← Tillbaka till alla funktioner
02
Identity & Access Management
44 funktioner · 5 delsystem
User identity, authentication, authorization, and role management across the entire federation hierarchy. Leverages Craft-Easy's comprehensive auth stack and capability-based access control.
User Registration & Profile
F02.01 Plattform+
| ID | Status | Funktioner |
|---|---|---|
| F02.01.01 | Plattform | Self-registration with email/phone verification |
| F02.01.02 | Plattform | OAuth2 social login (Google, Microsoft, GitHub) |
| F02.01.03 | Planerad | Player profile (name, DOB, nationality, photo, playing position) |
| F02.01.04 | Planerad | Official profile (umpire grade, certifications, languages) |
| F02.01.05 | Planerad | Administrator profile (federation, role, mandate period) |
| F02.01.06 | Planerad | Multi-identity support (same person = player + umpire + coach) |
| F02.01.07 | Plattform | Profile photo upload and management |
| F02.01.08 | Plattform+ | Profile completion tracking and prompts |
| F02.01.09 | Plattform | GDPR-compliant data export and deletion |
| F02.01.10 | Planerad | Player ID card generation (digital + printable) |
| F02.01.11 | Planerad | QR code identification for check-in at events |
Authentication
F02.02 Plattform
| ID | Status | Funktioner |
|---|---|---|
| F02.02.01 | Plattform | Email + OTP login |
| F02.02.02 | Plattform | OAuth2 (Google, Microsoft) |
| F02.02.03 | Plattform | TOTP/2FA (authenticator app) |
| F02.02.04 | Plattform | WebAuthn passkeys |
| F02.02.05 | Plattform | JWT ES512 token-based sessions |
| F02.02.06 | Plattform | Refresh token rotation |
| F02.02.07 | Plattform | Rate limiting and abuse detection |
| F02.02.08 | Plattform | M2M OAuth2 client credentials for integrations |
Role & Permission Management
F02.03 Plattform+
### Predefined Role Templates
| ID | Status | Funktioner |
|---|---|---|
| F02.03.01 | Plattform | Capability-based access control (deny-by-default) |
| F02.03.02 | Plattform | Role definition with capability sets |
| F02.03.03 | Plattform | Role inheritance (e.g., national-admin inherits regional-admin) |
| F02.03.04 | Plattform | Role assignment per user per tenant (+ OrgNode scope for regional/club roles) |
| F02.03.05 | Plattform | Wildcard capabilities (e.g., competitions:*) |
| F02.03.06 | Plattform | Sensitive field restrictions |
| F02.03.07 | Planerad | Petanque-specific role templates (see below) |
| F02.03.08 | Plattform | Access debugging tools |
| F02.03.09 | Planerad | Temporary role grants (e.g., tournament director for one event) |
| F02.03.10 | Planerad | Role request and approval workflow |
Organization Hierarchy Access
F02.04 Plattform+
Two-layer access model: **Standalone tenants** for hard isolation (every federation is independent), **OrgNodes** (districts → clubs) for scoping within national tenants.
| ID | Status | Funktioner |
|---|---|---|
| F02.04.01 | Plattform | Tenant-scoped data isolation (every federation is a standalone tenant) |
| F02.04.02 | Planerad | Public APIs for cross-tenant interactions (license verification, ITC, squad submission) |
| F02.04.03 | Planerad | Linked player identity across tenants (same auth, separate profiles) |
| F02.04.04 | Plattform+ | District-based scope filtering (district admin sees clubs/players in their OrgNode subtree) |
| F02.04.05 | Planerad | Delegation of authority (federation admin delegates to assistant) |
| F02.04.06 | Plattform | Club OrgNode management within national tenant |
| F02.04.07 | Plattform+ | Role assignment scoped to OrgNode (club president only manages their club) |
| F02.04.08 | Plattform+ | Role assignment scoped to district OrgNode (district admin) |
Privacy & Consent
F02.05 Plattform+
| ID | Status | Funktioner |
|---|---|---|
| F02.05.01 | Plattform+ | GDPR data subject rights — GET /me/data-export, POST /me/data-deletion-request with anonymisation (PL-208) |
| F02.05.02 | Plattform+ | Data retention policies — configurable per tenant via DataRetentionPolicy model (PL-208) |
| F02.05.03 | Planerad | Consent management — ConsentRecord model with marketing, photo_publication, data_sharing, analytics types (PL-208) |
| F02.05.04 | Planerad | Minor/youth data protection — ParentalConsent model with guardian verification, blocks consent for minors without parental approval (PL-208) |
| F02.05.05 | Planerad | Privacy settings per user — PrivacySettings embedded in PlayerProfile (profile visibility, results, ranking, club, DOB) (PL-105/PL-208) |
| F02.05.06 | Plattform | Audit log of all data access (Craft Easy audit + use_revision = True) |
| F02.05.07 | Planerad | Cookie consent and tracking preferences |
Inga funktioner matchar dina filter.