Story: Tenant administration
Table of Contents
This page documents a story in Sprint 12. It captures the goal, current status, acceptance criteria, and the tasks that compose it.
Goal
Fill out the tenant-administration surface: party-types lookup, RLS-aware test provisioning, tenant-type rename, CRUD CLI, Super Admin role.
Status
| Field | Value |
|---|---|
| State | DONE |
| Parent sprint | Sprint 12 |
| Now | Completed 2026-02-12. |
| Waiting on | None. |
| Next | None. |
| Last touched | 2026-02-12 |
Acceptance
- party_types lookup table; system party auto-created at tenant provisioning.
- Tenant repository tests off SKIP via RLS-aware helper.
- Tenant types: system / production / evaluation / automation.
- Tenant CRUD via CLI.
- Super Admin distinct from Tenant Admin.
Tasks
| Task | State | Start | End | Description |
|---|---|---|---|---|
| Add party types lookup table | DONE | 2026-05-19 | 2026-02-12 | ores_refdata_party_types_tbl with system + operational types; tenant provisioner auto-creates system party for new tenants; party creation validates type. |
| Add RLS-aware tenant provisioning for tests | DONE | 2026-05-19 | 2026-02-12 | Tenant repository tests bypass RLS via a privileged tenant_provisioning_helper; 6 SKIP'd tenant tests re-enabled. |
| Rename tenant types | DONE | 2026-05-19 | 2026-02-12 | platform → system; organisation → production; test → automation; new evaluation type added. ores_iam_tenant_types_tbl + provisioner + scripts aligned. |
| Add tenant CRUD commands to CLI | DONE | 2026-05-19 | 2026-02-12 | Add / list / etc commands for tenants via ores.cli. |
| Add roles for Super Admin | DONE | 2026-05-19 | 2026-02-12 | Distinguish Super Admin from Tenant Admin via separate roles. |
Decisions
- Tenant types now describe how they're used
- platform/organisation/test was procedural; system/production/evaluation/automation is descriptive.
- Test-only privileged helper
- production RLS unchanged.
Out of scope
- Cross-tenant data migration.
See also
None.