designs/solutions/test/specs/authorization.yaml

spec_type: authorization
name: Authorization Model
version: "1.0"

model: RBAC

roles:
  - name: admin
    description: Full system access
    permissions:
      - "*"
      
  - name: seller
    description: Manage own products and orders
    permissions:
      - products:create
      - products:read
      - products:update
      - products:delete:own
      - orders:read:own
      - analytics:read:own
      
  - name: customer
    description: Browse and purchase products
    permissions:
      - products:read
      - cart:*
      - orders:create
      - orders:read:own
      - profile:*:own
      
  - name: guest
    description: Browse only
    permissions:
      - products:read

permissions:
  products:
    - create
    - read
    - update
    - delete
  orders:
    - create
    - read
    - update
    - cancel
  users:
    - create
    - read
    - update
    - delete
    - ban

resource_policies:
  - resource: products
    owner_field: seller_id
    actions:
      update: owner_only
      delete: owner_only
  - resource: orders
    owner_field: customer_id
    actions:
      read: owner_or_admin
      cancel: owner_only
Seeding wioth some data 2026-03-07 23:23:32 +00:00			`spec_type: authorization`
			`name: Authorization Model`
			`version: "1.0"`

			`model: RBAC`

			`roles:`
			`- name: admin`
			`description: Full system access`
			`permissions:`
			`- "*"`

			`- name: seller`
			`description: Manage own products and orders`
			`permissions:`
			`- products:create`
			`- products:read`
			`- products:update`
			`- products:delete:own`
			`- orders:read:own`
			`- analytics:read:own`

			`- name: customer`
			`description: Browse and purchase products`
			`permissions:`
			`- products:read`
			`- cart:*`
			`- orders:create`
			`- orders:read:own`
			`- profile:*:own`

			`- name: guest`
			`description: Browse only`
			`permissions:`
			`- products:read`

			`permissions:`
			`products:`
			`- create`
			`- read`
			`- update`
			`- delete`
			`orders:`
			`- create`
			`- read`
			`- update`
			`- cancel`
			`users:`
			`- create`
			`- read`
			`- update`
			`- delete`
			`- ban`

			`resource_policies:`
			`- resource: products`
			`owner_field: seller_id`
			`actions:`
			`update: owner_only`
			`delete: owner_only`
			`- resource: orders`
			`owner_field: customer_id`
			`actions:`
			`read: owner_or_admin`
			`cancel: owner_only`