Wave 42 user/access readiness

جاهزية المستخدمين والوصول

Wave: 42/42

نطاق V1 للمستخدمين والوصول

الهدف:Make roles, access levels, and office/client/admin direction clear before V1 rollout

النمط:Readiness-only planning surface

الربط:Connects company workspace, settings readiness, accounting configuration, and remote admin assistance

الحد:No backend changes, no Prisma change, no user management mutations, no real mutation behavior, and no risky accounting behavior

خريطة الأدوار ومستويات الوصول

الدورالحالةالإشارة الحاليةالخطوة الآمنة التالية

Platform adminready foundationPlatform-level role direction exists for product operators and global configuration visibilityKeep platform administration separate from company user management until server-side flows are reviewed

Office adminreadiness-onlyOffice scope is part of the current access model and support grants can point at office usersUse grant-gated assisted access only; do not add impersonation or hidden company switching

Company adminblocked until evidence/integrationCompany scope exists through role assignments and tenant/company foundationsLater V1 work can add invitation and assignment review after authorization paths are checked

Accountant helperreadiness-onlyOffice or tenant-scoped helper roles can be described before building workflow screensKeep helper access explicit, scoped, and auditable before any document workflow is exposed

Company userreadiness-onlyClient/company users should see only company-context readiness and later assigned workflowsAdd client user lists and invitations in a later mutation-safe wave

Support assistancereadiness-onlySupportAccessGrant and SupportActionLog already define the remote assistance safety directionKeep remote assistance trace-only here; no session takeover or tenant-boundary bypass

مجالات الوصول المتصلة

الأدوار ومستويات الوصول

readiness-only

العقود:/auth/foundation, /access/foundation, /access/roles, /access/permissions

النطاقات:Platform, office, tenant, and company access scopes remain explicit

المستويات:Platform admin, office admin, company admin, accountant/helper, and company user direction

الحد:Read-only status only; no invite, edit, assignment, delete, or permission mutation behavior

اتجاه مدير الشركة

blocked until evidence/integration

المسؤولية:Review company profile, year, currency, users, and accounting setup readiness

المصدر:/company-workspace and /settings keep company context and settings gaps visible

قرار V1:Company admin management remains a future workflow after authorization review

الحد:No company/year/currency write behavior and no hidden accounting configuration changes

اتجاه المحاسب أو مساعد المكتب

readiness-only

المسؤولية:Help clients prepare accounting configuration without owning unsafe shortcuts

المصدر:/accounting and /settings show accounting readiness and configuration gaps

قرار V1:Office helper work should stay scoped by tenant/company and visible in audit traces

الحد:No posting, journal, VAT, stock, invoice, voucher, or report behavior changes

اتجاه مستخدم الشركة

readiness-only

المسؤولية:Use the client/company workspace after company context and assignments are ready

المصدر:/company-workspace shows the client rollout readiness surface

قرار V1:Client users need assigned access and clear blocked-action labels before workflow rollout

الحد:No real user onboarding, login UX, invite flow, or client management screen in this wave

المساعدة عن بعد فقط

readiness-only

المصدر:/admin-support and SupportAccessGrant

المبدأ:Office/admin assistance must be explicit, time-scoped, reasoned, and audit-friendly

قرار V1:Remote assistance can be planned as reviewable support, not impersonation

الحد:No unsafe impersonation, no tenant-boundary bypass, no session takeover, and no Twilio

توقعات التدقيق والأمان

readiness-only

التدقيق:Role changes, access checks, support grants, and assisted actions must be traceable later

الملكية:Tenant, company, requester, support user, and reason metadata must stay visible

القرار:Permission checks should remain server-side before any real workflow is enabled

الحد:This page does not prove runtime authorization; it documents V1 readiness gaps

روابط جاهزية متصلة

نواقص V1 المحجوبة

دعوات المستخدمين:Blocked until evidence/integration; no invite, resend, accept, deactivate, or delete workflow exists in this page

تعيين الأدوار:Blocked until evidence/integration; no role assignment matrix, editor, or permission mutation behavior is implemented

إدارة الشركة:No company admin console, company/year/currency write flow, or settings save action

المساعدة العملية:No real remote-support session, impersonation, company switch, or support takeover

التحقق التشغيلي:Runtime authorization and UI gating still need backend-backed integration tests later

المحاسبة:No invoice/voucher form, posting, journal, VAT, stock, report renderer, or export delivery behavior