Roles & Permissions
The SPECS system uses two roles to enforce the document lifecycle: Task Executor and Task Manager. Permissions are checked on every action call, and unauthorized calls return 403 Forbidden.
Roles
👤 Task Executor
The person who creates and edits the document. Generates content, performs self-review, and sends review requests to the Manager.
Allowed actions (3):
draftingrequest-reviewcancel-review
👑 Task Manager
The lead of the role. Reviews the document and decides whether to approve it or request changes.
Allowed actions (6):
start-reviewapproverejecton-holdtrack-backchange
Permission matrix
| Action | 👤 Task Executor | 👑 Task Manager |
|---|---|---|
initialize | ✓ Allow | — |
delete | ✓ Allow | — |
drafting | ✓ Allow | — |
request-review | ✓ Allow | — |
cancel-review | ✓ Allow | — |
start-review | ✕ 403 | ✓ Allow |
approve | ✕ 403 | ✓ Allow |
reject | ✕ 403 | ✓ Allow |
on-hold | ✕ 403 | ✓ Allow |
track-back | ✕ 403 | ✓ Allow |
change | ✕ 403 | ✓ Allow |
Note
The initialize and delete actions on a newly created ticket are also restricted to the Executor — a Manager cannot start drafting on someone else's behalf.