​

🧱 Core Module (core_*, au_*)

​

1. Module Purpose

• Menyimpan struktur hirarki tenant → company → branch.
• Mengelola user, role, permission dan mapping-nya (RBAC).
• Menyimpan konfigurasi global/tenant/company.
• Menyimpan audit log dan rule Segregation of Duties (SoD).

​

2. Tables & Structure

​

3. Key Fields & Relationships

​

3.1 Hirarki Tenant → Company → Branch

• core_tenant
  • Key: id, code, name
  • Dipakai oleh: core_company.tenant_id, core_user.tenant_id, ic_entity.tenant_id.
• core_company
  • Key: id, tenant_id, code, name
  • FK: tenant_id → core_tenant.id
  • Dipakai oleh: core_branch.company_id, gl_coa.company_id, inv_mat.company_id, fi_*, so_customer.company_id, po_vendor.company_id, hr_emp.company_id.
• core_branch
  • Key: id, company_id, code, name
  • FK: company_id → core_company.id
  • Dipakai oleh: inv_stock.branch_id, inv_move.branch_id, po_req.branch_id, po_order.branch_id, so_order.branch_id, so_pos.branch_id, dll.

​

3.2 User & RBAC

• core_user
  • Fields: id, tenant_id, email, password_hash, is_active.
• core_role
  • Fields: id, tenant_id, code, name.
• core_permission
  • Fields: id, tenant_id, code, name, description.
• Mapping tabel:
  • core_user_role.user_id → core_user.id
  • core_user_role.role_id → core_role.id
  • core_role_perm.role_id → core_role.id
  • core_role_perm.perm_id → core_permission.id

​

3.3 Config, Notif, Audit, SoD

• core_config
  • Scope per tenant/company: tenant_id, company_id, k, v.
  • Unik minimal per tenant: UNIQUE(tenant_id, company_id, k).
• core_notif
  • Target user: user_id → core_user.id.
  • Fields: title, body, is_read, created_at.
• core_audit
  • user_id → core_user.id
  • entity_type, entity_id, action, payload_before, payload_after.
• au_sod
  • Menyimpan kombinasi role yang bertentangan: role_a_id, role_b_id → core_role.id.

​

4. Example Business Flows

​

4.1 Onboarding Tenant Baru

1. Buat record di core_tenant.
2. Buat minimal satu core_company dan core_branch.
3. Buat user admin di core_user.
4. Assign role admin di core_user_role.
5. Isi konfigurasi dasar di core_config (timezone, default currency, dsb.).

​

4.2 Approval Workflow & SoD (Konseptual)

1. Role REQUESTER hanya boleh buat PR (po_req).
2. Role APPROVER hanya boleh approve PR/PO.
3. au_sod mendefinisikan bahwa role REQUESTER dan APPROVER tidak boleh dimiliki oleh user yang sama.

​

5. Example Reports (SQL)

​

5.1 Daftar User & Role

SELECT
  u.id,
  u.email,
  r.code  AS role_code,
  r.name  AS role_name
FROM core_user u
JOIN core_user_role ur ON ur.user_id = u.id
JOIN core_role r       ON r.id = ur.role_id
WHERE u.tenant_id = :tenant_id;

​

5.2 Audit Log Terakhir per User

SELECT
  a.user_id,
  u.email,
  a.entity_type,
  a.entity_id,
  a.action,
  a.created_at
FROM core_audit a
JOIN core_user u ON u.id = a.user_id
WHERE a.tenant_id = :tenant_id
ORDER BY a.created_at DESC
LIMIT 100;

​

5.3 Cek Pelanggaran SoD Potensial

SELECT
  ur.user_id,
  u.email,
  r1.code AS role_a,
  r2.code AS role_b
FROM au_sod s
JOIN core_role r1 ON r1.id = s.role_a_id
JOIN core_role r2 ON r2.id = s.role_b_id
JOIN core_user_role ur1 ON ur1.role_id = r1.id
JOIN core_user_role ur2 ON ur2.role_id = r2.id AND ur2.user_id = ur1.user_id
JOIN core_user u ON u.id = ur1.user_id
WHERE u.tenant_id = :tenant_id;