562 lines
5.9 KiB
Markdown
562 lines
5.9 KiB
Markdown
# Task L.3.1: Customer, Contact & Approval Visibility Hardening
|
|
|
|
## Objective
|
|
|
|
Close the remaining authorization gaps from Task L.3 and make CRM visibility enforcement production-ready.
|
|
|
|
After Task L.3.1:
|
|
|
|
```txt
|
|
Customer Visibility
|
|
Contact Visibility
|
|
Approval Visibility
|
|
```
|
|
|
|
must all use the same resolved CRM access model as:
|
|
|
|
```txt
|
|
Leads
|
|
Enquiries
|
|
Quotations
|
|
Dashboard
|
|
PDF
|
|
Artifacts
|
|
```
|
|
|
|
This task is expected to close the Authorization Epic.
|
|
|
|
---
|
|
|
|
# Background
|
|
|
|
Task L.3 completed:
|
|
|
|
```txt
|
|
Quotation Scope Enforcement
|
|
Pricing Visibility
|
|
PDF Security
|
|
Artifact Security
|
|
Dashboard Revenue Security
|
|
Approval Actor Validation
|
|
```
|
|
|
|
Remaining gaps:
|
|
|
|
```txt
|
|
Customer Ownership Scope
|
|
Contact Ownership Scope
|
|
Approval List Visibility
|
|
Approval Detail Visibility
|
|
Runtime Security Verification
|
|
```
|
|
|
|
---
|
|
|
|
# Scope L3.1.1 Customer Ownership Enforcement
|
|
|
|
Apply resolved CRM access to:
|
|
|
|
```txt
|
|
Customers List
|
|
Customer Detail
|
|
Customer Search
|
|
Customer Lookup
|
|
Customer API
|
|
```
|
|
|
|
Rules:
|
|
|
|
## Sales
|
|
|
|
```txt
|
|
Own customers only
|
|
```
|
|
|
|
Customer ownership derived from:
|
|
|
|
```txt
|
|
createdBy
|
|
salesmanId
|
|
assigned ownership relationship
|
|
```
|
|
|
|
based on current CRM model.
|
|
|
|
---
|
|
|
|
## Sales Manager
|
|
|
|
```txt
|
|
Team customers
|
|
```
|
|
|
|
limited by:
|
|
|
|
```txt
|
|
Branch Scope
|
|
Product Scope
|
|
Ownership Scope
|
|
```
|
|
|
|
---
|
|
|
|
## Marketing
|
|
|
|
```txt
|
|
Monitoring visibility only
|
|
```
|
|
|
|
May view customer profile if related to:
|
|
|
|
```txt
|
|
Lead
|
|
Enquiry
|
|
```
|
|
|
|
but cannot access quotation pricing.
|
|
|
|
---
|
|
|
|
## CRM Admin
|
|
|
|
```txt
|
|
Organization-wide visibility
|
|
```
|
|
|
|
---
|
|
|
|
# Scope L3.1.2 Contact Ownership Enforcement
|
|
|
|
Apply same resolved access model.
|
|
|
|
Protect:
|
|
|
|
```txt
|
|
Contacts List
|
|
Contact Detail
|
|
Contact Search
|
|
Contact API
|
|
```
|
|
|
|
Rules:
|
|
|
|
```txt
|
|
Owner
|
|
Shared User
|
|
Manager Scope
|
|
Admin Scope
|
|
```
|
|
|
|
must all work correctly.
|
|
|
|
---
|
|
|
|
# Scope L3.1.3 Contact Sharing Validation
|
|
|
|
Audit existing sharing model.
|
|
|
|
Verify:
|
|
|
|
```txt
|
|
Shared Contact
|
|
```
|
|
|
|
still visible after ownership enforcement.
|
|
|
|
Rules:
|
|
|
|
```txt
|
|
Creator
|
|
Shared User
|
|
CRM Admin
|
|
```
|
|
|
|
retain access.
|
|
|
|
Users outside sharing relationship:
|
|
|
|
```txt
|
|
Access Denied
|
|
```
|
|
|
|
---
|
|
|
|
# Scope L3.1.4 Approval Visibility Enforcement
|
|
|
|
Approval actor validation already exists.
|
|
|
|
Now enforce visibility for:
|
|
|
|
```txt
|
|
Approval List
|
|
Approval Detail
|
|
Approval History
|
|
Approval Dashboard Widgets
|
|
```
|
|
|
|
Rules:
|
|
|
|
User can only see approval records when:
|
|
|
|
```txt
|
|
Can Access Related Quotation
|
|
```
|
|
|
|
OR
|
|
|
|
```txt
|
|
Current Approval Actor
|
|
```
|
|
|
|
OR
|
|
|
|
```txt
|
|
CRM Admin
|
|
```
|
|
|
|
---
|
|
|
|
# Scope L3.1.5 Approval Detail Security
|
|
|
|
Protect:
|
|
|
|
```txt
|
|
Approval Route
|
|
Approval APIs
|
|
Approval Timeline
|
|
Approval History
|
|
```
|
|
|
|
Users without quotation visibility:
|
|
|
|
```txt
|
|
cannot access approval details
|
|
```
|
|
|
|
even if they know the URL.
|
|
|
|
Server-side enforcement required.
|
|
|
|
---
|
|
|
|
# Scope L3.1.6 Approval Dashboard Hardening
|
|
|
|
Verify:
|
|
|
|
```txt
|
|
Pending Approvals
|
|
My Approvals
|
|
Approval KPIs
|
|
Approval Analytics
|
|
```
|
|
|
|
all respect:
|
|
|
|
```txt
|
|
Branch Scope
|
|
Product Scope
|
|
Ownership Scope
|
|
```
|
|
|
|
and resolved CRM access.
|
|
|
|
---
|
|
|
|
# Scope L3.1.7 Team Scope Clarification
|
|
|
|
Current implementation uses:
|
|
|
|
```txt
|
|
Most Permissive Ownership Scope
|
|
```
|
|
|
|
but team membership is approximate.
|
|
|
|
Document current behavior.
|
|
|
|
Create:
|
|
|
|
```txt
|
|
docs/security/team-scope-limitations.md
|
|
```
|
|
|
|
Document:
|
|
|
|
```txt
|
|
Current Team Scope Logic
|
|
Known Limitations
|
|
Future Team Hierarchy Model
|
|
```
|
|
|
|
No hierarchy implementation in this task.
|
|
|
|
---
|
|
|
|
# Scope L3.1.8 Security Fixture Expansion
|
|
|
|
Expand:
|
|
|
|
```txt
|
|
scripts/security/verify-crm-access.ts
|
|
```
|
|
|
|
Add scenarios:
|
|
|
|
### Customer Visibility
|
|
|
|
```txt
|
|
Sales A
|
|
cannot see
|
|
Sales B customer
|
|
```
|
|
|
|
---
|
|
|
|
### Contact Sharing
|
|
|
|
```txt
|
|
Shared Contact
|
|
visible
|
|
|
|
Unshared Contact
|
|
hidden
|
|
```
|
|
|
|
---
|
|
|
|
### Approval Visibility
|
|
|
|
```txt
|
|
Approver
|
|
can access
|
|
|
|
Non-Approver
|
|
cannot access
|
|
```
|
|
|
|
---
|
|
|
|
### Marketing
|
|
|
|
```txt
|
|
can monitor lead
|
|
cannot view quotation pricing
|
|
```
|
|
|
|
---
|
|
|
|
### CRM Admin
|
|
|
|
```txt
|
|
full access
|
|
```
|
|
|
|
---
|
|
|
|
# Scope L3.1.9 Security Audit Logging
|
|
|
|
Extend:
|
|
|
|
```txt
|
|
crm_security_access
|
|
```
|
|
|
|
Events:
|
|
|
|
```txt
|
|
customer_scope_violation
|
|
contact_scope_violation
|
|
approval_scope_violation
|
|
```
|
|
|
|
Payload:
|
|
|
|
```txt
|
|
userId
|
|
entityId
|
|
entityType
|
|
reason
|
|
resolvedScope
|
|
```
|
|
|
|
---
|
|
|
|
# Scope L3.1.10 Security Inventory Update
|
|
|
|
Update:
|
|
|
|
```txt
|
|
docs/security/crm-access-enforcement-inventory.md
|
|
```
|
|
|
|
Status should become:
|
|
|
|
```txt
|
|
Protected
|
|
```
|
|
|
|
for:
|
|
|
|
```txt
|
|
Customers
|
|
Contacts
|
|
Approvals
|
|
```
|
|
|
|
Remove:
|
|
|
|
```txt
|
|
Partially Protected
|
|
```
|
|
|
|
classification where resolved.
|
|
|
|
---
|
|
|
|
# Scope L3.1.11 Authorization Boundary Review
|
|
|
|
Update:
|
|
|
|
```txt
|
|
docs/security/crm-authorization-boundaries.md
|
|
```
|
|
|
|
Document final behavior for:
|
|
|
|
```txt
|
|
Customer
|
|
Contact
|
|
Lead
|
|
Enquiry
|
|
Quotation
|
|
Approval
|
|
Dashboard
|
|
Artifacts
|
|
Settings
|
|
```
|
|
|
|
This becomes the official CRM authorization reference.
|
|
|
|
---
|
|
|
|
# Verification Matrix
|
|
|
|
## Sales A
|
|
|
|
Expected:
|
|
|
|
```txt
|
|
Own Customers
|
|
Own Contacts
|
|
Own Quotations
|
|
```
|
|
|
|
Cannot:
|
|
|
|
```txt
|
|
Access Sales B records
|
|
```
|
|
|
|
---
|
|
|
|
## Sales Manager
|
|
|
|
Expected:
|
|
|
|
```txt
|
|
Team Customers
|
|
Team Contacts
|
|
Team Quotations
|
|
```
|
|
|
|
within scope.
|
|
|
|
---
|
|
|
|
## Marketing
|
|
|
|
Expected:
|
|
|
|
```txt
|
|
Lead Monitoring
|
|
Follow-Ups
|
|
Assignments
|
|
```
|
|
|
|
Cannot:
|
|
|
|
```txt
|
|
View Pricing
|
|
View Revenue
|
|
View Approval Detail
|
|
```
|
|
|
|
---
|
|
|
|
## Approver
|
|
|
|
Expected:
|
|
|
|
```txt
|
|
Can Access Pending Approval
|
|
Can Access Approval Detail
|
|
```
|
|
|
|
---
|
|
|
|
## Non Approver
|
|
|
|
Expected:
|
|
|
|
```txt
|
|
Cannot Access Approval Detail
|
|
```
|
|
|
|
---
|
|
|
|
## CRM Admin
|
|
|
|
Expected:
|
|
|
|
```txt
|
|
Full CRM Access
|
|
```
|
|
|
|
---
|
|
|
|
# Deliverables
|
|
|
|
1. Customer Ownership Enforcement
|
|
2. Contact Ownership Enforcement
|
|
3. Contact Sharing Validation
|
|
4. Approval Visibility Enforcement
|
|
5. Approval Dashboard Hardening
|
|
6. Security Fixture Expansion
|
|
7. Security Audit Events
|
|
8. Updated Security Inventory
|
|
9. Authorization Boundary Review
|
|
|
|
---
|
|
|
|
# Definition of Done
|
|
|
|
Task L.3.1 is complete when:
|
|
|
|
* customer visibility uses resolved CRM access
|
|
* contact visibility uses resolved CRM access
|
|
* contact sharing still works
|
|
* approval visibility is secured
|
|
* approval detail is secured
|
|
* approval dashboard respects scope
|
|
* security regression scenarios pass
|
|
* security inventory updated
|
|
* authorization boundary documentation updated
|
|
|
|
Result:
|
|
|
|
```txt
|
|
Authorization Foundation = CLOSED
|
|
CRM Security Boundary = PRODUCTION READY
|
|
CRM UAT Security Baseline = READY
|
|
```
|