Module ManageRole 

ManageRole

Role + permission types for the RBAC engine. Each Role holds a deduplicated permission list; each Permission lives in a category.action namespace and carries an IsSensitive flag for elevated audit logging. The Create* factories build the standard user / developer / admin triple.

Modules

CreateAdminRole

Standard admin role - full access including system / external / execute and role.manage for changing role definitions at runtime.

CreateDeveloperRole

Standard developer role - read + write across files and storage; read-only on config.

CreateStandardPermissions

Build the standard Permission::Struct set covering file, config, storage, system, and admin categories. Sensitive permissions (config.update, system.*, admin.*, role.manage) are flagged so audit logging picks them up.

CreateStandardRoles

Build the standard user / developer / admin role triple. Used by Validator::Struct::InitializeDefaults and by tests.

CreateUserRole

Standard user role - read-only access to file, config, and storage subsystems. The default role assigned when no roles are supplied in a SecurityContext.

Permission

Permission::Struct - RBAC permission descriptor. category.action name shape (validated by Validate), human description, category bucket, and an IsSensitive flag that drives elevated audit logging in the LogEvent module.

Role

Role::Struct - RBAC role descriptor. Builder methods deduplicate permissions on insert, expose HasPermission / PermissionCount lookups, and Validate enforces the category.action permission name shape so misconfigured roles fail loudly at registration.