← Back to all features
02
Identity & Access Management
44 features · 5 subsystems
User identity, authentication, authorization, and role management across the entire federation hierarchy. Leverages Craft-Easy's comprehensive auth stack and capability-based access control.
User Registration & Profile
F02.01 Platform+
| ID | Status | Features |
|---|---|---|
| F02.01.01 | Platform | Self-registration with email/phone verification |
| F02.01.02 | Platform | OAuth2 social login (Google, Microsoft, GitHub) |
| F02.01.03 | Planned | Player profile (name, DOB, nationality, photo, playing position) |
| F02.01.04 | Planned | Official profile (umpire grade, certifications, languages) |
| F02.01.05 | Planned | Administrator profile (federation, role, mandate period) |
| F02.01.06 | Planned | Multi-identity support (same person = player + umpire + coach) |
| F02.01.07 | Platform | Profile photo upload and management |
| F02.01.08 | Platform+ | Profile completion tracking and prompts |
| F02.01.09 | Platform | GDPR-compliant data export and deletion |
| F02.01.10 | Planned | Player ID card generation (digital + printable) |
| F02.01.11 | Planned | QR code identification for check-in at events |
Authentication
F02.02 Platform
| ID | Status | Features |
|---|---|---|
| F02.02.01 | Platform | Email + OTP login |
| F02.02.02 | Platform | OAuth2 (Google, Microsoft) |
| F02.02.03 | Platform | TOTP/2FA (authenticator app) |
| F02.02.04 | Platform | WebAuthn passkeys |
| F02.02.05 | Platform | JWT ES512 token-based sessions |
| F02.02.06 | Platform | Refresh token rotation |
| F02.02.07 | Platform | Rate limiting and abuse detection |
| F02.02.08 | Platform | M2M OAuth2 client credentials for integrations |
Role & Permission Management
F02.03 Platform+
### Predefined Role Templates
| ID | Status | Features |
|---|---|---|
| F02.03.01 | Platform | Capability-based access control (deny-by-default) |
| F02.03.02 | Platform | Role definition with capability sets |
| F02.03.03 | Platform | Role inheritance (e.g., national-admin inherits regional-admin) |
| F02.03.04 | Platform | Role assignment per user per tenant (+ OrgNode scope for regional/club roles) |
| F02.03.05 | Platform | Wildcard capabilities (e.g., competitions:*) |
| F02.03.06 | Platform | Sensitive field restrictions |
| F02.03.07 | Planned | Petanque-specific role templates (see below) |
| F02.03.08 | Platform | Access debugging tools |
| F02.03.09 | Planned | Temporary role grants (e.g., tournament director for one event) |
| F02.03.10 | Planned | Role request and approval workflow |
Organization Hierarchy Access
F02.04 Platform+
Two-layer access model: **Standalone tenants** for hard isolation (every federation is independent), **OrgNodes** (districts → clubs) for scoping within national tenants.
| ID | Status | Features |
|---|---|---|
| F02.04.01 | Platform | Tenant-scoped data isolation (every federation is a standalone tenant) |
| F02.04.02 | Planned | Public APIs for cross-tenant interactions (license verification, ITC, squad submission) |
| F02.04.03 | Planned | Linked player identity across tenants (same auth, separate profiles) |
| F02.04.04 | Platform+ | District-based scope filtering (district admin sees clubs/players in their OrgNode subtree) |
| F02.04.05 | Planned | Delegation of authority (federation admin delegates to assistant) |
| F02.04.06 | Platform | Club OrgNode management within national tenant |
| F02.04.07 | Platform+ | Role assignment scoped to OrgNode (club president only manages their club) |
| F02.04.08 | Platform+ | Role assignment scoped to district OrgNode (district admin) |
Privacy & Consent
F02.05 Platform+
| ID | Status | Features |
|---|---|---|
| F02.05.01 | Platform+ | GDPR data subject rights — GET /me/data-export, POST /me/data-deletion-request with anonymisation (PL-208) |
| F02.05.02 | Platform+ | Data retention policies — configurable per tenant via DataRetentionPolicy model (PL-208) |
| F02.05.03 | Planned | Consent management — ConsentRecord model with marketing, photo_publication, data_sharing, analytics types (PL-208) |
| F02.05.04 | Planned | Minor/youth data protection — ParentalConsent model with guardian verification, blocks consent for minors without parental approval (PL-208) |
| F02.05.05 | Planned | Privacy settings per user — PrivacySettings embedded in PlayerProfile (profile visibility, results, ranking, club, DOB) (PL-105/PL-208) |
| F02.05.06 | Platform | Audit log of all data access (Craft Easy audit + use_revision = True) |
| F02.05.07 | Planned | Cookie consent and tracking preferences |
No features match your filters.