{ "metadata": { "generated_at": "2026-05-22T08:23:09.065930+00:00", "source_reports": [ "/root/.openclaw/workspace/talent-review-system/docs/roadmap/ASSESSMENT_TEMPLATE_PERMISSION_POLICY_REGISTRY_APPLY_PREP.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/assessment_template_permission_policy_registry_apply_prep.json", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/ASSESSMENT_TEMPLATE_PERMISSION_POLICY_SCHEMA_PREVIEW.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/assessment_template_permission_policy_schema_preview.json", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/ASSESSMENT_TEMPLATE_PERMISSION_PREVIEW.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/assessment_template_permission_preview.json", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/ASSESSMENT_TEMPLATE_SCHEMA_PREVIEW.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/assessment_template_schema_preview.json" ], "stage": "P0_JSON_REGISTRY", "purpose": "测评模板权限策略只读 registry,用于后续预览、审计、影响分析和未来迁移参考,不接入真实权限引擎生效链路。", "warning": "只读 registry;不修改 active 权限,不扩大权限,不执行 permission apply。", "writes_database": false, "modifies_active_permission": false, "expands_permission": false, "permission_apply_required": false }, "policy_summary": { "policy_schema_module_count": 12, "role_count": 7, "field_sensitivity_level_count": 4, "high_risk_strategy_count": 10, "matrix_count": 5 }, "policy_modules": [ { "module_id": "policy_base_info", "module_name": "policy 基础信息", "purpose": "定义权限策略身份、版本、状态、范围、风险级别和审计回滚引用。", "covered_fields": [ "permission_policy_id", "tenant_id_future", "template_id", "template_type", "template_version", "policy_name", "policy_version", "status", "risk_level", "policy_scope", "effective_from", "effective_to", "created_by", "updated_by", "reviewed_by", "approved_by", "applied_by", "audit_id", "rollback_ref" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" }, { "module_id": "page_access_policy", "module_name": "页面权限", "purpose": "控制谁能访问测评模板治理相关页面。", "covered_fields": [ "config_center", "template_detail", "question_bank", "dimensions", "weights", "evaluator_relationships", "applicable_scope", "assignment_rules", "result_mapping", "risk_rules", "lifecycle", "audit_version", "impact_preview" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" }, { "module_id": "data_scope_policy", "module_name": "数据范围", "purpose": "控制用户能看到哪些模板、组织范围和历史状态。", "covered_fields": [ "company_templates", "assigned_org_templates", "department_templates", "own_related_templates", "organization_health_templates", "cadre_review_templates", "high_risk_templates", "historical_versions", "deprecated_templates" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" }, { "module_id": "field_permission_policy", "module_name": "字段权限", "purpose": "按 Public / Internal / Sensitive / Restricted 控制字段可见、编辑、导出和审计。", "covered_fields": [ "template_name", "template_type", "dimension", "question_text", "applicable_scope", "assignment_rule", "weight_rule", "evaluator_weight", "risk_threshold", "result_mapping", "organization_capability_mapping", "cadre_validation_mapping", "one_vote_veto", "people_action_constraint", "permission_signal_mapping", "rollback_ref", "audit_override", "high_risk_approval_policy" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "high" }, { "module_id": "action_permission_policy", "module_name": "动作权限", "purpose": "控制模板治理动作,尤其 apply / rollback / export 等高风险动作。", "covered_fields": [ "view_template", "create_template", "edit_template", "clone_template", "submit_review", "approve_template", "reject_template", "apply_template", "deprecate_template", "rollback_template", "preview_impact", "view_audit", "export_template", "import_template" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "high" }, { "module_id": "approval_policy", "module_name": "审批权限", "purpose": "定义普通和高风险模板的审批角色和审批链。", "covered_fields": [ "normal_assessment_template", "values_assessment_template", "one_vote_veto_rule", "cadre_review_template", "promotion_assessment_template", "organization_health_assessment_template", "organization_capability_assessment_template", "people_action_result_mapping", "org_canvas_constraint_template", "external_mapping_template" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "high" }, { "module_id": "config_permission_policy", "module_name": "配置权限", "purpose": "控制谁能修改题库、维度、权重、映射、风险规则、生命周期和权限策略本身。", "covered_fields": [ "question_bank", "dimensions", "weights", "evaluator_relationships", "assignment_rules", "result_mapping", "risk_rules", "lifecycle", "permission_policy_self" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" }, { "module_id": "lifecycle_permission_policy", "module_name": "生命周期权限", "purpose": "按生命周期状态定义 allowed_roles、allowed_actions、locked_fields、审批、审计、回滚和写库边界。", "covered_fields": [ "Draft", "Preview", "Review", "Approve", "Apply", "Effective", "Deprecated", "Rollback" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" }, { "module_id": "high_risk_template_policy", "module_name": "高风险模板策略", "purpose": "约束价值观、一票否决、干部盘点、组织能力和影响人事动作/外部映射的模板。", "covered_fields": [ "high_risk_template_types", "high_risk_fields", "requires_impact_preview", "requires_hr_review", "requires_boss_approval", "requires_dual_control", "requires_audit", "rollback_required", "direct_apply_forbidden", "system_admin_single_apply_forbidden" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "high" }, { "module_id": "permission_impact_preview", "module_name": "权限影响预览", "purpose": "在权限或模板配置变化前预览人员、角色、字段、动作、结果映射和外部映射影响。", "covered_fields": [ "affected_users", "affected_roles", "affected_departments", "affected_positions", "affected_templates", "affected_fields", "newly_visible_fields", "newly_hidden_fields", "newly_granted_actions", "revoked_actions", "affected_results_mapping", "affected_people_action_constraints", "affected_org_canvas_constraints", "affected_external_mappings" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "high" }, { "module_id": "existing_permission_asset_mapping", "module_name": "现有权限资产映射", "purpose": "把现有权限引擎资产映射到 assessment_permission_policy。", "covered_fields": [ "permission_roles", "permission_subjects", "page_permission_rules", "data_scope_rules", "field_permission_rules", "action_permission_rules", "reviewer_scope", "cadre_conclusion_field_rules" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" }, { "module_id": "audit_version_policy", "module_name": "审计与版本", "purpose": "记录策略版本、差异、审批、生效和回滚点。", "covered_fields": [ "version", "diff_summary", "changed_by", "change_reason", "reviewed_by", "approved_by", "applied_by", "effective_from", "effective_to", "audit_log_ref", "rollback_ref" ], "related_existing_permission_assets": [], "p0_status": "readonly_registry", "p1_target": "assessment_permission_policies", "saas_target": "tenant_permission_policy_template", "risk_level": "medium" } ], "role_policies": [ { "role_id": "employee", "role_name": "Employee", "page_access": [ "own_assessment_task" ], "data_scope": "self_only", "visible_field_levels": [ "public_low" ], "editable_field_levels": [], "allowed_actions": [ "view_template_public_info" ], "approval_capability": [], "config_capability": [], "lifecycle_allowed_states": [ "Effective task only" ], "export_capability": "none", "audit_capability": "none", "restricted_actions": [ "create_template", "edit_template", "approve_template", "apply_template", "rollback_template", "view_sensitive_fields" ] }, { "role_id": "manager", "role_name": "Manager", "page_access": [ "team_template_description", "team_completion_status" ], "data_scope": "team_scope", "visible_field_levels": [ "public_low", "internal_medium_scoped" ], "editable_field_levels": [], "allowed_actions": [ "view_template", "preview_team_summary", "suggest_assessment_need" ], "approval_capability": [], "config_capability": [ "suggest_scope_only" ], "lifecycle_allowed_states": [ "Preview summary", "Effective summary" ], "export_capability": "scoped_summary_only", "audit_capability": "none", "restricted_actions": [ "edit_template", "view_one_vote_veto_detail", "apply_template", "rollback_template" ] }, { "role_id": "hrbp", "role_name": "HRBP", "page_access": [ "assigned_org_templates", "template_applicable_scope", "operation_status" ], "data_scope": "assigned_org_scope", "visible_field_levels": [ "public_low", "internal_medium", "sensitive_high_summary" ], "editable_field_levels": [], "allowed_actions": [ "view_template", "preview_impact_scoped", "suggest_applicable_scope" ], "approval_capability": [], "config_capability": [ "scope_suggestion_only" ], "lifecycle_allowed_states": [ "Draft suggestion", "Preview", "Effective summary" ], "export_capability": "scoped_summary_only", "audit_capability": "limited", "restricted_actions": [ "edit_global_weight", "edit_one_vote_veto", "edit_result_mapping", "apply_template" ] }, { "role_id": "hr_owner", "role_name": "HR Owner", "page_access": [ "config_center", "template_detail", "question_bank", "dimension", "weight", "risk_rule", "impact_preview", "audit_version" ], "data_scope": "hr_governed_scope", "visible_field_levels": [ "public_low", "internal_medium", "sensitive_high", "restricted_critical_by_approval" ], "editable_field_levels": [ "public_low", "internal_medium", "sensitive_high_draft" ], "allowed_actions": [ "view_template", "create_template", "edit_template", "clone_template", "submit_review", "preview_impact", "view_audit" ], "approval_capability": [ "normal_template_review" ], "config_capability": [ "question_bank", "dimensions", "weights", "relationships", "scope", "assignment_rules", "result_mapping", "risk_rules_draft" ], "lifecycle_allowed_states": [ "Draft", "Preview", "Review", "Apply after approval" ], "export_capability": "approval_required_for_sensitive", "audit_capability": "allow", "restricted_actions": [ "single_person_apply_high_risk_template", "bypass_audit" ] }, { "role_id": "boss_executive", "role_name": "Boss / Executive", "page_access": [ "executive_summary", "high_risk_approval" ], "data_scope": "executive_scope", "visible_field_levels": [ "public_low", "sensitive_high_summary", "restricted_critical_approval_view" ], "editable_field_levels": [], "allowed_actions": [ "view_template_summary", "approve_template", "reject_template", "approve_rollback" ], "approval_capability": [ "high_risk_template", "one_vote_veto", "cadre_review", "org_capability", "people_action_mapping" ], "config_capability": [], "lifecycle_allowed_states": [ "Approve", "Rollback approval" ], "export_capability": "deny_sensitive_raw", "audit_capability": "approval_related", "restricted_actions": [ "edit_question_bank", "direct_apply", "modify_active_template" ] }, { "role_id": "system_admin", "role_name": "System Admin", "page_access": [ "technical_policy", "engineering_audit" ], "data_scope": "system_admin_scope", "visible_field_levels": [ "technical_policy", "business_fields_by_approval" ], "editable_field_levels": [ "technical_policy_only" ], "allowed_actions": [ "maintain_technical_config", "view_audit", "technical_apply_after_approval" ], "approval_capability": [], "config_capability": [ "permission_policy_technical_draft" ], "lifecycle_allowed_states": [ "Technical Draft", "Apply after approval" ], "export_capability": "technical_only", "audit_capability": "allow", "restricted_actions": [ "approve_business_template", "self_grant_high_risk_permission", "single_apply_high_risk_template" ] }, { "role_id": "auditor", "role_name": "Auditor", "page_access": [ "audit_version", "approval_record", "rollback_record" ], "data_scope": "audit_scope", "visible_field_levels": [ "audit_read_only" ], "editable_field_levels": [], "allowed_actions": [ "view_audit", "view_version", "view_approval_record", "view_rollback_record" ], "approval_capability": [], "config_capability": [], "lifecycle_allowed_states": [ "Audit", "Version", "Rollback record" ], "export_capability": "audit_export_approved", "audit_capability": "allow", "restricted_actions": [ "edit_template", "approve_template", "apply_template", "rollback_template" ] } ], "field_sensitivity_registry": [ { "level_id": "public_low", "level_name": "Public / low", "description": "业务说明级字段,可让普通业务用户理解模板用途。", "example_fields": [ "template_name", "template_type", "scenario", "applicable_stage" ], "who_can_view": [ "Employee", "Manager", "HRBP", "HR Owner", "Boss / Executive", "System Admin", "Auditor" ], "who_can_edit": [ "HR Owner" ], "approval_required": false, "export_allowed": true, "audit_required": true, "rollback_required": false }, { "level_id": "internal_medium", "level_name": "Internal / medium", "description": "内部治理字段,涉及题目、维度、适用范围和发放规则。", "example_fields": [ "dimension", "question_text", "applicable_scope", "assignment_rule" ], "who_can_view": [ "Manager scoped", "HRBP scoped", "HR Owner", "Auditor" ], "who_can_edit": [ "HR Owner", "Delegated assessment admin" ], "approval_required": true, "export_allowed": "scoped_only", "audit_required": true, "rollback_required": true }, { "level_id": "sensitive_high", "level_name": "Sensitive / high", "description": "影响算法、风险和干部边界的敏感字段。", "example_fields": [ "weight_rule", "evaluator_weight", "risk_threshold", "result_mapping", "organization_capability_mapping", "cadre_validation_mapping" ], "who_can_view": [ "HR Owner", "Boss / Executive approval view", "Auditor" ], "who_can_edit": [ "HR Owner draft only" ], "approval_required": true, "export_allowed": false, "audit_required": true, "rollback_required": true }, { "level_id": "restricted_critical", "level_name": "Restricted / critical", "description": "可触发一票否决、人事动作、权限信号或审计覆盖的关键字段。", "example_fields": [ "one_vote_veto", "people_action_constraint", "permission_signal_mapping", "rollback_ref", "audit_override", "high_risk_approval_policy" ], "who_can_view": [ "HR Owner", "Boss / Executive", "Auditor" ], "who_can_edit": [ "HR Owner draft only after approval gate" ], "approval_required": true, "export_allowed": false, "audit_required": true, "rollback_required": true } ], "high_risk_template_policy": [ { "template_type": "values_assessment", "risk_reason": "价值观结果可触发风险标签和一票否决。", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "promotion_assessment", "risk_reason": "结果可能影响晋升和薪酬前置判断。", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "cadre_review_assessment", "risk_reason": "结果进入干部 validation 和干部池边界。", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "organization_health_assessment", "risk_reason": "结果影响组织健康判断和管理者工作台。", "required_review_role": "HR Owner / OD Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "organization_capability_assessment", "risk_reason": "结果影响组织能力评分、组织画布热力图和组织动作建议。", "required_review_role": "HR Owner / OD Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "one_vote_veto_template", "risk_reason": "一票否决会阻断晋升、调岗和干部动作。", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "people_action_constraint_template", "risk_reason": "结果直接限制人事动作。", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "org_canvas_constraint_template", "risk_reason": "结果影响组织画布动作约束。", "required_review_role": "HR Owner / OD Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "permission_signal_template", "risk_reason": "结果可能影响权限信号和可见范围。", "required_review_role": "HR Owner + Permission Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "template_type": "external_writeback_mapping_template", "risk_reason": "结果可能影响飞书或外部系统字段。", "required_review_role": "HR Owner + System Admin", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true } ], "matrices": { "role_action_matrix": [ { "role": "Employee", "view_template": "deny_or_gated", "create_template": "deny_or_gated", "edit_template": "deny_or_gated", "submit_review": "deny_or_gated", "approve_template": "deny_or_gated", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "deny_or_gated" }, { "role": "Manager", "view_template": "allow", "create_template": "deny_or_gated", "edit_template": "deny_or_gated", "submit_review": "deny_or_gated", "approve_template": "deny_or_gated", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "deny_or_gated" }, { "role": "HRBP", "view_template": "allow", "create_template": "deny_or_gated", "edit_template": "deny_or_gated", "submit_review": "deny_or_gated", "approve_template": "deny_or_gated", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "deny_or_gated" }, { "role": "HR Owner", "view_template": "allow", "create_template": "allow", "edit_template": "allow", "submit_review": "allow", "approve_template": "deny_or_gated", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "allow" }, { "role": "Boss / Executive", "view_template": "deny_or_gated", "create_template": "deny_or_gated", "edit_template": "deny_or_gated", "submit_review": "deny_or_gated", "approve_template": "allow", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "deny_or_gated" }, { "role": "System Admin", "view_template": "deny_or_gated", "create_template": "deny_or_gated", "edit_template": "deny_or_gated", "submit_review": "deny_or_gated", "approve_template": "deny_or_gated", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "allow" }, { "role": "Auditor", "view_template": "deny_or_gated", "create_template": "deny_or_gated", "edit_template": "deny_or_gated", "submit_review": "deny_or_gated", "approve_template": "deny_or_gated", "apply_template": "deny_or_gated", "rollback_template": "deny_or_gated", "export_template": "deny_or_gated", "view_audit": "allow" } ], "role_field_sensitivity_matrix": [ { "role": "Employee", "visible_field_levels": [ "public_low" ], "editable_field_levels": [] }, { "role": "Manager", "visible_field_levels": [ "public_low", "internal_medium_scoped" ], "editable_field_levels": [] }, { "role": "HRBP", "visible_field_levels": [ "public_low", "internal_medium", "sensitive_high_summary" ], "editable_field_levels": [] }, { "role": "HR Owner", "visible_field_levels": [ "public_low", "internal_medium", "sensitive_high", "restricted_critical_by_approval" ], "editable_field_levels": [ "public_low", "internal_medium", "sensitive_high_draft" ] }, { "role": "Boss / Executive", "visible_field_levels": [ "public_low", "sensitive_high_summary", "restricted_critical_approval_view" ], "editable_field_levels": [] }, { "role": "System Admin", "visible_field_levels": [ "technical_policy", "business_fields_by_approval" ], "editable_field_levels": [ "technical_policy_only" ] }, { "role": "Auditor", "visible_field_levels": [ "audit_read_only" ], "editable_field_levels": [] } ], "lifecycle_action_matrix": [ { "state": "Draft", "allowed_actions": [ "create_template", "edit_template", "preview_impact" ], "allowed_roles": [ "HR Owner" ], "locked_fields": [ "audit_id", "rollback_ref" ], "writes_database": false, "business_effective": false }, { "state": "Preview", "allowed_actions": [ "preview_impact", "view_template" ], "allowed_roles": [ "HR Owner", "HRBP scoped", "Manager summary", "Auditor" ], "locked_fields": [ "apply_template" ], "writes_database": false, "business_effective": false }, { "state": "Review", "allowed_actions": [ "view_diff", "review_template" ], "allowed_roles": [ "HR Owner", "Reviewer", "Auditor" ], "locked_fields": [ "template_content" ], "writes_database": false, "business_effective": false }, { "state": "Approve", "allowed_actions": [ "approve_template", "reject_template" ], "allowed_roles": [ "Boss / Executive", "HR Owner normal template" ], "locked_fields": [ "template_content", "policy_content" ], "writes_database": false, "business_effective": false }, { "state": "Apply", "allowed_actions": [ "apply_template" ], "allowed_roles": [ "Authorized HR Owner", "Authorized config admin after approval" ], "locked_fields": [ "approval_record" ], "writes_database": "future_only", "business_effective": "future_only" }, { "state": "Effective", "allowed_actions": [ "view_template", "view_audit" ], "allowed_roles": [ "scoped business roles" ], "locked_fields": [ "all_config_fields" ], "writes_database": false, "business_effective": true }, { "state": "Deprecated", "allowed_actions": [ "view_history", "view_audit" ], "allowed_roles": [ "HR Owner", "Auditor" ], "locked_fields": [ "all_config_fields" ], "writes_database": false, "business_effective": false }, { "state": "Rollback", "allowed_actions": [ "approve_rollback", "rollback_template" ], "allowed_roles": [ "Boss / Executive approval", "Authorized HR/config admin" ], "locked_fields": [ "rollback_ref" ], "writes_database": "future_only", "business_effective": "reverts_to_prior" } ], "high_risk_approval_matrix": [ { "template_type": "values_assessment", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "promotion_assessment", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "cadre_review_assessment", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "organization_health_assessment", "required_review_role": "HR Owner / OD Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "organization_capability_assessment", "required_review_role": "HR Owner / OD Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "one_vote_veto_true", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "people_action_constraint_mapping", "required_review_role": "HR Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "org_canvas_constraint_mapping", "required_review_role": "HR Owner / OD Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "permission_signal_mapping", "required_review_role": "HR Owner + Permission Owner", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true }, { "template_type": "external_writeback_mapping", "required_review_role": "HR Owner + System Admin", "required_approval_role": "Boss / Executive", "direct_apply_allowed": false, "rollback_required": true, "audit_required": true } ], "permission_asset_mapping_matrix": [ { "policy_module": "page_access_policy", "policy_fields": [ "config_center", "template_detail", "question_bank", "dimensions", "weights", "evaluator_relationships", "applicable_scope", "assignment_rules", "result_mapping", "risk_rules", "lifecycle", "audit_version", "impact_preview" ], "existing_permission_asset": "page_permission_rules" }, { "policy_module": "data_scope_policy", "policy_fields": [ "company_templates", "assigned_org_templates", "department_templates", "own_related_templates", "organization_health_templates", "cadre_review_templates", "high_risk_templates", "historical_versions", "deprecated_templates" ], "existing_permission_asset": "data_scope_rules" }, { "policy_module": "field_permission_policy", "policy_fields": [ "template_name", "template_type", "dimension", "question_text", "applicable_scope", "assignment_rule", "weight_rule", "evaluator_weight", "risk_threshold", "result_mapping", "organization_capability_mapping", "cadre_validation_mapping", "one_vote_veto", "people_action_constraint", "permission_signal_mapping", "rollback_ref", "audit_override", "high_risk_approval_policy" ], "existing_permission_asset": "field_permission_rules" }, { "policy_module": "action_permission_policy", "policy_fields": [ "view_template", "create_template", "edit_template", "clone_template", "submit_review", "approve_template", "reject_template", "apply_template", "deprecate_template", "rollback_template", "preview_impact", "view_audit", "export_template", "import_template" ], "existing_permission_asset": "action_permission_rules" }, { "policy_module": "policy_basic_info", "policy_fields": [ "created_by", "updated_by", "reviewed_by", "approved_by", "applied_by" ], "existing_permission_asset": "permission_subjects" }, { "policy_module": "approval_policy", "policy_fields": [ "approval roles" ], "existing_permission_asset": "permission_roles + action_permission_rules" }, { "policy_module": "existing_permission_asset_mapping", "policy_fields": [ "reviewer_scope" ], "existing_permission_asset": "reviewer scope" }, { "policy_module": "field_permission_policy", "policy_fields": [ "cadre_validation_mapping" ], "existing_permission_asset": "cadre_conclusion_field_rules" } ] }, "existing_permission_asset_mapping": [ { "existing_asset": "permission_roles", "maps_to": "template_config_roles" }, { "existing_asset": "permission_subjects", "maps_to": "template_config_subjects" }, { "existing_asset": "page_permission_rules", "maps_to": "page_access_policy" }, { "existing_asset": "data_scope_rules", "maps_to": "data_scope_policy" }, { "existing_asset": "field_permission_rules", "maps_to": "field_permission_policy" }, { "existing_asset": "action_permission_rules", "maps_to": "action_permission_policy" }, { "existing_asset": "reviewer_scope", "maps_to": "assessment_evaluator_relationship_scope" }, { "existing_asset": "cadre_conclusion_field_rules", "maps_to": "cadre_related_result_visibility" } ], "p0_p1_saas_boundary": { "p0_json_registry_items": [ "只读 JSON registry", "人工审批参考", "权限影响预览输入", "不改 active 权限", "不执行 permission apply" ], "p1_database_policy_schema_items": [ "assessment_permission_policies 表", "版本", "审批", "审计", "回滚", "权限影响预览" ], "saas_tenant_permission_items": [ "tenant_id", "租户级角色模板", "租户自定义字段敏感级别", "权限继承与覆盖", "审批流自定义", "权限模拟器", "API / Webhook" ] }, "validation_rules": [ "must_not_modify_active_permissions", "must_not_expand_permissions", "must_not_change_template_visibility", "must_not_change_result_visibility", "must_not_affect_reviewer_scope", "must_not_affect_cadre_field_permissions", "must_not_affect_permission_regression", "high_risk_strategies_readonly_only", "any_apply_requires_separate_gate" ] }