Back to the Atlas
Platform Foundation

RBAC & Permissions

A formal `module.resource.action` permission model, tenant-scoped roles, and per-LOB access scoping — composable rather than role-explosion.

Why this matters for enterprise procurement

Permissions in BPO operations are inherently multi-dimensional: a supervisor on ClientA's English LOB should never see ClientB's data. FrontLine's RBAC enforces that at the policy layer, so building a new role doesn't require duplicating ten existing ones with different scope filters.

How it's implemented

Composable permissions, not a labyrinth of overlapping roles

Every permission is a string in the form `<module>.<resource>.<action>` (e.g., `recruiting.requisition.create`). Roles are bundles of permissions. Roles are always tenant-scoped — there is no global super-admin. Per-user role bindings can additionally scope to a specific client or LOB, so the same role assigned twice (once per client) gives different effective access. The `client` role is hard-wired to client-portal endpoints only.

Capabilities

What's covered out of the box

Module.resource.action permission registry (180+ permissions)
Tenant-scoped roles — no cross-tenant super-admin exists
Per-user, per-client, per-LOB role bindings
Role catalog with sensible defaults (Tenant Admin, HR Admin, WFM Analyst, QA Lead, Recruiter, Supervisor, Client)
Custom roles authored in-product with permission picker
Authorization decisions logged with the permission name on every denied request
Permission changes captured in the audit trail
Effective-permissions debug view per user
Standards & compliance

Audit-ready artifacts your reviewers can lean on

  • SOC 2 Type II — logical access controls
  • ISO/IEC 27001 A.9 Access Control
  • Least-privilege defaults across the role catalog
  • Quarterly role-review report available for compliance
Procurement FAQ

What security and compliance reviewers actually ask

Can we use our existing IdP groups to drive roles?+
Yes. SAML and SCIM both carry group claims, which map to FrontLine roles via configured assertions. Role changes ride your IdP.
How do you prevent privilege escalation?+
Only Tenant Admin can assign roles, and Tenant Admin assignment itself is a separate permission gated behind an approval flow. Privilege-escalation attempts are logged.
Can a supervisor be scoped to only their LOB?+
Yes — role bindings accept optional client and LOB scopes. A Supervisor on ClientA's English LOB sees only those agents, schedules, and QA scores.
Where can we review who has access to what?+
The Compliance Dashboard exposes an effective-access report per user with full role + scope expansion, exportable for audits.

Run this past your security team

We share security overviews, RLS policy DDL, audit-event schemas, and SOC 2 progress on request. Book a 30-minute security review with the founders.

Book a security reviewBack to the Atlas
Request Early Access
RBAC & Permissions — FrontLine Platform | FrontLine