SPEC-PWF-ROL · v0.1
14 June 2026
Owner: Platform team

1Trigger, outcome & lanes

What starts this process, where it ends, who acts and on which surface. Every tenant owns its role set (FED-7) and shapes it on the standard Roles page — the same surface for a customer, a partner or the riversync tenant.

2The flow

Top to bottom in sequence; lanes are the actors. The flow forks once — create a new role from a template, or amend an existing one — and both reach the role joining the tenant's set. The fixed-full Owner / admin role is the one a tenant can never edit or remove (FED-8). Node shape follows the master conventions.

3Steps

Each row is one node on the swimlane: who acts, what happens, and the requirement or rule it traces to.

4Related documentation

Every id, service and entity this process touches — each linked to the document that owns it.

5Rules in play

The WF-rules that bind this workflow — the master holds the full set.

6Open questions & ⚠ gaps

Surfaced by this process; not yet resolved in the model.

Ref	Gap
FED-8 ⚠	Partner fixed-full role. Customer tenants fix Owner and the riversync tenant fixes admin, but the partner default set ships without a named Owner — whether partners get an explicit Owner or Administrator is their fixed-full role is an open question in the Federation PRD (§11).
DM-2	One role per account per app on grant. This flow only defines the role; the single-role-per-app invariant (FED-6 / DM-2) is enforced where it is assigned — Access. A definition change never silently re-grants.

7Revision history

Version	Date	Changes
0.1	14 Jun 2026	First draft — role-definition split out of the combined access workflow into its own process in the new Federation group (SPEC-PWF-FED). Composes with Access (assignment) and Permissions (the matrix); traces to the Federation PRD role model (FED-6…8).