Part of the metadata liveness audit umbrella #1878 (P0 security cluster).
Problem
Role parent is dead. team-graph.ts:27 does not walk it, so the documented "managers see subordinates' data" rollup is unimplemented. A role hierarchy authored via parent confers no inherited visibility — managers do not actually gain access to their reports' records.
Decision required (enforce or remove)
- Enforce: have the team/role graph walk
parent so the manager-rollup (and any role_and_subordinates sharing recipient — see the SharingRule issue) resolves through the hierarchy.
- Remove: drop
parent from RoleSchema if hierarchical visibility is out of scope, and remove the "managers see subordinates" claim from the docs.
Evidence
docs/audits/2026-06-security-identity-property-liveness.md
team-graph.ts:27 (does not walk parent)
Note: closely related to the SharingRuleSchema issue (its role_and_subordinates recipient depends on this hierarchy walk).
Part of the metadata liveness audit umbrella #1878 (P0 security cluster).
Problem
Role
parentis dead.team-graph.ts:27does not walk it, so the documented "managers see subordinates' data" rollup is unimplemented. A role hierarchy authored viaparentconfers no inherited visibility — managers do not actually gain access to their reports' records.Decision required (enforce or remove)
parentso the manager-rollup (and anyrole_and_subordinatessharing recipient — see the SharingRule issue) resolves through the hierarchy.parentfromRoleSchemaif hierarchical visibility is out of scope, and remove the "managers see subordinates" claim from the docs.Evidence
docs/audits/2026-06-security-identity-property-liveness.mdteam-graph.ts:27(does not walkparent)