{ "schema_version": "1.0", "baseline": "A-document-access-service-v1", "phase": "Batch 8 · local/dev auth", "updated_at": "2026-04-20", "owner": "session_a", "purpose_en": "Seed user store consumed by the document-access-service FastAPI backend. File-backed. Editable on disk; service re-reads on startup. NO password hashing; NO production deployment. Any request with the right email in this file is 'authenticated' — this is a LOCAL/DEV AUTH BACKEND only.", "purpose_th": "คลัง user สำหรับ backend auth แบบ local/dev · อ่านจากไฟล์ · ไม่ hash password · ห้าม deploy จริง", "honest_note": "This is a file-backed mock of an auth backend. No secrets. No password validation. Emails are the only identity. Server issues opaque session tokens but stores them in-process (lost on restart).", "users": [ { "profile_id": "u-admin-001", "email": "admin@pattayatogether.example", "display_name": "Admin · full access", "role": "admin", "status": "enabled", "scopes": ["read:*", "write:notes", "read:all-groups", "read:all-documents"], "visible_groups": ["start", "knowledge", "planning", "runtime", "operations", "journey"], "hidden_groups": [], "visible_documents": null, "hidden_documents": [], "restricted_documents": [], "preferred_language": "both", "stakeholder_tags": ["executive", "product", "governance"], "source_of_truth": "file-backed", "policy_note_en": "Full access. Informational role only." }, { "profile_id": "u-governance-001", "email": "governance@pattayatogether.example", "display_name": "Governance · planning + knowledge", "role": "governance", "status": "enabled", "scopes": ["read:planning", "read:knowledge", "read:operations"], "visible_groups": ["start", "knowledge", "planning", "operations"], "hidden_groups": ["runtime", "journey"], "visible_documents": null, "hidden_documents": [], "restricted_documents": [], "preferred_language": "en", "stakeholder_tags": ["governance", "compliance"], "source_of_truth": "file-backed", "policy_note_en": "Governance lens. Runtime + Journey hidden." }, { "profile_id": "u-sales-001", "email": "sales@pattayatogether.example", "display_name": "Sales · exec + knowledge", "role": "viewer", "status": "enabled", "scopes": ["read:knowledge", "read:journey"], "visible_groups": ["start", "knowledge", "journey"], "hidden_groups": ["planning", "runtime", "operations"], "visible_documents": null, "hidden_documents": [], "restricted_documents": [], "preferred_language": "both", "stakeholder_tags": ["sales", "executive"], "source_of_truth": "file-backed" }, { "profile_id": "u-developer-001", "email": "dev@pattayatogether.example", "display_name": "Developer · engineering", "role": "editor", "status": "enabled", "scopes": ["read:planning", "read:runtime", "read:operations"], "visible_groups": ["start", "planning", "runtime", "operations"], "hidden_groups": ["journey"], "visible_documents": null, "hidden_documents": [], "restricted_documents": [], "preferred_language": "en", "stakeholder_tags": ["developer", "product"], "source_of_truth": "file-backed" }, { "profile_id": "u-external-001", "email": "partner@external.example", "display_name": "External partner · preview", "role": "external", "status": "enabled", "scopes": ["read:preview"], "visible_groups": ["start", "knowledge"], "hidden_groups": ["planning", "runtime", "operations", "journey"], "visible_documents": null, "hidden_documents": [], "restricted_documents": [ "/planning/feature-flags-batch-4-readiness.html", "/runtime/feature-flags-service/phase-2b-plus.html" ], "preferred_language": "en", "stakeholder_tags": ["external"], "source_of_truth": "file-backed", "policy_note_en": "Preview access. Two docs restricted as banner examples." }, { "profile_id": "u-team-disabled-001", "email": "disabled@pattayatogether.example", "display_name": "Disabled · lockout demo", "role": "viewer", "status": "disabled", "scopes": [], "visible_groups": ["start"], "hidden_groups": [], "visible_documents": null, "hidden_documents": [], "restricted_documents": [], "preferred_language": "both", "stakeholder_tags": [], "source_of_truth": "file-backed", "policy_note_en": "Demonstrates disabled-user lockout: login succeeds once, /me and /resolve reject on every subsequent call." }, { "profile_id": "u-external-002", "email": "denied@external.example", "display_name": "External · explicit denial", "role": "external", "status": "enabled", "scopes": ["read:preview"], "visible_groups": ["start"], "hidden_groups": ["knowledge", "planning", "runtime", "operations", "journey"], "visible_documents": null, "hidden_documents": [ "/planning/document-access-model.html", "/planning/document-share-export.html" ], "restricted_documents": [], "preferred_language": "en", "stakeholder_tags": ["external"], "source_of_truth": "file-backed", "policy_note_en": "Demonstrates explicit deny (not-granted) + hidden-group for most groups." } ], "anonymous_profile": { "profile_id": "u-anonymous", "email": "(anonymous)", "display_name": "Anonymous", "role": "viewer", "status": "enabled", "scopes": ["read:public"], "visible_groups": ["start", "knowledge", "journey"], "hidden_groups": ["planning", "runtime", "operations"], "visible_documents": null, "hidden_documents": [], "restricted_documents": [], "preferred_language": "both", "stakeholder_tags": [], "source_of_truth": "file-backed", "policy_note_en": "Default fallback when no session. Planning/Runtime/Operations hidden from anonymous visitors." }, "honest_limits": [ "No password · any request carrying a known email receives a session.", "Session tokens are UUIDs stored in-process · lost on restart.", "No rate limiting · no login audit.", "No OAuth · no SSO.", "Roles are informational only beyond policy note rendering.", "Cross-device sync limited to wherever the cookie is visible." ], "cross_references": { "access_schema": "docs/assets/access/document_access_schema.json", "visibility_matrix": "docs/assets/access/document_visibility_matrix.json", "access_state_labels":"docs/assets/access/access_state_labels.json", "session_contract": "docs/runtime/document-access-service/session_contract.json", "access_contract": "docs/runtime/document-access-service/access_contract.json" } }