{ "metadata": { "generated_at": "2026-05-27T10:57:28+08:00", "source_reports": [ "/root/.openclaw/workspace/talent-review-system/docs/roadmap/POSITION_CAPABILITY_PERMISSION_POLICY_REGISTRY_APPLY_PREP.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/position_capability_permission_policy_registry_apply_prep.json", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/POSITION_CAPABILITY_PERMISSION_POLICY_PREVIEW.md", "/root/.openclaw/workspace/talent-review-system/docs/roadmap/position_capability_permission_policy_preview.json", "/var/www/talent-review/outputs/position_capability_task_config_center_summary_v1.json", "/var/www/talent-review/outputs/position_capability_schema_registry_v1.json", "/var/www/talent-review/outputs/assessment_template_permission_policy_registry_v1.json", "/var/www/talent-review/outputs/algorithm_permission_policy_registry_v1.json", "/var/www/talent-review/outputs/algorithm_impact_registry_v1.json" ], "stage": "P0_POSITION_CAPABILITY_PERMISSION_POLICY_REGISTRY", "purpose": "沉淀岗位-能力-任务配置中心的权限层级、角色权限、字段敏感级别、高风险岗位配置策略、生命周期权限、岗位权限影响预览、现有权限资产映射和权限矩阵。", "warning": "This is a P0 readonly registry. It does not modify permission rules, active positions, grades, capability models, permission bundles, tasks, performance results, people actions, Feishu mappings, or database records.", "writes_database": false, "modifies_permissions": false, "expands_permissions": false, "modifies_active_position": false, "modifies_grade_system": false, "modifies_capability_model": false, "modifies_permission_bundle": false, "creates_assessment_task": false, "creates_training_task": false, "executes_certification": false, "modifies_performance_result": false, "executes_people_action": false, "feishu_writeback_required": false, "permission_apply_required": false }, "policy_summary": { "permission_layer_count": 6, "role_count": 10, "field_sensitivity_level_count": 4, "high_risk_position_policy_count": 14, "lifecycle_state_count": 8, "matrix_count": 5, "linked_position_capability_schema_registry": "/outputs/position_capability_schema_registry_v1.json", "linked_position_capability_config_center_summary": "/outputs/position_capability_task_config_center_summary_v1.json", "linked_assessment_template_permission_policy_registry": "/outputs/assessment_template_permission_policy_registry_v1.json", "linked_algorithm_permission_policy_registry": "/outputs/algorithm_permission_policy_registry_v1.json" }, "permission_layers": [ { "layer_id": "page_permission", "layer_name": "页面权限", "purpose": "控制谁能访问岗位-能力-任务配置中心及岗位主配置、职族职级、能力模型、任务规则、权限包、人事动作约束、审计版本和影响预览等子区域。", "controlled_objects": [ "position_capability_task_config_center", "position_config_base", "job_family_grade_config", "position_responsibility_config", "position_qualification_config", "capability_model_config", "position_task_rule_config", "position_assessment_linkage_config", "training_certification_linkage", "performance_linkage", "permission_bundle", "people_action_constraint", "audit_version", "impact_preview" ], "related_existing_permission_assets": [ "page_permission_rules", "permission_roles", "permission_subjects" ], "p0_status": "readonly_policy_reference", "p1_target": "versioned_page_permission_policy", "saas_target": "tenant_configurable_page_permission_policy", "risk_level": "medium" }, { "layer_id": "data_scope_permission", "layer_name": "数据范围权限", "purpose": "控制全公司、所辖组织、本部门、团队摘要、关键岗位、干部岗位标准、废弃版本和历史版本的数据可见范围。", "controlled_objects": [ "company_scope_positions", "managed_org_positions", "department_positions", "team_position_summary", "key_positions", "cadre_position_standard", "deprecated_versions", "historical_versions" ], "related_existing_permission_assets": [ "data_scope_rules", "permission_subjects", "ROLE_HR", "HRBP_scope" ], "p0_status": "readonly_policy_reference", "p1_target": "org_and_position_scope_policy", "saas_target": "tenant_org_position_scope_policy", "risk_level": "high" }, { "layer_id": "field_permission", "layer_name": "字段权限", "purpose": "控制岗位配置字段的可见、编辑、导出、审批、审计和回滚要求。", "controlled_objects": [ "position_name", "position_code", "grade_refs", "salary_band_ref", "capability_weight_rules", "assessment_template_refs", "algorithm_mapping_refs", "permission_bundle", "people_action_constraints", "feishu_position_mapping", "external_position_mapping", "rollback_ref", "audit_override" ], "related_existing_permission_assets": [ "field_permission_rules", "cadre_conclusion_field_rules" ], "p0_status": "readonly_policy_reference", "p1_target": "field_sensitivity_policy_schema", "saas_target": "tenant_custom_field_sensitivity_policy", "risk_level": "high" }, { "layer_id": "action_permission", "layer_name": "动作权限", "purpose": "控制查看、创建草案、编辑草案、克隆、影响预览、提交、审批、驳回、apply、废弃、回滚、导出、审计和提出建议等动作。", "controlled_objects": [ "view_position_config", "create_position_draft", "edit_position_draft", "clone_position_config", "preview_position_impact", "submit_review", "approve_position_config", "reject_position_config", "apply_position_config", "deprecate_position_config", "rollback_position_config", "export_position_config", "view_position_audit", "propose_position_change", "propose_capability_gap", "propose_training_certification_rule", "propose_permission_bundle_change" ], "related_existing_permission_assets": [ "action_permission_rules", "reviewer_scope" ], "p0_status": "readonly_policy_reference", "p1_target": "versioned_action_permission_policy", "saas_target": "tenant_action_policy_with_workflow", "risk_level": "high" }, { "layer_id": "approval_permission", "layer_name": "审批权限", "purpose": "控制普通岗位变更、关键岗位、职族职级、能力模型、岗位权限包、人事动作约束、干部岗位标准、培训认证要求、外部系统映射、飞书字段和 business-effective 人事动作规则审批。", "controlled_objects": [ "normal_position_change", "key_position_create_delete", "grade_system_change", "capability_model_change", "permission_bundle_change", "people_action_constraint_change", "cadre_position_standard_change", "training_certification_requirement_change", "external_mapping_change", "feishu_writeback_mapping_change", "business_effective_people_action_rule" ], "related_existing_permission_assets": [ "reviewer_scope", "action_permission_rules", "permission_roles" ], "p0_status": "readonly_policy_reference", "p1_target": "approval_policy_workflow", "saas_target": "tenant_configurable_approval_flow", "risk_level": "critical" }, { "layer_id": "config_permission", "layer_name": "配置权限", "purpose": "控制谁能维护岗位主配置、职族职级、职责、任职资格、能力模型、任务规则、测评联动、培训认证、绩效联动、权限包、人事动作约束、外部映射和权限策略自身。", "controlled_objects": [ "position_config_base", "job_family_grade_config", "responsibility", "qualification", "capability_model", "task_rule", "assessment_linkage", "training_certification_linkage", "performance_linkage", "permission_bundle", "people_action_constraint", "feishu_external_mapping", "position_permission_policy" ], "related_existing_permission_assets": [ "permission_roles", "action_permission_rules", "field_permission_rules" ], "p0_status": "readonly_policy_reference", "p1_target": "configuration_permission_policy", "saas_target": "tenant_config_admin_policy", "risk_level": "critical" } ], "role_policies": [ { "role": "Employee", "page_access": [ "self_position_basic_summary_if_authorized" ], "data_scope": [ "self_position_public_summary" ], "visible_field_levels": [ "Public / low" ], "editable_field_levels": [], "allowed_actions": [], "approval_capability": "none", "config_capability": "none", "lifecycle_allowed_states": [], "export_capability": "none", "audit_capability": false, "restricted_actions": [ "access_config_center", "view_permission_bundle", "view_salary_band", "view_cadre_standard", "create_or_edit_or_approve_or_apply" ] }, { "role": "Manager", "page_access": [ "team_position_requirement_summary" ], "data_scope": [ "own_team_position_summary", "capability_gap_summary" ], "visible_field_levels": [ "Public / low", "Internal / medium" ], "editable_field_levels": [], "allowed_actions": [ "propose_position_change", "propose_capability_gap", "propose_training_certification_rule" ], "approval_capability": "none_for_high_risk", "config_capability": "proposal_only", "lifecycle_allowed_states": [ "Draft", "Preview" ], "export_capability": "blocked_for_sensitive_fields", "audit_capability": false, "restricted_actions": [ "edit_position_config", "change_grade_system", "change_permission_bundle", "approve_high_risk", "apply_position_config" ] }, { "role": "HRBP", "page_access": [ "managed_org_position_config_readonly", "impact_preview_reference" ], "data_scope": [ "managed_org_positions", "managed_org_risks", "managed_org_capability_gaps" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "editable_field_levels": [], "allowed_actions": [ "propose_position_change", "preview_position_impact", "submit_review" ], "approval_capability": "review_recommendation_only", "config_capability": "proposal_only", "lifecycle_allowed_states": [ "Draft", "Preview", "Review" ], "export_capability": "scope_limited_with_approval", "audit_capability": false, "restricted_actions": [ "global_position_system_change", "single_apply_high_risk", "permission_bundle_apply" ] }, { "role": "HR Owner", "page_access": [ "position_config_center", "position_config_objects", "impact_preview", "audit_view" ], "data_scope": [ "company_or_authorized_hr_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "allowed_actions": [ "create_position_draft", "edit_position_draft", "clone_position_config", "preview_position_impact", "submit_review", "view_position_audit" ], "approval_capability": "normal_position_review", "config_capability": "draft_and_review_submission", "lifecycle_allowed_states": [ "Draft", "Preview", "Review", "Effective", "Deprecated" ], "export_capability": "approval_required_for_high_or_critical", "audit_capability": true, "restricted_actions": [ "bypass_audit_apply", "single_apply_high_risk", "permission_policy_self_approval" ] }, { "role": "OD Owner", "page_access": [ "position_system", "job_family_grade", "org_position_architecture", "impact_preview", "audit_view" ], "data_scope": [ "company_or_authorized_od_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "allowed_actions": [ "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "view_position_audit" ], "approval_capability": "od_review_for_grade_and_key_position", "config_capability": "draft_and_review_submission", "lifecycle_allowed_states": [ "Draft", "Preview", "Review", "Effective", "Deprecated" ], "export_capability": "approval_required_for_high_or_critical", "audit_capability": true, "restricted_actions": [ "single_apply_high_risk", "direct_grade_system_apply", "bypass_boss_approval" ] }, { "role": "Talent Development Owner", "page_access": [ "capability_model", "training_certification_rules", "assessment_linkage_summary" ], "data_scope": [ "authorized_talent_development_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "editable_field_levels": [ "Internal / medium", "Sensitive / high" ], "allowed_actions": [ "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "propose_training_certification_rule" ], "approval_capability": "review_for_capability_training_certification", "config_capability": "capability_and_training_certification_draft", "lifecycle_allowed_states": [ "Draft", "Preview", "Review" ], "export_capability": "scope_limited_with_approval", "audit_capability": false, "restricted_actions": [ "change_permission_bundle", "single_apply_people_action_rule", "modify_business_effective_rule" ] }, { "role": "Boss / Executive", "page_access": [ "executive_position_system", "key_position", "cadre_position_standard", "org_risk", "approval_queue" ], "data_scope": [ "company_or_executive_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [], "allowed_actions": [ "approve_position_config", "reject_position_config", "view_position_audit" ], "approval_capability": "high_risk_position_config_approval", "config_capability": "approval_only", "lifecycle_allowed_states": [ "Review", "Approve", "Effective", "Deprecated", "Rollback" ], "export_capability": "approval_and_audit_required", "audit_capability": true, "restricted_actions": [ "direct_low_level_field_edit", "bypass_audit_active_change", "execute_people_action_from_preview" ] }, { "role": "System Admin", "page_access": [ "technical_admin_view_if_authorized" ], "data_scope": [ "technical_scope_not_business_approval_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium" ], "editable_field_levels": [], "allowed_actions": [ "view_position_config" ], "approval_capability": "none_for_business_position_rules", "config_capability": "technical_configuration_only", "lifecycle_allowed_states": [], "export_capability": "blocked_for_business_sensitive_fields", "audit_capability": false, "restricted_actions": [ "business_position_approval", "single_apply_high_risk", "self_authorization", "permission_expansion" ] }, { "role": "Auditor", "page_access": [ "audit_version", "approval_history", "rollback_records" ], "data_scope": [ "audit_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [], "allowed_actions": [ "view_position_audit", "view_position_config" ], "approval_capability": "none", "config_capability": "none", "lifecycle_allowed_states": [ "Review", "Approve", "Apply", "Effective", "Deprecated", "Rollback" ], "export_capability": "audit_export_with_controls", "audit_capability": true, "restricted_actions": [ "edit_position_config", "approve_business_position", "apply_position_config" ] }, { "role": "Position Config Admin", "page_access": [ "position_config_center", "schema_objects", "impact_preview", "audit_view" ], "data_scope": [ "authorized_position_config_scope" ], "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "allowed_actions": [ "create_position_draft", "edit_position_draft", "clone_position_config", "preview_position_impact", "submit_review", "view_position_audit" ], "approval_capability": "none_for_high_risk_final_approval", "config_capability": "draft_structure_and_policy_reference", "lifecycle_allowed_states": [ "Draft", "Preview", "Review", "Deprecated" ], "export_capability": "approval_required_for_sensitive_or_critical", "audit_capability": true, "restricted_actions": [ "single_apply_high_risk", "bypass_hr_od_boss_permission_admin", "permission_policy_self_approval" ] } ], "field_sensitivity_registry": [ { "level": "Public / low", "description": "对组织内较低敏感度的岗位展示字段,可用于岗位基础说明和非敏感能力标签。", "example_fields": [ "position_name", "position_family", "position_category", "public responsibility summary", "general capability label" ], "who_can_view": [ "Employee", "Manager", "HRBP", "HR Owner", "OD Owner", "Talent Development Owner", "Boss / Executive", "Auditor", "Position Config Admin" ], "who_can_edit": [ "HR Owner", "OD Owner", "Position Config Admin" ], "approval_required": "normal_review", "export_allowed": "allowed_with_scope", "audit_required": true, "rollback_required": true }, { "level": "Internal / medium", "description": "内部岗位运营字段,影响岗位职责、关键任务、通用资格、培训要求和测评联动。", "example_fields": [ "position_code", "department_scope", "responsibility_items", "key_tasks", "general qualification", "general training requirement", "general assessment linkage" ], "who_can_view": [ "Manager", "HRBP", "HR Owner", "OD Owner", "Talent Development Owner", "Boss / Executive", "Auditor", "Position Config Admin" ], "who_can_edit": [ "HR Owner", "OD Owner", "Talent Development Owner", "Position Config Admin" ], "approval_required": "HR_OR_OD_review", "export_allowed": "restricted_export", "audit_required": true, "rollback_required": true }, { "level": "Sensitive / high", "description": "影响职级、薪酬引用、晋升路径、绩效要求、能力权重、测评 / 算法映射、权限包、人事动作约束和关键岗位要求的高敏字段。", "example_fields": [ "grade_refs", "salary_band_ref", "career_path", "promotion_path", "performance_requirement_ref", "capability_weight_rules", "assessment_template_refs", "algorithm_mapping_refs", "permission_bundle", "people_action_constraints", "key_position_requirement" ], "who_can_view": [ "HRBP", "HR Owner", "OD Owner", "Talent Development Owner", "Boss / Executive", "Auditor", "Position Config Admin" ], "who_can_edit": [ "HR Owner", "OD Owner", "Talent Development Owner", "Position Config Admin" ], "approval_required": "Boss_or_Executive_approval_for_high_risk", "export_allowed": "approval_required", "audit_required": true, "rollback_required": true }, { "level": "Restricted / critical", "description": "影响干部标准、一票否决、critical 权限包、组织画布、飞书反写、外部系统、business-effective 人事动作、回滚和审计覆盖的最高敏字段。", "example_fields": [ "cadre_position_standard", "one_vote_veto_related_position_rule", "critical_permission_bundle", "org_canvas_constraints", "feishu_writeback_field_mapping", "external_system_mapping", "business_effective_people_action_rule", "rollback_ref", "audit_override" ], "who_can_view": [ "HR Owner", "OD Owner", "Boss / Executive", "Auditor", "Position Config Admin" ], "who_can_edit": [ "HR Owner", "OD Owner", "Position Config Admin" ], "approval_required": "Boss_Executive_and_Security_Audit_review", "export_allowed": "blocked_by_default", "audit_required": true, "rollback_required": true } ], "high_risk_position_policy": [ { "risk_type": "key_position_create_delete", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "grade_system_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "permission_bundle_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": true, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "cadre_position_standard_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "one_vote_veto_related_position_rule", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "promotion_constraint_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "transfer_constraint_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "probation_constraint_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "elimination_constraint_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "key_position_certification_requirement_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "external_position_mapping_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "feishu_writeback_field_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "business_effective_people_action_rule", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true }, { "risk_type": "org_canvas_constraint_change", "risk_reason": "该变更可能影响岗位体系、职级体系、能力模型、权限包、人事动作约束、干部标准、组织画布、飞书或外部系统映射安全边界。", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "direct_apply_allowed": false, "system_admin_single_apply_allowed": false, "rollback_required": true, "audit_required": true, "dual_control_required": true } ], "lifecycle_permission_policy": [ { "lifecycle_state": "Draft", "allowed_roles": [ "HR Owner", "OD Owner", "Talent Development Owner", "Position Config Admin" ], "allowed_actions": [ "create_position_draft", "edit_position_draft", "clone_position_config" ], "locked_fields": [], "required_approval": false, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Preview", "allowed_roles": [ "HRBP", "HR Owner", "OD Owner", "Talent Development Owner", "Position Config Admin" ], "allowed_actions": [ "preview_position_impact", "submit_review" ], "locked_fields": [ "restricted_critical_after_preview" ], "required_approval": false, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Review", "allowed_roles": [ "HR Owner", "OD Owner", "Boss / Executive", "Auditor", "Position Config Admin" ], "allowed_actions": [ "approve_position_config", "reject_position_config", "view_position_audit" ], "locked_fields": [ "all_business_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Approve", "allowed_roles": [ "Boss / Executive" ], "allowed_actions": [ "approve_position_config", "reject_position_config" ], "locked_fields": [ "all_business_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Apply", "allowed_roles": [ "authorized_apply_role_after_approval" ], "allowed_actions": [ "apply_position_config" ], "locked_fields": [ "all_business_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Effective", "allowed_roles": [ "authorized_viewers", "Auditor" ], "allowed_actions": [ "view_position_config", "view_position_audit", "deprecate_position_config" ], "locked_fields": [ "sensitive_high", "restricted_critical" ], "required_approval": false, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Deprecated", "allowed_roles": [ "HR Owner", "OD Owner", "Auditor", "Position Config Admin" ], "allowed_actions": [ "view_position_audit", "rollback_position_config" ], "locked_fields": [ "all_business_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": true, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false }, { "lifecycle_state": "Rollback", "allowed_roles": [ "Boss / Executive", "Auditor", "authorized_rollback_role" ], "allowed_actions": [ "rollback_position_config", "view_position_audit" ], "locked_fields": [ "all_business_fields" ], "required_approval": true, "audit_required": true, "rollback_allowed": false, "business_effective_allowed": false, "people_action_allowed": false, "feishu_writeback_allowed": false } ], "position_permission_impact_preview_model": { "affected_users": { "description": "Preview dimension for affected_users.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_roles": { "description": "Preview dimension for affected_roles.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_positions": { "description": "Preview dimension for affected_positions.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_grades": { "description": "Preview dimension for affected_grades.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_job_families": { "description": "Preview dimension for affected_job_families.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_capability_models": { "description": "Preview dimension for affected_capability_models.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_assessment_template_refs": { "description": "Preview dimension for affected_assessment_template_refs.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_training_certification_rules": { "description": "Preview dimension for affected_training_certification_rules.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_performance_mappings": { "description": "Preview dimension for affected_performance_mappings.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_permission_bundles": { "description": "Preview dimension for affected_permission_bundles.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_people_action_constraints": { "description": "Preview dimension for affected_people_action_constraints.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_org_canvas_constraints": { "description": "Preview dimension for affected_org_canvas_constraints.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_feishu_fields": { "description": "Preview dimension for affected_feishu_fields.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "affected_external_mappings": { "description": "Preview dimension for affected_external_mappings.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "newly_visible_fields": { "description": "Preview dimension for newly_visible_fields.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "newly_hidden_fields": { "description": "Preview dimension for newly_hidden_fields.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "newly_granted_actions": { "description": "Preview dimension for newly_granted_actions.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "revoked_actions": { "description": "Preview dimension for revoked_actions.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "permission_expansion_detected": { "description": "Preview dimension for permission_expansion_detected.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "critical_field_exposure_detected": { "description": "Preview dimension for critical_field_exposure_detected.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "business_effective_people_action_risk": { "description": "Preview dimension for business_effective_people_action_risk.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false }, "feishu_writeback_risk": { "description": "Preview dimension for feishu_writeback_risk.", "p0_behavior": "readonly_design_reference", "business_effective_allowed": false, "permission_apply_allowed": false } }, "existing_permission_asset_mapping": [ { "existing_asset": "permission_roles", "registry_usage": "映射岗位配置角色模型", "mapped_policy_area": "role_policies" }, { "existing_asset": "permission_subjects", "registry_usage": "映射岗位配置主体、组织范围和审计主体", "mapped_policy_area": "data_scope_permission" }, { "existing_asset": "page_permission_rules", "registry_usage": "映射岗位配置中心页面访问", "mapped_policy_area": "page_permission" }, { "existing_asset": "data_scope_rules", "registry_usage": "映射全公司、所辖组织、本部门、团队摘要、关键岗位和历史版本范围", "mapped_policy_area": "data_scope_permission" }, { "existing_asset": "field_permission_rules", "registry_usage": "映射字段敏感级别和字段可见/编辑/导出规则", "mapped_policy_area": "field_permission" }, { "existing_asset": "action_permission_rules", "registry_usage": "映射 create/edit/preview/submit/approve/apply/rollback/export 动作", "mapped_policy_area": "action_permission" }, { "existing_asset": "reviewer_scope", "registry_usage": "映射 HR / OD / Boss / Permission Admin 复核范围", "mapped_policy_area": "approval_permission" }, { "existing_asset": "cadre_conclusion_field_rules", "registry_usage": "映射干部岗位标准和干部任用约束字段可见性", "mapped_policy_area": "field_permission" } ], "matrices": { "role_action_matrix": [ { "role": "Employee", "allowed_actions": [], "blocked_actions": [ "view_position_config", "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "approve_position_config", "apply_position_config", "rollback_position_config", "view_position_audit", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "Manager", "allowed_actions": [ "propose_position_change", "propose_capability_gap", "propose_training_certification_rule" ], "blocked_actions": [ "view_position_config", "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "approve_position_config", "apply_position_config", "rollback_position_config", "view_position_audit" ], "single_person_high_risk_apply_allowed": false }, { "role": "HRBP", "allowed_actions": [ "propose_position_change", "preview_position_impact", "submit_review" ], "blocked_actions": [ "view_position_config", "create_position_draft", "edit_position_draft", "approve_position_config", "apply_position_config", "rollback_position_config", "view_position_audit" ], "single_person_high_risk_apply_allowed": false }, { "role": "HR Owner", "allowed_actions": [ "create_position_draft", "edit_position_draft", "clone_position_config", "preview_position_impact", "submit_review", "view_position_audit" ], "blocked_actions": [ "view_position_config", "approve_position_config", "apply_position_config", "rollback_position_config", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "OD Owner", "allowed_actions": [ "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "view_position_audit" ], "blocked_actions": [ "view_position_config", "approve_position_config", "apply_position_config", "rollback_position_config", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "Talent Development Owner", "allowed_actions": [ "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "propose_training_certification_rule" ], "blocked_actions": [ "view_position_config", "approve_position_config", "apply_position_config", "rollback_position_config", "view_position_audit", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "Boss / Executive", "allowed_actions": [ "approve_position_config", "reject_position_config", "view_position_audit" ], "blocked_actions": [ "view_position_config", "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "apply_position_config", "rollback_position_config", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "System Admin", "allowed_actions": [ "view_position_config" ], "blocked_actions": [ "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "approve_position_config", "apply_position_config", "rollback_position_config", "view_position_audit", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "Auditor", "allowed_actions": [ "view_position_audit", "view_position_config" ], "blocked_actions": [ "create_position_draft", "edit_position_draft", "preview_position_impact", "submit_review", "approve_position_config", "apply_position_config", "rollback_position_config", "propose_position_change" ], "single_person_high_risk_apply_allowed": false }, { "role": "Position Config Admin", "allowed_actions": [ "create_position_draft", "edit_position_draft", "clone_position_config", "preview_position_impact", "submit_review", "view_position_audit" ], "blocked_actions": [ "view_position_config", "approve_position_config", "apply_position_config", "rollback_position_config", "propose_position_change" ], "single_person_high_risk_apply_allowed": false } ], "role_field_sensitivity_matrix": [ { "role": "Employee", "visible_field_levels": [ "Public / low" ], "editable_field_levels": [], "export_capability": "none" }, { "role": "Manager", "visible_field_levels": [ "Public / low", "Internal / medium" ], "editable_field_levels": [], "export_capability": "blocked_for_sensitive_fields" }, { "role": "HRBP", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "editable_field_levels": [], "export_capability": "scope_limited_with_approval" }, { "role": "HR Owner", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "export_capability": "approval_required_for_high_or_critical" }, { "role": "OD Owner", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "export_capability": "approval_required_for_high_or_critical" }, { "role": "Talent Development Owner", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high" ], "editable_field_levels": [ "Internal / medium", "Sensitive / high" ], "export_capability": "scope_limited_with_approval" }, { "role": "Boss / Executive", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [], "export_capability": "approval_and_audit_required" }, { "role": "System Admin", "visible_field_levels": [ "Public / low", "Internal / medium" ], "editable_field_levels": [], "export_capability": "blocked_for_business_sensitive_fields" }, { "role": "Auditor", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [], "export_capability": "audit_export_with_controls" }, { "role": "Position Config Admin", "visible_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "editable_field_levels": [ "Public / low", "Internal / medium", "Sensitive / high", "Restricted / critical" ], "export_capability": "approval_required_for_sensitive_or_critical" } ], "lifecycle_action_matrix": [ { "lifecycle_state": "Draft", "allowed_roles": [ "HR Owner", "OD Owner", "Talent Development Owner", "Position Config Admin" ], "allowed_actions": [ "create_position_draft", "edit_position_draft", "clone_position_config" ], "locked_fields": [] }, { "lifecycle_state": "Preview", "allowed_roles": [ "HRBP", "HR Owner", "OD Owner", "Talent Development Owner", "Position Config Admin" ], "allowed_actions": [ "preview_position_impact", "submit_review" ], "locked_fields": [ "restricted_critical_after_preview" ] }, { "lifecycle_state": "Review", "allowed_roles": [ "HR Owner", "OD Owner", "Boss / Executive", "Auditor", "Position Config Admin" ], "allowed_actions": [ "approve_position_config", "reject_position_config", "view_position_audit" ], "locked_fields": [ "all_business_fields" ] }, { "lifecycle_state": "Approve", "allowed_roles": [ "Boss / Executive" ], "allowed_actions": [ "approve_position_config", "reject_position_config" ], "locked_fields": [ "all_business_fields" ] }, { "lifecycle_state": "Apply", "allowed_roles": [ "authorized_apply_role_after_approval" ], "allowed_actions": [ "apply_position_config" ], "locked_fields": [ "all_business_fields" ] }, { "lifecycle_state": "Effective", "allowed_roles": [ "authorized_viewers", "Auditor" ], "allowed_actions": [ "view_position_config", "view_position_audit", "deprecate_position_config" ], "locked_fields": [ "sensitive_high", "restricted_critical" ] }, { "lifecycle_state": "Deprecated", "allowed_roles": [ "HR Owner", "OD Owner", "Auditor", "Position Config Admin" ], "allowed_actions": [ "view_position_audit", "rollback_position_config" ], "locked_fields": [ "all_business_fields" ] }, { "lifecycle_state": "Rollback", "allowed_roles": [ "Boss / Executive", "Auditor", "authorized_rollback_role" ], "allowed_actions": [ "rollback_position_config", "view_position_audit" ], "locked_fields": [ "all_business_fields" ] } ], "high_risk_approval_matrix": [ { "risk_type": "key_position_create_delete", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "grade_system_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "permission_bundle_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": true, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "cadre_position_standard_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "one_vote_veto_related_position_rule", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "promotion_constraint_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "transfer_constraint_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "probation_constraint_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "elimination_constraint_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "key_position_certification_requirement_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true }, { "risk_type": "external_position_mapping_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "dual_control_required": true }, { "risk_type": "feishu_writeback_field_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "dual_control_required": true }, { "risk_type": "business_effective_people_action_rule", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": true, "dual_control_required": true }, { "risk_type": "org_canvas_constraint_change", "required_review_role": [ "HR Owner", "OD Owner" ], "required_approval_role": [ "Boss / Executive" ], "permission_admin_review_required": false, "security_audit_required": false, "dual_control_required": true } ], "permission_asset_mapping_matrix": [ { "position_permission_policy_field": "role_policies", "existing_permission_asset": "permission_roles", "registry_usage": "映射岗位配置角色模型", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "data_scope_permission", "existing_permission_asset": "permission_subjects", "registry_usage": "映射岗位配置主体、组织范围和审计主体", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "page_permission", "existing_permission_asset": "page_permission_rules", "registry_usage": "映射岗位配置中心页面访问", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "data_scope_permission", "existing_permission_asset": "data_scope_rules", "registry_usage": "映射全公司、所辖组织、本部门、团队摘要、关键岗位和历史版本范围", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "field_permission", "existing_permission_asset": "field_permission_rules", "registry_usage": "映射字段敏感级别和字段可见/编辑/导出规则", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "action_permission", "existing_permission_asset": "action_permission_rules", "registry_usage": "映射 create/edit/preview/submit/approve/apply/rollback/export 动作", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "approval_permission", "existing_permission_asset": "reviewer_scope", "registry_usage": "映射 HR / OD / Boss / Permission Admin 复核范围", "p0_changes_active_permission_rules": false }, { "position_permission_policy_field": "field_permission", "existing_permission_asset": "cadre_conclusion_field_rules", "registry_usage": "映射干部岗位标准和干部任用约束字段可见性", "p0_changes_active_permission_rules": false } ] }, "p0_p1_saas_boundary": { "p0_static_permission_policy_items": [ "单租户只读权限策略 registry", "不改 active 权限", "不接入真实 permission apply", "不扩大权限", "不修改 active 岗位", "不执行人事动作", "不反写飞书", "仅作为权限矩阵、影响预览和人工审批参考" ], "p1_database_policy_schema_items": [ "版本化岗位配置权限策略表", "审批流与审计回滚联动", "字段敏感级别策略落库", "岗位配置影响预览联动", "权限模拟与差异审计" ], "saas_tenant_permission_items": [ "租户级岗位权限", "租户管理员", "租户自定义字段敏感级别", "角色模板", "权限继承与覆盖", "岗位审批流自定义", "权限策略版本化", "权限模拟器", "API / Webhook" ] }, "validation_rules": [ "registry_is_readonly", "json_load_required", "permission_layer_count_must_be_6", "role_count_must_be_10", "field_sensitivity_level_count_must_be_4", "high_risk_position_policy_count_must_be_14", "lifecycle_state_count_must_be_8", "matrix_count_must_be_5", "no_database_write", "no_permission_change", "no_permission_expansion", "no_active_position_change", "no_grade_system_change", "no_capability_model_change", "no_permission_bundle_change", "no_assessment_task_creation", "no_training_task_creation", "no_certification_execution", "no_performance_result_change", "no_people_action_execution", "no_feishu_writeback" ] }