Skip to content

Tenant and Authorization

Backlog fieldValue
Story IDAP-SHR-004
EpicShared Platform
Story typeBusiness workflow
Review statusDraft - business analyst and business owner review required
Source evidenceAppsPortal.Apis controller, application command/query handlers, validators, domain entities, and matching MFE workflow where available
Last source review2026-07-10

User story

As company users, I want to enter only tenants, branches, modules, services, and actions they are authorized to use so that business data stays isolated and unauthorized actions are prevented.

Acceptance criteria

  1. Only authorized users can view or execute the feature's actions.
  2. Required business data, active dependencies, tenant/branch scope, and current document state are validated.
  3. Invalid requests return actionable validation errors without applying a partial change.
  4. Search, list, view, print, and export operations use the same authorized business scope.
  5. Material create, edit, status, approval, posting, reversal, and integration actions are auditable where applicable.
  6. Financial or stock effects are applied atomically and no more than once.

Business rules

Required

Authenticated identity, resolvable tenant/company/branch, license/module access, and action permission are required.

Optional or conditional

User-selected branch and optional application token context depend on route.

Action behavior

Every API action rechecks server-side scope; denied requests make no change.

Blocking rule or downstream effect

Cross-tenant IDs are treated as inaccessible even if syntactically valid.

Internal Documentation — Microtec