task-l.3.1
This commit is contained in:
561
plans/task-l.3.1.md
Normal file
561
plans/task-l.3.1.md
Normal file
@@ -0,0 +1,561 @@
|
||||
# Task L.3.1: Customer, Contact & Approval Visibility Hardening
|
||||
|
||||
## Objective
|
||||
|
||||
Close the remaining authorization gaps from Task L.3 and make CRM visibility enforcement production-ready.
|
||||
|
||||
After Task L.3.1:
|
||||
|
||||
```txt
|
||||
Customer Visibility
|
||||
Contact Visibility
|
||||
Approval Visibility
|
||||
```
|
||||
|
||||
must all use the same resolved CRM access model as:
|
||||
|
||||
```txt
|
||||
Leads
|
||||
Enquiries
|
||||
Quotations
|
||||
Dashboard
|
||||
PDF
|
||||
Artifacts
|
||||
```
|
||||
|
||||
This task is expected to close the Authorization Epic.
|
||||
|
||||
---
|
||||
|
||||
# Background
|
||||
|
||||
Task L.3 completed:
|
||||
|
||||
```txt
|
||||
Quotation Scope Enforcement
|
||||
Pricing Visibility
|
||||
PDF Security
|
||||
Artifact Security
|
||||
Dashboard Revenue Security
|
||||
Approval Actor Validation
|
||||
```
|
||||
|
||||
Remaining gaps:
|
||||
|
||||
```txt
|
||||
Customer Ownership Scope
|
||||
Contact Ownership Scope
|
||||
Approval List Visibility
|
||||
Approval Detail Visibility
|
||||
Runtime Security Verification
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.1 Customer Ownership Enforcement
|
||||
|
||||
Apply resolved CRM access to:
|
||||
|
||||
```txt
|
||||
Customers List
|
||||
Customer Detail
|
||||
Customer Search
|
||||
Customer Lookup
|
||||
Customer API
|
||||
```
|
||||
|
||||
Rules:
|
||||
|
||||
## Sales
|
||||
|
||||
```txt
|
||||
Own customers only
|
||||
```
|
||||
|
||||
Customer ownership derived from:
|
||||
|
||||
```txt
|
||||
createdBy
|
||||
salesmanId
|
||||
assigned ownership relationship
|
||||
```
|
||||
|
||||
based on current CRM model.
|
||||
|
||||
---
|
||||
|
||||
## Sales Manager
|
||||
|
||||
```txt
|
||||
Team customers
|
||||
```
|
||||
|
||||
limited by:
|
||||
|
||||
```txt
|
||||
Branch Scope
|
||||
Product Scope
|
||||
Ownership Scope
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Marketing
|
||||
|
||||
```txt
|
||||
Monitoring visibility only
|
||||
```
|
||||
|
||||
May view customer profile if related to:
|
||||
|
||||
```txt
|
||||
Lead
|
||||
Enquiry
|
||||
```
|
||||
|
||||
but cannot access quotation pricing.
|
||||
|
||||
---
|
||||
|
||||
## CRM Admin
|
||||
|
||||
```txt
|
||||
Organization-wide visibility
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.2 Contact Ownership Enforcement
|
||||
|
||||
Apply same resolved access model.
|
||||
|
||||
Protect:
|
||||
|
||||
```txt
|
||||
Contacts List
|
||||
Contact Detail
|
||||
Contact Search
|
||||
Contact API
|
||||
```
|
||||
|
||||
Rules:
|
||||
|
||||
```txt
|
||||
Owner
|
||||
Shared User
|
||||
Manager Scope
|
||||
Admin Scope
|
||||
```
|
||||
|
||||
must all work correctly.
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.3 Contact Sharing Validation
|
||||
|
||||
Audit existing sharing model.
|
||||
|
||||
Verify:
|
||||
|
||||
```txt
|
||||
Shared Contact
|
||||
```
|
||||
|
||||
still visible after ownership enforcement.
|
||||
|
||||
Rules:
|
||||
|
||||
```txt
|
||||
Creator
|
||||
Shared User
|
||||
CRM Admin
|
||||
```
|
||||
|
||||
retain access.
|
||||
|
||||
Users outside sharing relationship:
|
||||
|
||||
```txt
|
||||
Access Denied
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.4 Approval Visibility Enforcement
|
||||
|
||||
Approval actor validation already exists.
|
||||
|
||||
Now enforce visibility for:
|
||||
|
||||
```txt
|
||||
Approval List
|
||||
Approval Detail
|
||||
Approval History
|
||||
Approval Dashboard Widgets
|
||||
```
|
||||
|
||||
Rules:
|
||||
|
||||
User can only see approval records when:
|
||||
|
||||
```txt
|
||||
Can Access Related Quotation
|
||||
```
|
||||
|
||||
OR
|
||||
|
||||
```txt
|
||||
Current Approval Actor
|
||||
```
|
||||
|
||||
OR
|
||||
|
||||
```txt
|
||||
CRM Admin
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.5 Approval Detail Security
|
||||
|
||||
Protect:
|
||||
|
||||
```txt
|
||||
Approval Route
|
||||
Approval APIs
|
||||
Approval Timeline
|
||||
Approval History
|
||||
```
|
||||
|
||||
Users without quotation visibility:
|
||||
|
||||
```txt
|
||||
cannot access approval details
|
||||
```
|
||||
|
||||
even if they know the URL.
|
||||
|
||||
Server-side enforcement required.
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.6 Approval Dashboard Hardening
|
||||
|
||||
Verify:
|
||||
|
||||
```txt
|
||||
Pending Approvals
|
||||
My Approvals
|
||||
Approval KPIs
|
||||
Approval Analytics
|
||||
```
|
||||
|
||||
all respect:
|
||||
|
||||
```txt
|
||||
Branch Scope
|
||||
Product Scope
|
||||
Ownership Scope
|
||||
```
|
||||
|
||||
and resolved CRM access.
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.7 Team Scope Clarification
|
||||
|
||||
Current implementation uses:
|
||||
|
||||
```txt
|
||||
Most Permissive Ownership Scope
|
||||
```
|
||||
|
||||
but team membership is approximate.
|
||||
|
||||
Document current behavior.
|
||||
|
||||
Create:
|
||||
|
||||
```txt
|
||||
docs/security/team-scope-limitations.md
|
||||
```
|
||||
|
||||
Document:
|
||||
|
||||
```txt
|
||||
Current Team Scope Logic
|
||||
Known Limitations
|
||||
Future Team Hierarchy Model
|
||||
```
|
||||
|
||||
No hierarchy implementation in this task.
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.8 Security Fixture Expansion
|
||||
|
||||
Expand:
|
||||
|
||||
```txt
|
||||
scripts/security/verify-crm-access.ts
|
||||
```
|
||||
|
||||
Add scenarios:
|
||||
|
||||
### Customer Visibility
|
||||
|
||||
```txt
|
||||
Sales A
|
||||
cannot see
|
||||
Sales B customer
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### Contact Sharing
|
||||
|
||||
```txt
|
||||
Shared Contact
|
||||
visible
|
||||
|
||||
Unshared Contact
|
||||
hidden
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### Approval Visibility
|
||||
|
||||
```txt
|
||||
Approver
|
||||
can access
|
||||
|
||||
Non-Approver
|
||||
cannot access
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### Marketing
|
||||
|
||||
```txt
|
||||
can monitor lead
|
||||
cannot view quotation pricing
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### CRM Admin
|
||||
|
||||
```txt
|
||||
full access
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.9 Security Audit Logging
|
||||
|
||||
Extend:
|
||||
|
||||
```txt
|
||||
crm_security_access
|
||||
```
|
||||
|
||||
Events:
|
||||
|
||||
```txt
|
||||
customer_scope_violation
|
||||
contact_scope_violation
|
||||
approval_scope_violation
|
||||
```
|
||||
|
||||
Payload:
|
||||
|
||||
```txt
|
||||
userId
|
||||
entityId
|
||||
entityType
|
||||
reason
|
||||
resolvedScope
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.10 Security Inventory Update
|
||||
|
||||
Update:
|
||||
|
||||
```txt
|
||||
docs/security/crm-access-enforcement-inventory.md
|
||||
```
|
||||
|
||||
Status should become:
|
||||
|
||||
```txt
|
||||
Protected
|
||||
```
|
||||
|
||||
for:
|
||||
|
||||
```txt
|
||||
Customers
|
||||
Contacts
|
||||
Approvals
|
||||
```
|
||||
|
||||
Remove:
|
||||
|
||||
```txt
|
||||
Partially Protected
|
||||
```
|
||||
|
||||
classification where resolved.
|
||||
|
||||
---
|
||||
|
||||
# Scope L3.1.11 Authorization Boundary Review
|
||||
|
||||
Update:
|
||||
|
||||
```txt
|
||||
docs/security/crm-authorization-boundaries.md
|
||||
```
|
||||
|
||||
Document final behavior for:
|
||||
|
||||
```txt
|
||||
Customer
|
||||
Contact
|
||||
Lead
|
||||
Enquiry
|
||||
Quotation
|
||||
Approval
|
||||
Dashboard
|
||||
Artifacts
|
||||
Settings
|
||||
```
|
||||
|
||||
This becomes the official CRM authorization reference.
|
||||
|
||||
---
|
||||
|
||||
# Verification Matrix
|
||||
|
||||
## Sales A
|
||||
|
||||
Expected:
|
||||
|
||||
```txt
|
||||
Own Customers
|
||||
Own Contacts
|
||||
Own Quotations
|
||||
```
|
||||
|
||||
Cannot:
|
||||
|
||||
```txt
|
||||
Access Sales B records
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Sales Manager
|
||||
|
||||
Expected:
|
||||
|
||||
```txt
|
||||
Team Customers
|
||||
Team Contacts
|
||||
Team Quotations
|
||||
```
|
||||
|
||||
within scope.
|
||||
|
||||
---
|
||||
|
||||
## Marketing
|
||||
|
||||
Expected:
|
||||
|
||||
```txt
|
||||
Lead Monitoring
|
||||
Follow-Ups
|
||||
Assignments
|
||||
```
|
||||
|
||||
Cannot:
|
||||
|
||||
```txt
|
||||
View Pricing
|
||||
View Revenue
|
||||
View Approval Detail
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Approver
|
||||
|
||||
Expected:
|
||||
|
||||
```txt
|
||||
Can Access Pending Approval
|
||||
Can Access Approval Detail
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Non Approver
|
||||
|
||||
Expected:
|
||||
|
||||
```txt
|
||||
Cannot Access Approval Detail
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## CRM Admin
|
||||
|
||||
Expected:
|
||||
|
||||
```txt
|
||||
Full CRM Access
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Deliverables
|
||||
|
||||
1. Customer Ownership Enforcement
|
||||
2. Contact Ownership Enforcement
|
||||
3. Contact Sharing Validation
|
||||
4. Approval Visibility Enforcement
|
||||
5. Approval Dashboard Hardening
|
||||
6. Security Fixture Expansion
|
||||
7. Security Audit Events
|
||||
8. Updated Security Inventory
|
||||
9. Authorization Boundary Review
|
||||
|
||||
---
|
||||
|
||||
# Definition of Done
|
||||
|
||||
Task L.3.1 is complete when:
|
||||
|
||||
* customer visibility uses resolved CRM access
|
||||
* contact visibility uses resolved CRM access
|
||||
* contact sharing still works
|
||||
* approval visibility is secured
|
||||
* approval detail is secured
|
||||
* approval dashboard respects scope
|
||||
* security regression scenarios pass
|
||||
* security inventory updated
|
||||
* authorization boundary documentation updated
|
||||
|
||||
Result:
|
||||
|
||||
```txt
|
||||
Authorization Foundation = CLOSED
|
||||
CRM Security Boundary = PRODUCTION READY
|
||||
CRM UAT Security Baseline = READY
|
||||
```
|
||||
Reference in New Issue
Block a user