Tenant administrators and delegated branch managers need to review profile requests before users receive operational access. UMS must support approval, modification, and denial so the assigned profile matches the real business need, the request lifecycle is closed, and the decision remains auditable.
| Actor | Responsibility |
|---|---|
| Tenant Admin | Reviews profile requests across the tenant and assigns the final profile. |
| Branch Manager | Reviews profile requests for delegated branch scope. |
| Lobby User | Receives the decision and gains access only after a profile is assigned. |
| Auditor | Reviews who approved access, when, and what role was granted. |
The approver may approve the request with a role different from the requested one when a lower or more appropriate access level is required.
The approver may deny the request. The user remains without operational access for that system and branch.
If the selected role conflicts with existing roles or creates a separation-of-duties risk, the system warns the approver before the decision is completed.
| Rule | Description |
|---|---|
| BR-01 | Approval must be limited to the approver’s tenant or delegated branch scope. |
| BR-02 | The approver may grant the requested role or a different role within their authority. |
| BR-03 | Denial must keep the user without operational access for the requested scope. |
| BR-04 | The final role, approver, decision date, and decision reason must be auditable. |
| BR-05 | Role conflict and separation-of-duties warnings must be shown before final approval when detectable. |
| BR-06 | Every profile request must reach a terminal Approved or Denied status. |
| BR-07 | A final decision must trigger an automatic notification to the requester. |
| BR-08 | Requests cannot be deleted or hidden as a substitute for a final decision. |
| # | Acceptance Criterion |
|---|---|
| 1 | An authorized approver can see pending profile requests in their scope. |
| 2 | The approver can approve the requested role. |
| 3 | The approver can approve the request with a different role. |
| 4 | The approver can deny the request. |
| 5 | The system records approver, date, granted role, and decision outcome. |
| 6 | The user is notified after approval or denial. |
| 7 | The system warns about detectable role conflicts before approval. |
| 8 | A decided request is closed and no longer appears as pending. |
PROFILE_ASSIGNMENT decisions.| Type | References |
|---|---|
| Related Stories | FS-23, FS-05, FS-07, FS-14 |
| Domain Entities | ApprovalRequest, Profile, Role, UserAccount, Branch |
| Domain Events | ProfileAssignedToUserEvent, ApprovalRequestApprovedEvent, ApprovalRequestDeniedEvent |
| Notifications | ProfileRequestApproved, ProfileRequestDenied |
| ADRs | ADR-0075, ADR-0071 |