API tools faq
paste
angga1518

rbac proposal

angga1518
Sep 22nd, 2025
53
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 10.48 KB | Source Code | 0 0
raw download clone embed print report
  1. {
  2.   "user": {
  3.     "id": "3d58f4b2-7f72-4c25-9b3b-2b0c3b3c1a01",
  4.     ...
  5.   },
  6.  
  7.   "roles": [
  8.     {
  9.       "assignment": {
  10.         "id": "3f21a6b1-02ce-48bf-91c0-4a0c1d77a901",
  11.         "companyHqId": "hq-1",
  12.         "companyRole": "owner_hq",
  13.         ...
  14.       },
  15.  
  16.       "permissions": [
  17.         {
  18.           "permission": "perm:dashboard.view",
  19.           "level": "hq",
  20.           "description": "View dashboard at HQ scope"
  21.         },
  22.         {
  23.           "permission": "perm:profile_completion:business_profile:view",
  24.           "level": "hq",
  25.           "description": "View Business Profile (HQ)"
  26.         },
  27.         {
  28.           "permission": "perm:profile_completion:business_profile:edit",
  29.           "level": "hq",
  30.           "description": "Edit Business Profile (HQ)"
  31.         },
  32.         {
  33.           "permission": "perm:profile_completion:comp_rep:view",
  34.           "level": "hq",
  35.           "description": "View Company Representative (HQ)"
  36.         },
  37.         {
  38.           "permission": "perm:profile_completion:comp_rep:edit",
  39.           "level": "hq",
  40.           "description": "Edit Company Representative (HQ)"
  41.         },
  42.         {
  43.           "permission": "perm:profile_completion:hq_branch_info:view",
  44.           "level": "hq",
  45.           "description": "View HQ & Branch Info (HQ)"
  46.         },
  47.         {
  48.           "permission": "perm:profile_completion:hq_branch_info:edit",
  49.           "level": "hq",
  50.           "description": "Edit HQ & Branch Info (HQ)"
  51.         },
  52.  
  53.         { "permission": "perm:hq:register", "level": "hq", "description": "Register HQ" },
  54.         { "permission": "perm:hq:edit",     "level": "hq", "description": "Edit HQ" },
  55.  
  56.         {
  57.           "permission": "perm:branch:register",
  58.           "level": "hq",
  59.           "branch_scope": "all",
  60.           "description": "Register branch under this HQ"
  61.         },
  62.         {
  63.           "permission": "perm:branch:edit",
  64.           "level": "hq",
  65.           "branch_scope": "all",
  66.           "description": "Edit any branch under this HQ"
  67.         },
  68.  
  69.         {
  70.           "permission": "perm:team:register",
  71.           "level": "hq",
  72.           "branch_scope": "all",
  73.           "dept_scope": "all",
  74.           "description": "Register team members across all branches and departments"
  75.         },
  76.         {
  77.           "permission": "perm:team:edit",
  78.           "level": "hq",
  79.           "branch_scope": "all",
  80.           "dept_scope": "all",
  81.           "description": "Edit team members across all branches and departments"
  82.         },
  83.  
  84.         {
  85.           "permission": "perm:job:create:details",
  86.           "level": "hq",
  87.           "branch_scope": "all",
  88.           "dept_scope": "all",
  89.           "description": "Create Job - Job Details (all branches, all departments)"
  90.         },
  91.         {
  92.           "permission": "perm:job:create:workflow",
  93.           "level": "hq",
  94.           "branch_scope": "all",
  95.           "dept_scope": "all",
  96.           "description": "Create Job - Recruitment Workflow (all/all)"
  97.         },
  98.         {
  99.           "permission": "perm:job:create:publish",
  100.           "level": "hq",
  101.           "branch_scope": "all",
  102.           "dept_scope": "all",
  103.           "description": "Create Job - Review & Publish (all/all)"
  104.         },
  105.  
  106.         {
  107.           "permission": "perm:job:draft:edit",
  108.           "level": "hq",
  109.           "branch_scope": "all",
  110.           "dept_scope": "all",
  111.           "description": "Edit Job Draft (all/all)"
  112.         },
  113.         {
  114.           "permission": "perm:job:close",
  115.           "level": "hq",
  116.           "branch_scope": "all",
  117.           "dept_scope": "all",
  118.           "description": "Close Job (all/all)"
  119.         },
  120.  
  121.         {
  122.           "permission": "perm:applicant:view",
  123.           "level": "hq",
  124.           "branch_scope": "all",
  125.           "dept_scope": "all",
  126.           "description": "View Applicants (all/all)"
  127.         },
  128.         {
  129.           "permission": "perm:applicant:decision",
  130.           "level": "hq",
  131.           "branch_scope": "all",
  132.           "dept_scope": "all",
  133.           "description": "Approve/Reject Applicants (all/all)"
  134.         },
  135.         {
  136.           "permission": "perm:applicant:move",
  137.           "level": "hq",
  138.           "branch_scope": "all",
  139.           "dept_scope": "all",
  140.           "description": "Move Applicants across stages (all/all)"
  141.         },
  142.  
  143.         { "permission": "perm:ownership:transfer", "level": "hq", "description": "Transfer Company Ownership" },
  144.  
  145.         // General jobs features accessible to all roles (self/public context)
  146.         { "permission": "perm:jobs:list:view",     "level": "public", "description": "View job list" },
  147.         { "permission": "perm:jobs:details:view",  "level": "public", "description": "View job details" },
  148.         { "permission": "perm:jobs:apply:external","level": "self",   "description": "Apply external jobs" },
  149.         { "permission": "perm:jobs:apply:internal","level": "self",   "description": "Apply internal jobs (if enabled)" },
  150.         { "permission": "perm:jobs:apply:freelance","level": "self",  "description": "Apply freelance jobs (if enabled)" },
  151.         { "permission": "perm:jobs:saved:view",    "level": "self",   "description": "View saved jobs" },
  152.         { "permission": "perm:jobs:applied:view",  "level": "self",   "description": "View applied jobs" },
  153.  
  154.         // Edit self profile (owner: tidak boleh edit role, tapi boleh personal/branch/dept)
  155.         { "permission": "perm:self_profile:personal:edit",         "level": "self", "description": "Edit own personal details" },
  156.         { "permission": "perm:self_profile:branch_assignment:edit","level": "self", "description": "Edit own branch assignment" },
  157.         { "permission": "perm:self_profile:dept_assignment:edit",  "level": "self", "description": "Edit own department assignment" }
  158.       ]
  159.     },
  160.  
  161.     {
  162.       "assignment": {
  163.         "id": "a1d2c3e4-f5a6-47b8-9c0d-e1f2a3b4c5d6",
  164.         "companyHqId": "hq-1",
  165.         "companyRole": "hrd_branch",
  166.         ...
  167.       },
  168.  
  169.       "permissions": [
  170.         {
  171.           "permission": "perm:dashboard.view",
  172.           "level": "branch",
  173.           "description": "View dashboard at Branch scope"
  174.         },
  175.  
  176.         {
  177.           "permission": "perm:profile_completion:hq_branch_info:view",
  178.           "level": "branch",
  179.           "description": "View Branch Info (self branch)"
  180.         },
  181.         {
  182.           "permission": "perm:profile_completion:hq_branch_info:edit",
  183.           "level": "branch",
  184.           "description": "Edit Branch Info (self branch)"
  185.         },
  186.  
  187.         {
  188.           "permission": "perm:branch:edit",
  189.           "level": "branch",
  190.           "branch_scope": "self",
  191.           "description": "Edit own branch"
  192.         },
  193.  
  194.         {
  195.           "permission": "perm:team:register",
  196.           "level": "branch",
  197.           "branch_scope": "self",
  198.           "dept_scope": "all",
  199.           "description": "Register team on self branch (all depts)"
  200.         },
  201.         {
  202.           "permission": "perm:team:edit",
  203.           "level": "branch",
  204.           "branch_scope": "self",
  205.           "dept_scope": "all",
  206.           "description": "Edit team on self branch (all depts)"
  207.         },
  208.  
  209.         {
  210.           "permission": "perm:job:create:details",
  211.           "level": "branch",
  212.           "branch_scope": "self",
  213.           "dept_scope": "all",
  214.           "description": "Create Job - Job Details (all depts on self branch)"
  215.         },
  216.         {
  217.           "permission": "perm:job:create:workflow",
  218.           "level": "branch",
  219.           "branch_scope": "self",
  220.           "dept_scope": "all",
  221.           "description": "Create Job - Workflow (all depts on self branch)"
  222.         },
  223.         {
  224.           "permission": "perm:job:create:publish",
  225.           "level": "branch",
  226.           "branch_scope": "self",
  227.           "dept_scope": "all",
  228.           "description": "Create Job - Publish (all depts on self branch)"
  229.         },
  230.  
  231.         {
  232.           "permission": "perm:job:draft:edit",
  233.           "level": "branch",
  234.           "branch_scope": "self",
  235.           "dept_scope": "all",
  236.           "description": "Edit Job Draft (all depts on self branch)"
  237.         },
  238.         {
  239.           "permission": "perm:job:close",
  240.           "level": "branch",
  241.           "branch_scope": "self",
  242.           "dept_scope": "all",
  243.           "description": "Close Job (all depts on self branch)"
  244.         },
  245.  
  246.         {
  247.           "permission": "perm:applicant:view",
  248.           "level": "branch",
  249.           "branch_scope": "self",
  250.           "dept_scope": "all",
  251.           "description": "View Applicants (all depts on self branch)"
  252.         },
  253.         {
  254.           "permission": "perm:applicant:decision",
  255.           "level": "branch",
  256.           "branch_scope": "self",
  257.           "dept_scope": "all",
  258.           "description": "Approve/Reject Applicants (all depts on self branch)"
  259.         },
  260.         {
  261.           "permission": "perm:applicant:move",
  262.           "level": "branch",
  263.           "branch_scope": "self",
  264.           "dept_scope": "all",
  265.           "description": "Move Applicants across stages (all depts on self branch)"
  266.         },
  267.  
  268.         // General jobs features (self/public)
  269.         { "permission": "perm:jobs:list:view",     "level": "public", "description": "View job list" },
  270.         { "permission": "perm:jobs:details:view",  "level": "public", "description": "View job details" },
  271.         { "permission": "perm:jobs:apply:external","level": "self",   "description": "Apply external jobs" },
  272.         { "permission": "perm:jobs:apply:internal","level": "self",   "description": "Apply internal jobs (if enabled)" },
  273.         { "permission": "perm:jobs:apply:freelance","level": "self",  "description": "Apply freelance jobs (if enabled)" },
  274.         { "permission": "perm:jobs:saved:view",    "level": "self",   "description": "View saved jobs" },
  275.         { "permission": "perm:jobs:applied:view",  "level": "self",   "description": "View applied jobs" },
  276.  
  277.         // Edit self profile (HRD branch boleh edit role/branch/dept dirinya sendiri sesuai policy-mu)
  278.         { "permission": "perm:self_profile:personal:edit",        "level": "self", "description": "Edit own personal details" },
  279.         { "permission": "perm:self_profile:role:edit",            "level": "self", "description": "Edit own company role" },
  280.         { "permission": "perm:self_profile:branch_assignment:edit","level": "self", "description": "Edit own branch assignment" },
  281.         { "permission": "perm:self_profile:dept_assignment:edit", "level": "self", "description": "Edit own department assignment" }
  282.       ]
  283.     }
  284.   ]
  285. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!