rbac-permissions-architect

The RBAC Permissions Architect skill empowers developers and architects to design robust, secure, and modular feature sets within the project's permission-based architecture. It provides a structured methodology for integrating new features into the multi-tenant context, ensuring that access control remains consistent and compliant with existing security principles. By leveraging this skill, users can systematically define workspace boundaries, resource permissions, and complex role-based logic without compromising system integrity.

• Expert guidance on the three core pillars: Workspaces, Features, and RBAC control mechanisms.

• Streamlined definition of permission matrices using CRUD+ action sets (e.g., boards.create, boards.read, card_comments.delete).

• Automated CASL (Ability-based) integration support, translating business requirements into type-safe TypeScript CASL rules.

• Architectural enforcement of special roles including Owner and Super Admin, ensuring proper bypass and restriction logic.

• Support for feature independence and workspace isolation, preventing unauthorized permission inheritance across organizational or project boundaries.

• Guidance on mapping database entities to CASL subjects using standard PascalCase and singular nomenclature.

• Use this skill during the Product Requirement Document (PRD) drafting phase to ensure security is built-in rather than bolted on.

• Consult the reference files including CONCEPTS.md, WORKSPACES.md, and PERMISSIONS.md for strict architectural compliance.

• Mandatory for tasks involving authorization, feature activation, or multi-tenant entity access patterns.

• Input requirements include the target workspace scope (Organization/Project), entity definitions, and desired user actions.

• Expected output is a comprehensive, CASL-ready design document that defines access control, visibility rules, and administrative overrides for the specific feature module.