Role Store
Component Detail
Data Layer
medium complexity
backend
0
Dependencies
0
Dependents
1
Entities
0
Integrations
Description
Persists the role assignment for each authenticated user within the consuming product's tenant boundary. Acts as the source of truth for role lookups performed by the Role Guard, keeping role data out of the portable Authentication Module.
role-store
Sources & reasoning
Source defines four roles and strict tenant isolation rules in §Core Roles, and lists RBAC under Mobile App Architecture Auth & Access as well as the §5 Fase 1 MVP scope (two mobile role profiles, two admin role profiles). Target_release matches the source phase name 'MVP'.
-
docs/source/likeperson.md · line 189-1934 defined user roles: Peer Mentor, Coordinator, Organization Administrator, Global Administrator
-
docs/source/likeperson.md · line 193No default access to an organization's operational data ... Tenant separation is strict ... Orgs can grant a Global Admin time-bounded support access
-
docs/source/likeperson.md · line 212Role-based access control - Peer Mentor and Coordinator roles
-
docs/source/likeperson.md · line 2422 mobilrolle-profiler: Peer Mentor, Coordinator (Organization Admins logger på som Coordinator i app-konteksten)
Responsibilities
- Store the assigned canonical role for each user (Peer Mentor, Coordinator, Org Admin, Global Admin)
- Provide fast role lookup keyed by user identifier
- Support role assignment and reassignment by authorized administrators
- Enforce tenant isolation so role records never leak across organizations
- Expose role metadata needed by the Role Guard for surface-boundary checks
Interfaces
getRole(userId): Role
assignRole(userId, role): void
listUsersByRole(role, tenantId): User[]
revokeRole(userId): void