cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63c194dab7476d0a657658bce361aad6c2c45c81
cameleer-saas/docs/superpowers/specs/2026-04-07-role-license-redesign.md
hsiegeln 3d41d4a3da
All checks were successful
CI / build (push) Successful in 57s
Details
CI / docker (push) Successful in 47s
Details
feat: 4-role model — owner, operator, viewer + vendor-seed 
Redesign the role model from 3 roles (platform-admin, admin, member)
to 4 clear personas:

- owner (org role): full tenant control — billing, team, apps, deploy
- operator (org role): app lifecycle + observability, no billing/team
- viewer (org role): read-only observability
- saas-vendor (global role, hosted only): cross-tenant platform admin

Bootstrap changes:
- Rename org roles: admin→owner, member→operator, add viewer
- Remove platform-admin global role (moved to vendor-seed)
- admin user gets owner role, camel user gets viewer role
- Custom JWT maps: owner→server:admin, operator→server:operator,
  viewer→server:viewer, saas-vendor→server:admin

New docker/vendor-seed.sh for hosted SaaS environments only.
Remove sidebar user/logout link (TopBar handles logout).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 13:49:16 +02:00

1.5 KiB
Raw Blame History

Role Model + License Model Redesign

Date: 2026-04-07 Status: Approved

Problem

The current role model (platform-admin, org admin, org member) doesn't map cleanly to real-world personas. The member role can deploy but can't manage apps — it's neither a proper operator nor a proper viewer. There's no read-only role. The license model assumes SaaS (per-tenant) with no on-premise consideration.

Decision

4-Role Model

Role Logto Type Scopes Persona
SaaS Vendor Global saas-vendor platform:admin + all tenant scopes SaaS operator (hosted only)
Platform Owner Org owner All 10 tenant scopes + server:admin Customer admin
Operator Org operator apps:manage, apps:deploy, observe:read, observe:debug, server:operator DevOps
Viewer Org viewer observe:read, server:viewer Read-only stakeholder

Deployment Modes

  • SaaS: Vendor-seed script (separate from bootstrap) creates saas-vendor role. Standard bootstrap creates tenants with owner/operator/viewer.
  • On-premise: Single implicit tenant. First user is owner. No vendor role exists.

License Model

No schema changes. LicenseEntity.tenantId works for both modes. On-prem has one tenant = one license. SaaS has per-tenant licenses managed by vendor.

Vendor-Seed Script

docker/vendor-seed.sh — run once on hosted environment, not part of standard bootstrap. Creates saas-vendor global role + vendor user.

Reference in New Issue View Git Blame Copy Permalink