Skip to content

[P0][security] Role parent dead — manager-rollup unimplemented #1886

Description

@os-zhuang

Part of the metadata liveness audit umbrella #1878 (P0 security cluster).

Problem

Role parent is dead. team-graph.ts:27 does not walk it, so the documented "managers see subordinates' data" rollup is unimplemented. A role hierarchy authored via parent confers no inherited visibility — managers do not actually gain access to their reports' records.

Decision required (enforce or remove)

  • Enforce: have the team/role graph walk parent so the manager-rollup (and any role_and_subordinates sharing recipient — see the SharingRule issue) resolves through the hierarchy.
  • Remove: drop parent from RoleSchema if hierarchical visibility is out of scope, and remove the "managers see subordinates" claim from the docs.

Evidence

  • docs/audits/2026-06-security-identity-property-liveness.md
  • team-graph.ts:27 (does not walk parent)

Note: closely related to the SharingRuleSchema issue (its role_and_subordinates recipient depends on this hierarchy walk).

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority:p0Critical: blocker, must ship before MVPsecurity

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions