Governance
ReBAC access model — define relations, author policies, and configure promotion authority.
NL Author — policy
⌘↵ to send
Current access model: Casbin RBAC (application-level) + siloed dg_v2 RLS (not joined to Casbin). contractor_access_grants (M147) is the only existing ReBAC-like tuple. This surface is the design target for the full ReBAC join.
| Relation | Subject Type | Object Type | Access Implication |
|---|---|---|---|
OWNS | Party | Property | Assert facts; full read on owned properties |
MANAGES | Party | Property | Read and assert operational facts |
OCCUPIES | Party | Property | Read occupancy and lease facts for their space |
OPERATES | Party | Property | Vendor-level read on operational data |
LENDS_TO | Party | Party | Read financial covenants and loan facts |
EMPLOYS | Party | Party | HR-scoped read |