{ "metadata": { "generated_at": "2026-05-25T06:45:11.449409+00:00", "source_reports": [ "/root/.openclaw/workspace/talent-review-system/docs/roadmap/ALGORITHM_PERMISSION_POLICY_REGISTRY_APPLY_PREP.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/algorithm_permission_policy_registry_apply_prep.json", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/ALGORITHM_PERMISSION_POLICY_PREVIEW.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/algorithm_permission_policy_preview.json", "/var/www/talent-review/outputs/algorithm_schema_registry_v1.json", "/var/www/talent-review/outputs/algorithm_config_center_summary_v1.json", "/var/www/talent-review/outputs/assessment_template_permission_policy_registry_v1.json", "/var/www/talent-review/outputs/assessment_template_permission_impact_registry_v1.json" ], "stage": "P0_ALGORITHM_PERMISSION_POLICY_REGISTRY", "purpose": "只读算法配置权限策略 registry,用于权限策略、字段敏感级别、高风险审批、生命周期权限和影响预览。", "warning": "不改 active 权限,不执行 permission apply,不扩大权限,不执行算法。", "writes_database": false, "modifies_permissions": false, "expands_permissions": false, "executes_algorithm": false, "modifies_active_algorithm": false, "modifies_assessment_results": false, "modifies_profile_or_cadre": false, "modifies_org_capability_score": false, "modifies_people_action": false, "generates_business_effective_conclusion": false, "feishu_writeback_required": false, "permission_apply_required": false }, "policy_summary": { "permission_layer_count": 6, "role_count": 8, "field_sensitivity_level_count": 4, "high_risk_algorithm_type_count": 10, "matrix_count": 5, "linked_algorithm_schema_registry": "/outputs/algorithm_schema_registry_v1.json", "linked_algorithm_config_center_summary": "/outputs/algorithm_config_center_summary_v1.json" }, "permission_layers": [ { "layer_id": "page_permission", "layer_name": "页面权限", "purpose": "控制算法配置中心的页面权限边界。", "controlled_objects": [ "算法配置中心", "算法配置详情", "权重配置", "阈值配置", "九宫格配置", "一票否决配置", "人才标签规则", "风险标签规则", "推荐动作规则", "组织能力评分规则", "人事动作约束", "权限信号映射", "审计版本", "影响预览" ], "related_existing_permission_assets": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules" ], "p0_status": "readonly_policy_design", "p1_target": "algorithm_permission_policy table or registry-backed policy", "saas_target": "tenant-scoped algorithm permission policy with inheritance and approval flow customization", "risk_level": "high" }, { "layer_id": "data_scope_permission", "layer_name": "数据范围权限", "purpose": "控制算法配置中心的数据范围权限边界。", "controlled_objects": [ "全公司算法配置", "所辖组织算法配置", "本部门算法结果摘要", "自己团队的算法输出解释", "高风险算法", "干部相关算法", "组织能力评分算法", "已废弃算法版本", "历史版本" ], "related_existing_permission_assets": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules" ], "p0_status": "readonly_policy_design", "p1_target": "algorithm_permission_policy table or registry-backed policy", "saas_target": "tenant-scoped algorithm permission policy with inheritance and approval flow customization", "risk_level": "high" }, { "layer_id": "field_permission", "layer_name": "字段权限", "purpose": "控制算法配置中心的字段权限边界。", "controlled_objects": [ "final_score_weights", "capability_score_weights", "potential_score_weights", "performance_score_weights", "values_score_weights", "key_person_calibration_weights", "risk_rule_thresholds", "nine_box_thresholds", "one_vote_veto", "talent_tag_rules", "risk_tag_rules", "recommended_action_rules", "org_capability_scoring", "cadre_validation_mapping", "people_action_constraint", "permission_signal_mapping", "external_mapping", "rollback_ref", "audit_override", "business_effective_flag" ], "related_existing_permission_assets": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules" ], "p0_status": "readonly_policy_design", "p1_target": "algorithm_permission_policy table or registry-backed policy", "saas_target": "tenant-scoped algorithm permission policy with inheritance and approval flow customization", "risk_level": "critical" }, { "layer_id": "action_permission", "layer_name": "动作权限", "purpose": "控制算法配置中心的动作权限边界。", "controlled_objects": [ "view_algorithm", "create_algorithm_draft", "edit_algorithm_draft", "clone_algorithm_config", "preview_algorithm_impact", "submit_review", "approve_algorithm", "reject_algorithm", "apply_algorithm", "deprecate_algorithm", "rollback_algorithm", "export_algorithm_config", "view_algorithm_audit", "run_preview_algorithm", "run_business_effective_algorithm" ], "related_existing_permission_assets": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules" ], "p0_status": "readonly_policy_design", "p1_target": "algorithm_permission_policy table or registry-backed policy", "saas_target": "tenant-scoped algorithm permission policy with inheritance and approval flow customization", "risk_level": "high" }, { "layer_id": "approval_permission", "layer_name": "审批权限", "purpose": "控制算法配置中心的审批权限边界。", "controlled_objects": [ "普通权重配置", "阈值配置", "九宫格阈值", "一票否决规则", "干部 validation 映射", "组织能力评分", "人事动作约束", "权限信号映射", "外部系统映射", "business-effective 算法结论" ], "related_existing_permission_assets": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules" ], "p0_status": "readonly_policy_design", "p1_target": "algorithm_permission_policy table or registry-backed policy", "saas_target": "tenant-scoped algorithm permission policy with inheritance and approval flow customization", "risk_level": "critical" }, { "layer_id": "config_permission", "layer_name": "配置权限", "purpose": "控制算法配置中心的配置权限边界。", "controlled_objects": [ "权重", "阈值", "九宫格", "一票否决", "人才标签", "风险标签", "推荐动作", "组织能力评分", "人事动作约束", "权限信号", "算法生命周期", "算法权限策略本身" ], "related_existing_permission_assets": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules" ], "p0_status": "readonly_policy_design", "p1_target": "algorithm_permission_policy table or registry-backed policy", "saas_target": "tenant-scoped algorithm permission policy with inheritance and approval flow customization", "risk_level": "high" } ], "role_policies": { "Employee": { "page_access": [], "data_scope": [ "own_result_explanation_summary" ], "visible_field_levels": [ "Public / low when embedded in own explanation" ], "editable_field_levels": [], "allowed_actions": [], "approval_capability": [], "config_capability": [], "lifecycle_allowed_states": [], "export_capability": false, "audit_capability": false, "restricted_actions": [ "view_algorithm_config", "edit", "approve", "apply", "run_algorithm" ] }, "Manager": { "page_access": [ "team_result_explanation_summary" ], "data_scope": [ "own_team_summary" ], "visible_field_levels": [ "Public / low", "Internal / medium summaries" ], "editable_field_levels": [], "allowed_actions": [ "view_team_algorithm_explanation" ], "approval_capability": [], "config_capability": [], "lifecycle_allowed_states": [], "export_capability": false, "audit_capability": false, "restricted_actions": [ "view_sensitive_weights", "view_critical_thresholds", "approve_algorithm", "apply_algorithm" ] }, "HRBP": { "page_access": [ "algorithm_summary", "impact_preview_summary" ], "data_scope": [ "hrbp_org_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high summaries" ], "editable_field_levels": [], "allowed_actions": [ "view_algorithm", "preview_algorithm_impact", "submit_config_suggestion" ], "approval_capability": [], "config_capability": [ "suggest_applicability" ], "lifecycle_allowed_states": [], "export_capability": "summary_only", "audit_capability": false, "restricted_actions": [ "edit_global_weights", "edit_one_vote_veto", "edit_people_action_constraint", "apply_algorithm" ] }, "HR Owner": { "page_access": [ "algorithm_config_center", "draft_detail", "impact_preview", "audit_summary" ], "data_scope": [ "company_or_authorized_hr_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high draft" ], "allowed_actions": [ "view_algorithm", "create_algorithm_draft", "edit_algorithm_draft", "clone_algorithm_config", "preview_algorithm_impact", "submit_review", "view_algorithm_audit" ], "approval_capability": [ "ordinary_weight_review" ], "config_capability": [ "weight_draft", "tag_draft", "recommended_action_draft" ], "lifecycle_allowed_states": [ "Draft", "Preview", "Review" ], "export_capability": false, "audit_capability": true, "restricted_actions": [ "direct_apply", "single_person_high_risk_apply", "audit_bypass" ] }, "Boss / Executive": { "page_access": [ "executive_algorithm_summary", "high_risk_approval", "impact_preview" ], "data_scope": [ "company_summary", "authorized_executive_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high summaries", "Restricted / critical approval view" ], "editable_field_levels": [], "allowed_actions": [ "view_algorithm", "approve_algorithm", "reject_algorithm", "view_algorithm_audit" ], "approval_capability": [ "one_vote_veto", "cadre_validation_mapping", "org_capability_scoring", "people_action_constraint", "business_effective_conclusion" ], "config_capability": [], "lifecycle_allowed_states": [ "Approve" ], "export_capability": "summary_only", "audit_capability": true, "restricted_actions": [ "edit_low_level_fields", "direct_apply_without_audit" ] }, "System Admin": { "page_access": [ "technical_admin_views" ], "data_scope": [ "system_config_scope" ], "visible_field_levels": [ "technical_metadata", "permission_binding_metadata" ], "editable_field_levels": [ "technical_config_only" ], "allowed_actions": [ "view_algorithm_audit", "maintain_system_config" ], "approval_capability": [], "config_capability": [ "technical_permission_binding" ], "lifecycle_allowed_states": [], "export_capability": false, "audit_capability": true, "restricted_actions": [ "business_algorithm_approval", "single_apply", "self_grant_high_risk_permission" ] }, "Auditor": { "page_access": [ "audit_version", "rollback_record", "approval_record" ], "data_scope": [ "audit_scope" ], "visible_field_levels": [ "all_levels_readonly_with_masking_for_sensitive_payload" ], "editable_field_levels": [], "allowed_actions": [ "view_algorithm_audit", "export_audit_summary" ], "approval_capability": [], "config_capability": [], "lifecycle_allowed_states": [ "Audit", "Rollback" ], "export_capability": "audit_summary_only", "audit_capability": true, "restricted_actions": [ "edit", "approve", "apply", "run_algorithm" ] }, "Algorithm Config Admin": { "page_access": [ "algorithm_config_center", "object_structure", "draft_detail", "impact_preview" ], "data_scope": [ "authorized_algorithm_config_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical draft with approval context" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high draft", "Restricted / critical draft only with gate" ], "allowed_actions": [ "view_algorithm", "create_algorithm_draft", "edit_algorithm_draft", "clone_algorithm_config", "preview_algorithm_impact", "submit_review", "view_algorithm_audit" ], "approval_capability": [], "config_capability": [ "all_draft_config_objects" ], "lifecycle_allowed_states": [ "Draft", "Preview", "Review" ], "export_capability": false, "audit_capability": true, "restricted_actions": [ "single_person_apply_high_risk", "bypass_hr_boss_approval", "run_business_effective_algorithm" ] } }, "field_sensitivity_registry": { "Public / low": { "description": "低敏算法元数据,可用于页面摘要展示。", "example_fields": [ "algorithm_name", "algorithm_type", "applicable_scenario", "status" ], "who_can_view": [ "HRBP", "HR Owner", "Boss / Executive", "System Admin", "Auditor", "Algorithm Config Admin" ], "who_can_edit": [ "HR Owner", "Algorithm Config Admin" ], "approval_required": false, "export_allowed": true, "audit_required": true, "rollback_required": false }, "Internal / medium": { "description": "内部解释字段和非高危展示标签。", "example_fields": [ "general_label_mapping", "non-sensitive recommended_action", "non-critical display label", "algorithm_version summary" ], "who_can_view": [ "Manager summary", "HRBP", "HR Owner", "Boss / Executive", "Auditor", "Algorithm Config Admin" ], "who_can_edit": [ "HR Owner", "Algorithm Config Admin" ], "approval_required": true, "export_allowed": "summary_only", "audit_required": true, "rollback_required": true }, "Sensitive / high": { "description": "权重、阈值、标签规则、推荐动作规则等会影响算法解释的敏感配置。", "example_fields": [ "final_score_weights", "capability_score_weights", "potential_score_weights", "performance_score_weights", "values_score_weights", "risk_rule_thresholds", "nine_box_thresholds", "talent_tag_rules", "risk_tag_rules", "recommended_action_rules" ], "who_can_view": [ "HR Owner", "Boss / Executive approval view", "Auditor", "Algorithm Config Admin" ], "who_can_edit": [ "HR Owner draft", "Algorithm Config Admin draft" ], "approval_required": true, "export_allowed": "restricted_approval_or_audit_only", "audit_required": true, "rollback_required": true }, "Restricted / critical": { "description": "一票否决、干部 validation、人事动作、权限信号、外部反写和 business-effective 规则。", "example_fields": [ "one_vote_veto", "cadre_validation_mapping", "people_action_constraint", "org_canvas_constraint", "org_capability_critical_score", "permission_signal_mapping", "external_writeback_mapping", "business_effective_conclusion_rule", "rollback_ref", "audit_override" ], "who_can_view": [ "HR Owner controlled view", "Boss / Executive approval view", "Auditor", "Algorithm Config Admin gated draft" ], "who_can_edit": [ "Algorithm Config Admin gated draft", "HR Owner gated draft" ], "approval_required": true, "export_allowed": false, "audit_required": true, "rollback_required": true } }, "high_risk_algorithm_policy": [ { "algorithm_risk_type": "one_vote_veto", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "nine_box_thresholds", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "promotion_readiness", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "elimination_risk", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "cadre_validation_mapping", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "people_action_constraint", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "org_capability_scoring", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "permission_signal_mapping", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": true, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "external_mapping", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "algorithm_risk_type": "business_effective_conclusion", "risk_reason": "可能影响 Talent Review、干部档案、组织能力、组织画布、人事动作或权限安全边界。", "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true } ], "lifecycle_permission_policy": { "Draft": { "allowed_roles": [ "HR Owner", "Algorithm Config Admin" ], "allowed_actions": [ "create_algorithm_draft", "edit_algorithm_draft", "clone_algorithm_config" ], "locked_fields": [], "required_approval": false, "audit_required": false, "rollback_allowed": false, "business_effective_allowed": false, "executes_algorithm_allowed": false }, "Preview": { "allowed_roles": [ "HR Owner", "HRBP", "Algorithm Config Admin", "Boss / Executive" ], "allowed_actions": [ "preview_algorithm_impact", "run_preview_algorithm" ], "locked_fields": [ "apply_fields" ], "required_approval": false, "audit_required": false, "rollback_allowed": false, "business_effective_allowed": false, "executes_algorithm_allowed": false }, "Review": { "allowed_roles": [ "HR Owner", "Algorithm Config Admin" ], "allowed_actions": [ "submit_review", "view_algorithm" ], "locked_fields": [ "all_config_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "executes_algorithm_allowed": false }, "Approve": { "allowed_roles": [ "Boss / Executive", "Permission Admin when permission affected", "Security / Audit when critical external affected" ], "allowed_actions": [ "approve_algorithm", "reject_algorithm" ], "locked_fields": [ "all_config_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "executes_algorithm_allowed": false }, "Apply": { "allowed_roles": [ "authorized HR Owner", "Algorithm Config Admin with approval" ], "allowed_actions": [ "apply_algorithm" ], "locked_fields": [ "all_config_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": false, "executes_algorithm_allowed": "separate_gate_required" }, "Effective": { "allowed_roles": [ "authorized business readers", "Auditor" ], "allowed_actions": [ "view_algorithm", "view_algorithm_audit" ], "locked_fields": [ "active_config_fields" ], "required_approval": false, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": true, "executes_algorithm_allowed": "separate_gate_required" }, "Deprecated": { "allowed_roles": [ "HR Owner", "Auditor", "Algorithm Config Admin" ], "allowed_actions": [ "view_algorithm", "view_algorithm_audit" ], "locked_fields": [ "historical_config_fields" ], "required_approval": false, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "executes_algorithm_allowed": "separate_gate_required" }, "Rollback": { "allowed_roles": [ "Boss / Executive", "HR Owner", "Auditor", "Algorithm Config Admin" ], "allowed_actions": [ "rollback_algorithm", "view_algorithm_audit" ], "locked_fields": [ "rollback_target" ], "required_approval": true, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": false, "executes_algorithm_allowed": "separate_gate_required" } }, "algorithm_permission_impact_preview_model": { "affected_users": "array_or_boolean", "affected_roles": "array_or_boolean", "newly_visible_fields": "array_or_boolean", "newly_hidden_fields": "array_or_boolean", "newly_granted_actions": "array_or_boolean", "revoked_actions": "array_or_boolean", "affected_algorithm_tags": "array_or_boolean", "affected_nine_box_positions": "array_or_boolean", "affected_one_vote_veto": "array_or_boolean", "affected_cadre_validation": "array_or_boolean", "affected_org_capability_score": "array_or_boolean", "affected_org_canvas_constraints": "array_or_boolean", "affected_people_action_recommendations": "array_or_boolean", "affected_permission_signals": "array_or_boolean", "business_effective_risk": "array_or_boolean", "external_writeback_risk": "array_or_boolean" }, "existing_permission_asset_mapping": { "permission_roles": "映射到 Employee / Manager / HRBP / HR Owner / Boss / Executive / System Admin / Auditor / Algorithm Config Admin。", "permission_subjects": "映射到用户、角色、组织、岗位、算法配置主体和审批主体。", "page_permission_rules": "映射算法配置中心、详情、权重、阈值、九宫格、一票否决、审计版本、影响预览页面访问。", "data_scope_rules": "映射全公司、所辖组织、本部门、团队摘要、高风险算法、历史版本范围。", "field_permission_rules": "映射 Public/Internal/Sensitive/Restricted 算法字段。", "action_permission_rules": "映射 create/edit/approve/apply/rollback/export/audit/run preview/run business-effective。", "reviewer_scope": "继承评价关系和算法输入范围,避免算法输出越权扩展 reviewer scope。", "cadre_conclusion_field_rules": "映射干部相关算法结果字段可见性,防止 preview 算法生成正式干部结论。" }, "matrices": { "role_action_matrix": { "Employee": { "view_algorithm": false, "create_algorithm_draft": false, "edit_algorithm_draft": false, "preview_algorithm_impact": false, "submit_review": false, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": false, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "Manager": { "view_algorithm": false, "create_algorithm_draft": false, "edit_algorithm_draft": false, "preview_algorithm_impact": false, "submit_review": false, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": false, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "HRBP": { "view_algorithm": true, "create_algorithm_draft": false, "edit_algorithm_draft": false, "preview_algorithm_impact": true, "submit_review": false, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": false, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "HR Owner": { "view_algorithm": true, "create_algorithm_draft": true, "edit_algorithm_draft": true, "preview_algorithm_impact": true, "submit_review": true, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": true, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "Boss / Executive": { "view_algorithm": true, "create_algorithm_draft": false, "edit_algorithm_draft": false, "preview_algorithm_impact": false, "submit_review": false, "approve_algorithm": true, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": true, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "System Admin": { "view_algorithm": false, "create_algorithm_draft": false, "edit_algorithm_draft": false, "preview_algorithm_impact": false, "submit_review": false, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": true, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "Auditor": { "view_algorithm": false, "create_algorithm_draft": false, "edit_algorithm_draft": false, "preview_algorithm_impact": false, "submit_review": false, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": true, "run_preview_algorithm": false, "run_business_effective_algorithm": false }, "Algorithm Config Admin": { "view_algorithm": true, "create_algorithm_draft": true, "edit_algorithm_draft": true, "preview_algorithm_impact": true, "submit_review": true, "approve_algorithm": false, "apply_algorithm": false, "rollback_algorithm": false, "export_algorithm_config": false, "view_algorithm_audit": true, "run_preview_algorithm": false, "run_business_effective_algorithm": false } }, "role_field_sensitivity_matrix": { "Employee": { "Public / low": true, "Internal / medium": false, "Sensitive / high": false, "Restricted / critical": false }, "Manager": { "Public / low": true, "Internal / medium": true, "Sensitive / high": false, "Restricted / critical": false }, "HRBP": { "Public / low": true, "Internal / medium": true, "Sensitive / high": true, "Restricted / critical": false }, "HR Owner": { "Public / low": true, "Internal / medium": true, "Sensitive / high": true, "Restricted / critical": false }, "Boss / Executive": { "Public / low": true, "Internal / medium": true, "Sensitive / high": true, "Restricted / critical": true }, "System Admin": { "Public / low": false, "Internal / medium": false, "Sensitive / high": false, "Restricted / critical": false }, "Auditor": { "Public / low": true, "Internal / medium": true, "Sensitive / high": true, "Restricted / critical": true }, "Algorithm Config Admin": { "Public / low": true, "Internal / medium": true, "Sensitive / high": true, "Restricted / critical": true } }, "lifecycle_action_matrix": { "Draft": { "allowed_roles": [ "HR Owner", "Algorithm Config Admin" ], "allowed_actions": [ "create_algorithm_draft", "edit_algorithm_draft", "clone_algorithm_config" ], "locked_fields": [], "approval_required": false, "business_effective": false }, "Preview": { "allowed_roles": [ "HR Owner", "HRBP", "Algorithm Config Admin", "Boss / Executive" ], "allowed_actions": [ "preview_algorithm_impact", "run_preview_algorithm" ], "locked_fields": [ "apply_fields" ], "approval_required": false, "business_effective": false }, "Review": { "allowed_roles": [ "HR Owner", "Algorithm Config Admin" ], "allowed_actions": [ "submit_review", "view_algorithm" ], "locked_fields": [ "all_config_fields" ], "approval_required": true, "business_effective": false }, "Approve": { "allowed_roles": [ "Boss / Executive", "Permission Admin when permission affected", "Security / Audit when critical external affected" ], "allowed_actions": [ "approve_algorithm", "reject_algorithm" ], "locked_fields": [ "all_config_fields" ], "approval_required": true, "business_effective": false }, "Apply": { "allowed_roles": [ "authorized HR Owner", "Algorithm Config Admin with approval" ], "allowed_actions": [ "apply_algorithm" ], "locked_fields": [ "all_config_fields" ], "approval_required": true, "business_effective": "separate_gate_required" }, "Effective": { "allowed_roles": [ "authorized business readers", "Auditor" ], "allowed_actions": [ "view_algorithm", "view_algorithm_audit" ], "locked_fields": [ "active_config_fields" ], "approval_required": false, "business_effective": true }, "Deprecated": { "allowed_roles": [ "HR Owner", "Auditor", "Algorithm Config Admin" ], "allowed_actions": [ "view_algorithm", "view_algorithm_audit" ], "locked_fields": [ "historical_config_fields" ], "approval_required": false, "business_effective": false }, "Rollback": { "allowed_roles": [ "Boss / Executive", "HR Owner", "Auditor", "Algorithm Config Admin" ], "allowed_actions": [ "rollback_algorithm", "view_algorithm_audit" ], "locked_fields": [ "rollback_target" ], "approval_required": true, "business_effective": "restore_previous_approved_state" } }, "high_risk_approval_matrix": { "one_vote_veto": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "nine_box_thresholds": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "promotion_readiness": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "elimination_risk": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "cadre_validation_mapping": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "people_action_constraint": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "org_capability_scoring": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "permission_signal_mapping": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": true, "security_audit_required": false }, "external_mapping": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true }, "business_effective_conclusion": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true }, "org_canvas_constraint_algorithm": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false }, "field_visibility_algorithm": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": true, "security_audit_required": false }, "feishu_external_writeback_algorithm": { "required_review_role": [ "HR Owner", "Algorithm Config Admin" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true } }, "permission_asset_mapping_matrix": { "who_can_view": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules" ], "who_can_create": [ "permission_roles", "action_permission_rules" ], "who_can_edit": [ "permission_roles", "field_permission_rules", "action_permission_rules" ], "who_can_submit_review": [ "permission_roles", "action_permission_rules" ], "who_can_approve": [ "permission_roles", "action_permission_rules", "cadre_conclusion_field_rules" ], "who_can_apply": [ "permission_roles", "action_permission_rules", "approval_policy" ], "who_can_rollback": [ "permission_roles", "action_permission_rules", "audit_logs" ], "sensitive_field_visibility": [ "field_permission_rules", "cadre_conclusion_field_rules" ], "critical_rule_visibility": [ "field_permission_rules", "security_audit_policy" ], "data_scope_rules": [ "data_scope_rules", "reviewer_scope" ], "action_rules": [ "action_permission_rules" ] } }, "p0_p1_saas_boundary": { "p0_static_permission_policy_items": [ "单租户", "静态权限设计", "不改 active 权限", "不开放在线算法权限配置", "不执行算法", "不生成 business-effective 结论", "只做权限矩阵、影响预览和人工审批参考" ], "p1_database_policy_schema_items": [ "algorithm_permission_policy table", "algorithm_field_permission_rules", "algorithm_action_permission_rules", "algorithm_approval_policy", "algorithm_policy_audit_version" ], "saas_tenant_permission_items": [ "租户级算法权限", "租户管理员", "租户自定义字段敏感级别", "角色模板", "权限继承与覆盖", "算法审批流自定义", "权限策略版本化", "权限模拟器", "API / Webhook" ] }, "validation_rules": { "registry_is_readonly": true, "json_load_required": true, "permission_layer_count_must_be_6": true, "role_count_must_be_8": true, "field_sensitivity_level_count_must_be_4": true, "high_risk_algorithm_type_count_must_be_10": true, "matrix_count_must_be_5": true, "no_database_write": true, "no_permission_change": true, "no_permission_expansion": true, "no_algorithm_execution": true, "no_active_algorithm_change": true, "no_assessment_result_change": true, "no_profile_or_cadre_change": true, "no_org_capability_change": true, "no_people_action_change": true, "no_business_effective_conclusion": true, "no_feishu_writeback": true } }