admin(contact-admin@sixthcontact.example.com
-    ref:4781a32f-7e5b-436f-8fa0-724cc1b8d74a)
-
-    user:person-HostsharingeG(person-HostsharingeG@example.com
-    ref:e5f21c56-448f-4e69-8421-ad92439ea2db)
-
-    user:person-ThirdOHG(person-ThirdOHG@example.com
-    ref:92c46960-abce-4763-9b10-d6682abed8ff)
-
-    user:superuser-alex(superuser-alex@hostsharing.net
-    ref:bd7ba8ed-57cb-40e0-ab8a-c897f107bddc)
-
-    user:superuser-fran(superuser-fran@hostsharing.net
-    ref:5800fee5-7919-4ef8-9ff8-353f1159925a)
-
-end
-
-role:global#global.admin --> role:hs_office_contact#sixthcontact.owner
-role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
-role:global#global.admin --> role:hs_office_person#ThirdOHG.owner
-role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
-role:hs_office_contact#sixthcontact.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
-role:hs_office_contact#sixthcontact.owner --> role:hs_office_contact#sixthcontact.admin
-role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
-role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
-role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
-role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
-role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
-role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant --> perm:SELECT:on:hs_office_partner#P-20036
-user:contact-admin --> role:hs_office_contact#sixthcontact.owner
-user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
-user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner
-user:superuser-alex --> role:global#global.admin
-user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
-user:superuser-fran --> role:global#global.admin
-```