Role System - johnpeterman72/CursorRIPER.sigma GitHub Wiki
👥 Role System
The BMAD Enterprise role system is built on top of the framework's core authentication and authorization modules, providing granular access control for business model development workflows.
Role Hierarchy
1. BMAD Administrator
{
role: 'bmad.administrator',
permissions: [
'bmad.*.create',
'bmad.*.read',
'bmad.*.update',
'bmad.*.delete',
'bmad.users.manage',
'bmad.config.modify',
'bmad.audit.access'
],
framework_level: 'system_admin',
inherits: ['framework.admin']
}
Capabilities:
- Full BMAD system configuration
- User role assignment and management
- System-wide analytics and reporting
- Compliance and audit oversight
- Integration management
2. Business Strategist
{
role: 'bmad.strategist',
permissions: [
'bmad.models.create',
'bmad.models.read',
'bmad.models.update',
'bmad.analysis.advanced',
'bmad.reports.generate',
'bmad.teams.manage'
],
framework_level: 'advanced_user',
inherits: ['framework.user']
}
Capabilities:
- Business model creation and modification
- Advanced analysis and modeling
- Team coordination and management
- Strategic planning and forecasting
- Cross-project insights
3. Business Analyst
{
role: 'bmad.analyst',
permissions: [
'bmad.models.read',
'bmad.models.update',
'bmad.analysis.standard',
'bmad.data.export',
'bmad.reports.create'
],
framework_level: 'standard_user',
inherits: ['framework.user']
}
Capabilities:
- Business model analysis and documentation
- Data collection and validation
- Report generation and presentation
- Market research integration
- Performance tracking
4. Project Manager
{
role: 'bmad.project_manager',
permissions: [
'bmad.projects.create',
'bmad.projects.manage',
'bmad.teams.coordinate',
'bmad.deadlines.set',
'bmad.progress.track'
],
framework_level: 'manager',
inherits: ['framework.user']
}
Capabilities:
- Project lifecycle management
- Resource allocation and scheduling
- Progress monitoring and reporting
- Team coordination
- Stakeholder communication
5. Stakeholder
{
role: 'bmad.stakeholder',
permissions: [
'bmad.models.read',
'bmad.feedback.provide',
'bmad.comments.create',
'bmad.notifications.receive'
],
framework_level: 'viewer',
inherits: ['framework.guest']
}
Capabilities:
- View assigned business models
- Provide feedback and comments
- Receive project notifications
- Participate in review processes
Role Implementation
// Framework integration for BMAD roles
class BMADRoleManager {
constructor(frameworkAuth) {
this.authService = frameworkAuth;
this.roleDefinitions = new Map();
this.initialize();
}
initialize() {
// Register BMAD-specific roles with framework
this.authService.registerRoles([
'bmad.administrator',
'bmad.strategist',
'bmad.analyst',
'bmad.project_manager',
'bmad.stakeholder'
]);
// Set up permission inheritance
this.authService.setRoleHierarchy({
'bmad.administrator': ['bmad.strategist', 'bmad.project_manager'],
'bmad.strategist': ['bmad.analyst'],
'bmad.project_manager': ['bmad.stakeholder'],
'bmad.analyst': ['bmad.stakeholder']
});
}
async assignRole(userId, role, context = {}) {
// Validate role assignment
if (!this.roleDefinitions.has(role)) {
throw new Error(`Invalid BMAD role: ${role}`);
}
// Use framework's role assignment with BMAD context
return await this.authService.assignRole(userId, role, {
module: 'bmad',
...context
});
}
async checkPermission(userId, permission, resource = null) {
// Check both framework and BMAD-specific permissions
const hasFrameworkPermission = await this.authService.hasPermission(
userId,
permission
);
if (hasFrameworkPermission) return true;
// Check BMAD-specific permission logic
return await this.checkBMADPermission(userId, permission, resource);
}
async getUserContext(userId) {
const user = await this.authService.getUser(userId);
const roles = await this.authService.getUserRoles(userId, 'bmad');
return {
user,
roles,
permissions: await this.getUserPermissions(userId),
accessible_projects: await this.getAccessibleProjects(userId),
team_memberships: await this.getTeamMemberships(userId)
};
}
}