docyrus-acl-design
Installation
SKILL.md
Docyrus ACL Design
Configure tenant access control with docyrus acl, then validate the setup before handing it off. The Docyrus ACL system has five concepts:
| Concept | What it is |
|---|---|
| Role | Named permission group assigned to users |
| Hierarchy Unit | Org-tree node for org-chart-aware row-level security (RLS) |
| Role Query | Row-level filter attached to one or more roles for a data source |
| Operation | System-defined permission slug (read-only — you can't create these) |
| Rule | Binds a role to a target (data source / app / AI tool / settings) with a list of allowed operation slugs |
For platform concepts see the docyrus-platform skill. For CLI flag tables see the docyrus-cli-app skill. This skill is the ACL-specific workflow.
Workflow
Follow in order. A role without rules grants nothing useful.