← Retour à toutes les fonctionnalités
02
Identity & Access Management
44 fonctionnalités · 5 sous-systèmes
User identity, authentication, authorization, and role management across the entire federation hierarchy. Leverages Craft-Easy's comprehensive auth stack and capability-based access control.
User Registration & Profile
F02.01 Plateforme+
| ID | Status | Fonctionnalités |
|---|---|---|
| F02.01.01 | Plateforme | Self-registration with email/phone verification |
| F02.01.02 | Plateforme | OAuth2 social login (Google, Microsoft, GitHub) |
| F02.01.03 | Planifié | Player profile (name, DOB, nationality, photo, playing position) |
| F02.01.04 | Planifié | Official profile (umpire grade, certifications, languages) |
| F02.01.05 | Planifié | Administrator profile (federation, role, mandate period) |
| F02.01.06 | Planifié | Multi-identity support (same person = player + umpire + coach) |
| F02.01.07 | Plateforme | Profile photo upload and management |
| F02.01.08 | Plateforme+ | Profile completion tracking and prompts |
| F02.01.09 | Plateforme | GDPR-compliant data export and deletion |
| F02.01.10 | Planifié | Player ID card generation (digital + printable) |
| F02.01.11 | Planifié | QR code identification for check-in at events |
Authentication
F02.02 Plateforme
| ID | Status | Fonctionnalités |
|---|---|---|
| F02.02.01 | Plateforme | Email + OTP login |
| F02.02.02 | Plateforme | OAuth2 (Google, Microsoft) |
| F02.02.03 | Plateforme | TOTP/2FA (authenticator app) |
| F02.02.04 | Plateforme | WebAuthn passkeys |
| F02.02.05 | Plateforme | JWT ES512 token-based sessions |
| F02.02.06 | Plateforme | Refresh token rotation |
| F02.02.07 | Plateforme | Rate limiting and abuse detection |
| F02.02.08 | Plateforme | M2M OAuth2 client credentials for integrations |
Role & Permission Management
F02.03 Plateforme+
### Predefined Role Templates
| ID | Status | Fonctionnalités |
|---|---|---|
| F02.03.01 | Plateforme | Capability-based access control (deny-by-default) |
| F02.03.02 | Plateforme | Role definition with capability sets |
| F02.03.03 | Plateforme | Role inheritance (e.g., national-admin inherits regional-admin) |
| F02.03.04 | Plateforme | Role assignment per user per tenant (+ OrgNode scope for regional/club roles) |
| F02.03.05 | Plateforme | Wildcard capabilities (e.g., competitions:*) |
| F02.03.06 | Plateforme | Sensitive field restrictions |
| F02.03.07 | Planifié | Petanque-specific role templates (see below) |
| F02.03.08 | Plateforme | Access debugging tools |
| F02.03.09 | Planifié | Temporary role grants (e.g., tournament director for one event) |
| F02.03.10 | Planifié | Role request and approval workflow |
Organization Hierarchy Access
F02.04 Plateforme+
Two-layer access model: **Standalone tenants** for hard isolation (every federation is independent), **OrgNodes** (districts → clubs) for scoping within national tenants.
| ID | Status | Fonctionnalités |
|---|---|---|
| F02.04.01 | Plateforme | Tenant-scoped data isolation (every federation is a standalone tenant) |
| F02.04.02 | Planifié | Public APIs for cross-tenant interactions (license verification, ITC, squad submission) |
| F02.04.03 | Planifié | Linked player identity across tenants (same auth, separate profiles) |
| F02.04.04 | Plateforme+ | District-based scope filtering (district admin sees clubs/players in their OrgNode subtree) |
| F02.04.05 | Planifié | Delegation of authority (federation admin delegates to assistant) |
| F02.04.06 | Plateforme | Club OrgNode management within national tenant |
| F02.04.07 | Plateforme+ | Role assignment scoped to OrgNode (club president only manages their club) |
| F02.04.08 | Plateforme+ | Role assignment scoped to district OrgNode (district admin) |
Privacy & Consent
F02.05 Plateforme+
| ID | Status | Fonctionnalités |
|---|---|---|
| F02.05.01 | Plateforme+ | GDPR data subject rights — GET /me/data-export, POST /me/data-deletion-request with anonymisation (PL-208) |
| F02.05.02 | Plateforme+ | Data retention policies — configurable per tenant via DataRetentionPolicy model (PL-208) |
| F02.05.03 | Planifié | Consent management — ConsentRecord model with marketing, photo_publication, data_sharing, analytics types (PL-208) |
| F02.05.04 | Planifié | Minor/youth data protection — ParentalConsent model with guardian verification, blocks consent for minors without parental approval (PL-208) |
| F02.05.05 | Planifié | Privacy settings per user — PrivacySettings embedded in PlayerProfile (profile visibility, results, ranking, club, DOB) (PL-105/PL-208) |
| F02.05.06 | Plateforme | Audit log of all data access (Craft Easy audit + use_revision = True) |
| F02.05.07 | Planifié | Cookie consent and tracking preferences |
Aucune fonctionnalité ne correspond à vos filtres.