Namespace KadicAuth.Domain.Entities
Classes
- PlatformAdmin
Represents a user that has been granted platform-level administrative privileges. PlatformAdmins can bypass tenant-scoped validation checks on specific operations (e.g. the tenant-360 creation wizard) so they can bootstrap and configure tenants on behalf of the platform.
This concept lives intentionally OUTSIDE of the standard Permissions/Roles system:
- it is not assignable via
POST /api/Roles/.../permissions, - it does not appear in
GET /api/Permissions, - its membership is managed only through the dedicated
PlatformAdminsController.
One row per user; a user is either a platform admin or not.
- it is not assignable via
- PlatformAdminAuditLogEntry
Append-only audit trail for platform-admin membership changes and (optionally) for cross-tenant operations executed under platform-admin privileges.
Writes happen in the same transaction as the corresponding mutation on PlatformAdmin, so the log cannot desync from the membership table.
- UserRoleAssignment
Represents the assignment of a tenant role to a user, optionally scoped to a branch.