权限可见性复核
复核 Employee / HR / Reviewer / Manager / Boss 可见性。
角色可见性矩阵
| 角色 | 可见 | 不可见 | 边界 |
|---|---|---|---|
| ROLE_EMPLOYEE | 基础画像摘要、自身测评状态 | 干部 validation、敏感风险标签、完整 answer_payload | self_scope + mask |
| ROLE_HR | 完整 validation-only 工作台、审计、回滚引用 | business-effective 结论、人事动作 | audit_required / gated_view |
| ROLE_REVIEWER | 授权范围内脱敏摘要 | 完整干部结论、完整 answer_payload | scope_limited |
| ROLE_MANAGER | 团队成员脱敏画像趋势 | 敏感 validation-only 字段 | future_mask_policy |
| ROLE_BOSS | 汇总视图与风险热力图 | 未脱敏个人敏感明细 | future_executive_dashboard |
权限 API
| API | HTTP |
|---|---|
| /api/permission-tests/role-employee/regression-preview | 200 |
| /api/permission-tests/reviewer-scope/regression-preview | 200 |
| /api/permission-tests/cadre-conclusion-fields/regression-preview | 200 |
| /api/permission-tests/role-hr/page-scope/regression-preview | 200 |
| /api/permission-tests/role-hr/field-rules/regression-preview | 200 |
| /api/permission-tests/role-hr/action-rules/regression-preview | 200 |
权限规则基线
| 表 | count |
|---|---|
| action_permission_rules | 141 |
| data_scope_rules | 6 |
| field_permission_rules | 195 |
| page_permission_rules | 120 |