Skip to main content

​
RBAC Architecture & Role Definitions (L0–L4)

Dokumentasi lengkap Role-Based Access Control (RBAC) multi-level untuk sistem MStore yang dapat scale dari Micro business hingga Multi-National Corporation (MNC) dengan 57 roles terstruktur.

​
🎯 Prinsip Desain

Arsitektur ini dibangun berdasarkan 4 pilar utama:

Security

Principle of Least Privilege & Segregation of Duties

Efficiency

Role dapat dirangkap aman untuk tim kecil (kurang dari 50 staff)

Auditability

Semua transaksi critical ada trail & approval log

Scalability

Mudah upgrade dari L1 ke L4 tanpa breaking change

​
πŸ“Š Level Overview

LevelNamaTarget BisnisKompleksitasJumlah Role
L0Micro / SoloWarung, freelancerπŸ”Ή Minimal3 roles
L1SMEToko retail, cafeπŸ”Ή Low6-8 roles
L2EnterpriseManufaktur, distribusiπŸ”Έ Medium24 roles
L3HoldingGrup multi-entityπŸ”Έ High9 roles
L4MNC / CorporateMulti-countryπŸ”Έ Very High15 roles
Total: 57 roles across 5 business levels

​
🧩 L0 β€” Micro / Solo

🎯 Fokus: Sistem sederhana untuk 1–3 user tanpa approval flow πŸ’Ό Contoh Bisnis: Warung, freelancer, jasa kecil

​
Roles

CodeNameDeskripsiAccess
L0_OWNEROwnerPemilik dengan akses penuhALL
L0_CASHIERCashierKasir input transaksiPOS, Invoice
L0_VIEWERViewerRead-only laporanReports

​
Karakteristik

  • βœ… Simple & Fast: Setup < 5 menit
  • βœ… No SoD: Tidak ada aturan rangkap jabatan
  • βœ… Single Device: Ideal untuk POS mini
  • ⚠️ No Approval: Tidak ada workflow approval
# L0 Policy Example
L0_OWNER:
  allow: [ALL]
L0_CASHIER:
  allow: [POS, INVOICE]
L0_VIEWER:
  readonly: true

​
🧩 L1 β€” SME (Small–Medium Enterprise)

🎯 Fokus: ERP dasar β€” Finance, HR, Inventory πŸ’Ό Contoh Bisnis: Toko retail, bengkel, cafe, grosir kecil

​
Roles

CodeNameDeskripsiAvailable Levels
L1_OWN-MGROwner & ManagerPemilik usaha semua modulL1,L2,L3,L4
L1_FIN-MGRFinance ManagerKeuangan, laporan, kasL1,L2,L3,L4
L1_INV-MGRInventory ManagerStok dan gudangL1,L2,L3,L4
L1_HR-MGRHR ManagerHR dan payrollL1,L2,L3,L4
L1_CSHCashierTransaksi harianL0,L1,L2,L3,L4
L1_AUDAuditorRead-only auditL1,L2,L3,L4

​
Karakteristik

  • βœ… Efisien: Cukup 6 role untuk 5-20 staff
  • βœ… Tanpa konflik: Belum ada SoD strict
  • βœ… Rangkap aman: 1 orang boleh > 1 role
  • ⚠️ Basic approval: Approval sederhana saja
# L1 Policy Example
L1_OWN_MGR:
  allow: [FIN.*, INV.*, HR.*, POS]
L1_FIN_MGR:
  allow: [FIN.*, INVOICE, REPORT]
L1_INV_MGR:
  allow: [STOCK, PURCHASE]

​
🧩 L2 β€” Enterprise

🎯 Fokus: Multi-department, approval flow, RBAC penuh πŸ’Ό Contoh Bisnis: Manufaktur, e-commerce besar, distribusi

​
Core Roles (24 total)

  • Management (3)
  • Finance (4)
  • Operations (6)
  • Marketing & CRM (4)
  • Customer Service (2)
  • R&D (2)
  • Support (3)
  • Approvers (2)
  • L2_OWN-MGR: Akses penuh & approval tertinggi
  • L2_ADM-BIZ: Konfigurasi bisnis (COA, tax, workflow)
  • L2_ADM-SYS: Infrastruktur teknis (deployment, backup)

​
Segregation of Duties (SoD)

Critical SoD Rules untuk L2+:
  1. ADM-SYS β‰  FIN.* atau HR.* (System admin tidak boleh akses finance)
  2. FIN-AP β‰  ACC-MGR (Tidak boleh self-approve pembayaran)
  3. SL-POS β‰  ACC-MGR (Kasir tidak boleh edit jurnal)
  4. AUD = Read-only saja (Auditor tidak boleh edit data)
  5. MKT-MGR β‰  FIN-MGR (Marketing tidak boleh approve finance)
  6. CRM-OPS β‰  IT-SYS (Pemisahan CRM operations vs infrastructure)
  7. RD-MGR β‰  INV-MGR (R&D tidak boleh edit inventory production)
  8. DATA-ANL β‰  FIN-AP (Data analyst tidak boleh input pembayaran)

​
Karakteristik

  • βœ… SoD Aktif: Segregation of Duties enforcement
  • βœ… Approval Flow: Multi-level approval (L1, L2)
  • βœ… Department-based: Role per departemen
  • βœ… Audit Trail: Lengkap untuk semua transaksi
# L2 Policy Example dengan SoD
L2_ADM_SYS:
  allow: [DEPLOY, BACKUP, MONITOR]
  deny: [FIN.*, HR.*]  # SoD enforcement

L2_FIN_AP:
  allow: [PAYMENT]
  deny: [ACC-MGR]  # Tidak boleh approve sendiri

L2_ACC_MGR:
  allow: [JOURNAL, REPORT, APPROVE]
  deny: [FIN-AP]  # Tidak boleh input pembayaran

​
🧩 L3 β€” Holding

🎯 Fokus: Multi-entitas, multi-currency, intercompany πŸ’Ό Contoh Bisnis: Grup usaha dengan beberapa anak perusahaan

​
Holding-Level Roles (9 total)

CodeNameScopeDeskripsi
L3_OWN-MGR-HLDOwner & Manager (Holding)HOLDINGKontrol semua entitas
L3_ADM-SYS-HLDSystem Admin (Holding)HOLDINGInfrastruktur global
L3_CONS-MGRConsolidation ManagerHOLDINGKonsolidasi laporan grup
L3_AUD-GRPGroup AuditorHOLDINGAudit seluruh entitas
L3_APV-L3Approver Level 3HOLDINGApproval lintas entitas
L3_LEG-ADVISORLegal AdvisorHOLDINGKontrak, lisensi, regulasi grup
L3_COMP-OFFICERCompliance OfficerHOLDINGAudit compliance & reporting
L3_BI-MGRBI ManagerHOLDINGDashboard global, KPI design
L3_DATA-ANLData AnalystHOLDINGReport data, KPI analysis

​
Domain Architecture

​
Karakteristik

  • βœ… Domain Isolation: Role terisolasi per entitas
  • βœ… Intercompany: Support transaksi antar entitas
  • βœ… Consolidation: Laporan konsolidasi grup
  • βœ… Multi-Currency: Support mata uang berbeda
# L3 Policy dengan Domain
L3_OWN_MGR_HLD:
  allow: [ALL]
  scope: HOLDING

L3_CONS_MGR:
  allow: [CONSOLIDATION, REPORTING]
  scope: HOLDING  # Akses cross-entity

​
🧩 L4 β€” Corporate / MNC

🎯 Fokus: Multi-country, regulatory compliance, SSO, OPA πŸ’Ό Contoh Bisnis: Grup lintas negara, public company

​
Global Roles (15 total)

CodeNameScopeDeskripsi
L4_BOARD-CXOBoard & C-LevelGLOBALAkses strategis global
L4_GOV-COMPGovernance & ComplianceGLOBALAudit eksternal (SOX, ISO)
L4_FIN-GLBGlobal FinanceGLOBALTransfer pricing, consolidation
L4_IT-SYS-GLBGlobal IT SystemGLOBALIAM, SSO, OPA, encryption
L4_ADM-REGRegional AdminREGIONKonfigurasi regional
L4_APV-EXECExecutive ApproverGLOBALApproval global
L4_AUD-EXTExternal AuditorGLOBALAuditor independen
L4_MKT-GLBGlobal MarketingGLOBALBrand governance, global campaign
L4_CMO-GLBCMO (Global)GLOBALStrategic marketing leadership
L4_PROD-DEVProduct DevelopmentGLOBALInnovation, prototyping
L4_DATA-STWData StewardGLOBALData governance, master data
L4_ESG-MGRESG ManagerGLOBALSustainability, ESG reporting
L4_CSR-OFFICERCSR OfficerGLOBALCSR programs
L4_SEC-OFFRSecurity OfficerGLOBALSIEM, incident response
L4_ROLE-AUDITRole Auditor (IGA)GLOBALRole review, SoD validation

​
Integration Stack

Identity & Access

  • SSO (SAML, OAuth2)
  • LDAP/Active Directory
  • MFA enforcement

Policy Engine

  • OPA (Open Policy Agent)
  • Casbin multi-domain
  • Redis Watcher (real-time sync)

Compliance

  • SOX compliance
  • ISO 27001
  • GDPR ready

Monitoring

  • Audit log central
  • SIEM integration
  • Anomaly detection

​
Karakteristik

  • βœ… Global Compliance: SOX, ISO, GDPR
  • βœ… SSO Integration: Single sign-on
  • βœ… Zero-Trust: OPA policy enforcement
  • βœ… Real-time Sync: Redis watcher untuk policy
  • βœ… Multi-Region: Support deployment global
# L4 Policy dengan Global Scope
L4_BOARD_CXO:
  allow: [GLOBAL.REPORTS, DASHBOARD, KPI]
  scope: GLOBAL

L4_IT_SYS_GLOBAL:
  allow: [IAM, SSO, OPA, ENCRYPTION]
  deny: [FIN.*, HR.*]
  scope: GLOBAL

L4_AUD_EXTERNAL:
  readonly: true
  scope: GLOBAL
  audit_trail: required

​
πŸ”„ Upgrade Path

​
Evolusi Natural

​
Migration Strategy

1

L0 β†’ L1

Trigger: Staff bertambah > 3 orangAction:
  • Tambah role FIN-MGR, INV-MGR, HR-MGR
  • Pisahkan owner dari operator
  • Setup basic audit (role AUD)
2

L1 β†’ L2

Trigger: Multi-department atau staff > 20 orangAction:
  • Aktifkan SoD rules
  • Split admin (ADM-BIZ vs ADM-SYS)
  • Implementasi approval flow (APV-L1, APV-L2)
  • Pisah finance (FIN-AP, FIN-AR, FIN-CASH)
3

L2 β†’ L3

Trigger: Multi-entity atau holding structureAction:
  • Aktifkan domain isolation
  • Setup consolidation (CONS-MGR)
  • Tambah entity-level roles (@ENT-xx)
  • Implementasi intercompany transactions
4

L3 β†’ L4

Trigger: Multi-country atau go publicAction:
  • Integrasikan SSO (SAML/OAuth2)
  • Deploy OPA untuk global policy
  • Setup compliance (GOV-COMP)
  • Aktifkan Redis watcher

​
πŸ› οΈ Implementasi Teknis

​
Database Schema

-- merchants table
ALTER TABLE merchants ADD COLUMN business_level 
  ENUM('L0', 'L1', 'L2', 'L3', 'L4') NOT NULL DEFAULT 'L1'
  COMMENT 'Business size level';

-- roles table
ALTER TABLE roles ADD COLUMN available_levels 
  VARCHAR(32) NOT NULL DEFAULT 'L1,L2,L3,L4'
  COMMENT 'Comma-separated business levels where this role is available';

​
Backend (Go/Fiber)

// Load roles based on merchant's business level
func (s *service) GetAvailableRoles(merchantID uint) ([]Role, error) {
    var merchant Merchant
    if err := s.db.First(&merchant, merchantID).Error; err != nil {
        return nil, err
    }
    
    var roles []Role
    query := s.db.Where("available_levels LIKE ?", "%"+merchant.BusinessLevel+"%")
    if err := query.Find(&roles).Error; err != nil {
        return nil, err
    }
    
    return roles, nil
}

​
Casbin Policy

# policy.csv (L2 example)
p, L2_ADM-SYS, /api/*, DEPLOY
p, L2_ADM-SYS, /api/*, BACKUP
p, L2_FIN-AP, /api/payment/*, WRITE
p, L2_ACC-MGR, /api/journal/*, APPROVE

# grouping.csv (hierarchy)
g, alice, L2_ADM-SYS
g, bob, L2_FIN-AP
g, charlie, L2_ACC-MGR

# domain.csv (L3 example)
p, L3_FIN-MGR@ENT-01, ENT-01, /api/finance/*, *
p, L3_FIN-MGR@ENT-02, ENT-02, /api/finance/*, *
p, L3_CONS-MGR@HOLDING, *, /api/consolidation/*, *

​
πŸ“š Best Practices

​
1. Role Assignment

DO: Assign role berdasarkan fungsi, bukan orang
# βœ… CORRECT
User: Budi
Roles: [L2_INV-MGR, L2_PRC-MGR]  # Fungsi jelas

# ❌ WRONG
User: Budi
Roles: [BUDI-CUSTOM]  # Terlalu spesifik

​
2. Segregation of Duties

Jangan pernah gabungkan roles ini:
  • L2_ADM-SYS + L2_FIN.* (System admin tidak boleh akses finance)
  • L2_FIN-AP + L2_ACC-MGR (Self-approval)
  • L2_SL-POS + L2_ACC-MGR (Kasir edit jurnal)
  • L3_AUD + ANY-WRITE (Auditor harus read-only)

​
3. Upgrade Timing

​
πŸ§ͺ Testing & Validation

​
Role Validation Script

# Test SoD enforcement
curl -X POST http://localhost:8080/api/rbac/validate \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": 123,
    "roles": ["L2_FIN-AP", "L2_ACC-MGR"]
  }'

# Expected response:
# {
#   "valid": false,
#   "error": "SoD violation: L2_FIN-AP cannot be combined with L2_ACC-MGR"
# }

​
Casbin Policy Test

func TestSoDEnforcement(t *testing.T) {
    e, _ := casbin.NewEnforcer("model.conf", "policy.csv")
    
    // Test: L2_FIN-AP should NOT access L2_ACC-MGR endpoints
    ok, _ := e.Enforce("bob", "L2_FIN-AP", "/api/journal/approve", "POST")
    assert.False(t, ok, "L2_FIN-AP should not approve journal")
    
    // Test: L2_ACC-MGR CAN approve journal
    ok, _ = e.Enforce("charlie", "L2_ACC-MGR", "/api/journal/approve", "POST")
    assert.True(t, ok, "L2_ACC-MGR should approve journal")
}

Bruno API Collections

API V2 collections organized by role

UI/UX by Level

UI/UX specifications for each business level

Approval Flow

Multi-level approval workflow

Audit Logs

Tracking aktivitas user per role

User Management

Cara assign role ke user

Security Best Practices

Panduan keamanan sistem

​
πŸŽ“ Example Scenarios

​
Scenario 1: Toko Retail (L1)

Setup:
  • 1 Owner (L1_OWN-MGR)
  • 1 Kasir (L1_CSH)
  • 1 Admin Stok (L1_INV-MGR)
  • 1 Keuangan part-time (L1_FIN-MGR)
Rangkap Jabatan:
  • Owner merangkap HR-MGR (aman karena L1 belum strict SoD)
  • Kasir merangkap VWR untuk lihat laporan (aman)

​
Scenario 2: Manufaktur (L2)

Setup:
  • 1 Owner (L2_OWN-MGR)
  • 2 Admin (L2_ADM-BIZ, L2_ADM-SYS) β€” harus pisah!
  • Finance team: L2_FIN-AP, L2_FIN-AR, L2_ACC-MGR β€” tidak boleh rangkap!
  • Operations: L2_INV-MGR, L2_PRC-MGR, L2_SL-MGR
  • Approvers: L2_APV-L1, L2_APV-L2
SoD Strict:
  • L2_FIN-AP β‰  L2_ACC-MGR (tidak boleh self-approve)
  • L2_ADM-SYS β‰  L2_FIN.* (system admin tidak boleh edit keuangan)

​
Scenario 3: Holding Group (L3)

Setup:
  • HOLDING: L3_CONS-MGR, L3_AUD-GRP, L3_APV-L3
  • ENT-01 (Trading): L3_FIN-MGR@ENT-01, L3_INV-MGR@ENT-01
  • ENT-02 (Manufacturing): L3_FIN-MGR@ENT-02, L3_INV-MGR@ENT-02
Domain Isolation:
  • L3_FIN-MGR@ENT-01 hanya akses data ENT-01
  • L3_CONS-MGR@HOLDING bisa akses semua entity

​
πŸ“ž Support

Jika ada pertanyaan tentang multi-level RBAC atau butuh konsultasi untuk upgrade level, hubungi tim development. Tags: rbac, multi-level, security, scalability, casbin, enterprise, architecture, roles