RBAC Per-Development Access Control
RBAC Per-Development Access Control
Available from: v1.0.24
Audience: Organisation Owners, Administrators, Enterprise agencies
Overview
Prior to v1.0.24, any admin-role member of an organisation had access to all developments within that organisation. For large property management agencies managing many independent Owners' Management Companies (OMCs), this posed a governance and data segregation problem.
v1.0.24 introduces per-development access control — a second tier of permissions that sits below the organisation level and allows agents to be scoped to specific developments only.
How It Works
Two-Tier Permission Model
Access to any development is now evaluated in two stages:
- Organisation-level check — Is the user a valid member of the organisation? (existing behaviour via
orgProcedure) - Development-level check — Is the user explicitly assigned to this development? (new in v1.0.24)
Both checks must pass for a user to access development data.
Incoming Request
│
▼
┌─────────────────────────┐
│ Org Membership Check │ ← orgProcedure (existing)
│ (owner / admin / member│
└────────────┬────────────┘
│ Pass
▼
┌─────────────────────────┐
│ Development Scope Check│ ← new middleware (v1.0.24)
│ (agent assignment table│
└────────────┬────────────┘
│ Pass
▼
Development Data
Agent-to-Development Assignment Table
A new assignment table records which agents are assigned to which developments. An entry in this table is required for any non-owner user to access a development.
| Field | Description |
|---|---|
orgMemberId | The organisation member being assigned |
developmentId | The development they are being granted access to |
role | The scoped role for this assignment |
Organisation Owner Access
Organisation owner role members retain unrestricted access to all developments and are not subject to the development-scoped assignment check.
Role Summary
| Org Role | Development Access |
|---|---|
owner | All developments (unrestricted) |
admin | Only explicitly assigned developments |
member | Only explicitly assigned developments |
Configuring Development Assignments
Development assignment management is available to organisation
ownerandadminroles.
Assigning an Agent to a Development
- Navigate to your Organisation Settings.
- Select Members.
- Choose the agent you wish to assign.
- Under Development Access, select one or more developments.
- Save the assignment.
The agent will immediately gain scoped access to the selected developments only.
Revoking Access
Removing a development assignment immediately revokes the agent's access to that development. Their organisation membership and access to other assigned developments is unaffected.
Default Behaviour After Upgrade
On upgrade to v1.0.24:
- Existing
adminandmemberusers retain full access to all developments until explicit development-scoped assignments are configured. This preserves continuity for existing deployments. - Organisation
ownerusers are unaffected — they retain unrestricted access. - It is strongly recommended that administrators review all agent assignments and configure per-development scoping at the earliest opportunity, particularly for organisations managing multiple OMCs.
Compliance Considerations
For Irish property management agencies, each development typically corresponds to an independent OMC with its own legal obligations, financials, and owner data. Per-development access control supports:
- GDPR data minimisation — agents only access personal data of owners in developments they manage.
- OMC governance — operational separation between developments owned by different OMCs.
- Audit readiness — a clear, queryable record of which agents had access to which development data and when.