SPEC-PWF-PRM · v0.1
14 June 2026
Owner: Platform team

1Trigger, outcome & lanes

What starts this process, where it ends, who acts and on which surface. Permission catalogs are per application (FED-9); the Permissions page is a role × permission matrix, with optional region or site scope overrides.

2The flow

Top to bottom in sequence; lanes are the actors. The one decision is scope: leave the matrix organization-wide, or add a region or site override that narrows it — overrides may only narrow, never widen (FED-10). The effective set the gateway enforces is the role matrix intersected with the scope override. Node shape follows the master conventions.

3Steps

Each row is one node on the swimlane: who acts, what happens, and the requirement or rule it traces to.

4Related documentation

Every id, service and entity this process touches — each linked to the document that owns it.

5Rules in play

The WF-rules that bind this workflow — the master holds the full set.

6Open questions & ⚠ gaps

Surfaced by this process; not yet resolved in the model.

Ref	Gap
FED-10	Scope narrows, never widens. A region or site override replaces the org-wide default for that scope but can only remove permissions — the resolver must reject any override that would widen. Enforced server-side, not just in the UI.
— ⚠	Partners app catalog. The Partners-app permission catalog is not yet drafted (Federation PRD §11) — the matrix for partner tenants is incomplete until it lands.

7Revision history

Version	Date	Changes
0.1	14 Jun 2026	First draft — the permission-matrix flow split out as its own process in the new Federation group (SPEC-PWF-FED). Configures the role × permission matrix and scope overrides for roles defined in Roles; traces to the Federation PRD permission catalogs (FED-9…10, ACC-2).