PermissionDependency

Defines relationships and prerequisites between permissions, establishing a dependency graph that ensures permissions are granted in proper order and with necessary prerequisites. This entity captures the complex interdependencies where certain permissions require others to function properly - you can't have 'approve_documents' without 'read_documents', or 'delete_database' without 'modify_database'. Dependencies can be hard requirements (permission won't work without prerequisite), soft recommendations (permission works better with prerequisite), or mutual exclusions (permissions that conflict). The entity supports transitive dependencies where A requires B requires C, circular dependency detection to prevent infinite loops, and conditional dependencies that apply only in certain contexts. It enables permission bundles where granting one permission automatically grants required dependencies, permission hierarchies where higher-level permissions include lower-level ones, and safety checks that prevent dangerous permission combinations. Dependencies can be temporal (permission A must be held for X days before getting B), sequential (must use A before being granted B), or concurrent (must have A while using B). This dependency management is crucial for maintaining system integrity, implementing progressive trust models where users gain permissions over time, and ensuring compliance with security policies that mandate certain permission combinations. The entity helps administrators understand permission relationships and prevents configuration errors.

27 properties

Schema

Properties

Property	Type	Mode	Description	Required
dependencyId	uuid	stored	Unique identifier for this dependency	Required
permissionId	uuid	stored	The permission that has dependencies	Required
requiredPermissionId	uuid	stored	The permission that is required	Required
dependencyType	string	enum	Nature of the dependency Values: `prerequisite, corequisite, recommended, conflicting, alternative, hierarchical`	Required
strength	string	enum	How strong the dependency is Values: `required, strongly_recommended, recommended, optional`	Optional
direction	string	enum	Direction of dependency Values: `depends_on, required_by, bidirectional`	Optional
scope	string	stored	Context where dependency applies Example: `"production_environment"`	Optional
conditions	string	stored	JSON conditions for when dependency applies Example: `"{\"resource_type\":\"financial_data\",\"user_level\":{\"$gte\":3}}"`	Optional
temporalRequirement	string	stored	Time-based dependency requirements Example: `"{\"min_duration_days\":30,\"must_be_active\":true}"`	Optional
propagation	string	enum	How dependency propagates Values: `none, grant, revoke, both`	Optional
autoGrant	boolean	stored	Whether to auto-grant required permission	Optional
autoRevoke	boolean	stored	Whether to auto-revoke when dependency is lost	Optional
transitivity	string	enum	How dependency chains work Values: `direct_only, transitive, transitive_limited`	Optional
maxTransitiveDepth	integer	stored	Maximum depth for transitive dependencies	Optional
conflictResolution	string	enum	How to handle conflicts Values: `block, warn, override, escalate`	Optional
validationRules	string	stored	JSON rules for validating dependency	Optional
alternativePermissions	string	stored	JSON array of alternative permissions Example: `"[\"perm_alt_001\",\"perm_alt_002\"]"`	Optional
reason	string	stored	Explanation of why dependency exists Example: `"Write permission requires read permission to function properly"`	Optional
impact	string	stored	What happens without the dependency Example: `"Permission will fail with 'insufficient access' error"`	Optional
priority	integer	stored	Evaluation order for dependencies	Optional
isCircular	boolean	stored	Whether this creates a circular dependency	Optional
circularPath	string	stored	Path of circular dependency if detected	Optional
isActive	boolean	stored	Whether dependency is currently enforced	Optional
enforcementLevel	string	enum	How strictly to enforce Values: `strict, warning, logging_only`	Optional
createdBy	User	stored	Who defined this dependency	Optional
createdAt	DateTime	stored	When dependency was created	Required
metadata	object	stored	Additional dependency configuration	Optional

Examples

Example 1

{
  "@type": "PermissionDependency",
  "dependencyId": "dep_001",
  "permissionId": "perm_write_document",
  "requiredPermissionId": "perm_read_document",
  "dependencyType": "prerequisite",
  "strength": "required",
  "direction": "depends_on",
  "scope": "global",
  "propagation": "grant",
  "autoGrant": true,
  "autoRevoke": false,
  "transitivity": "direct_only",
  "conflictResolution": "block",
  "reason": "Cannot write to documents without read access",
  "impact": "Write operations will fail without read permission",
  "priority": 100,
  "isCircular": false,
  "isActive": true,
  "enforcementLevel": "strict",
  "createdAt": "2024-01-01T00:00:00Z",
  "metadata": {
    "documented_requirement": true,
    "security_policy": "least_privilege"
  }
}

Example 2

{
  "@type": "PermissionDependency",
  "dependencyId": "dep_002",
  "permissionId": "perm_approve_transaction",
  "requiredPermissionId": "perm_create_transaction",
  "dependencyType": "conflicting",
  "strength": "required",
  "direction": "bidirectional",
  "scope": "financial_operations",
  "conditions": "{\"transaction_value\":{\"$gt\":1000}}",
  "propagation": "none",
  "autoGrant": false,
  "autoRevoke": true,
  "transitivity": "direct_only",
  "conflictResolution": "block",
  "reason": "Separation of duties - cannot approve own transactions",
  "impact": "Violates SOX compliance requirements",
  "priority": 200,
  "isCircular": false,
  "isActive": true,
  "enforcementLevel": "strict",
  "createdAt": "2024-01-01T00:00:00Z",
  "metadata": {
    "compliance_requirement": "SOX",
    "audit_flag": true
  }
}