This document presents a practical demonstration of how the ULPMS Resolution Engine compiles conflicting and multi-profile permissions for a single corporate user under the spec-driven AI strategy BMAD-METHOD.
Let’s evaluate the permissions resolved for the following user session:
Alex ArroyoUnimar LIMA-01Terminal Operator Profile (Linked to Template: OperatorBaseline_v1.0.0)Billing Guest Profile (Custom Local Profile)The following matrix represents the state of authorizations across assigned profiles and the final compiled access resolved at runtime:
| System | Menu | Option | Action | Profile 1: Operator (Template) | Profile 2: Billing Guest (Custom) | Final Compiled Access | Resolution Rationale |
| :— | :— | :— | :— | :—: | :—: | :—: | :— |
| Inventory | Containers | Check-In | create | ALLOW | None | ALLOW | Granted by Profile 1 (Operator). |
| Inventory | Containers | Check-In | read | ALLOW | None | ALLOW | Granted by Profile 1 (Operator). |
| Inventory | Containers | Delete | delete | None | None | DENY | Deny-by-Default (No active grant exists). |
| Billing | Invoices | View | read | None | ALLOW | ALLOW | Granted by Profile 2 (Billing Guest). |
| Billing | Invoices | Dispatch | update | ALLOW | DENY | DENY | Explicit Deny Overrides the Allow in Profile 1.
ALLOW is declared.DENY is present, the user inherits all active ALLOW blocks.DENY from any active profile instantly invalidates any matching ALLOW blocks across other profiles.