LedgerOS · Phase 5 · Production Integration Blueprint

Permission Matrix

Six roles × every route group in the Phase 1–4 design. Actions authorized here map 1:1 to the backend permission strings on the API map.

LedgerOS UI Design Lab · Phase 5 blueprint — no backend is connected. Every endpoint, permission, and event listed here is a design contract, not a live API.
Rose
Owner. Final override on cash, guardrails, and pricing exceptions.
Christin
Accounting Lead. Reclassifications, approvals, verification.
Carmen
Systems Reviewer. Attestation and audit — never posts value.
Accountant
Day-to-day ledger operator. Bounded approval limits.
Team
Individual contributors. Submit and view own scope.
Integration
Service accounts. Signed events only — no interactive login.
RouteRoseChristinCarmenAccountantTeamIntegration
/cash-availabilityView · OverrideView · ReclassifyViewViewWrite bucket updates
/invoices/*AllCreate · Approve · SendView · ExportCreate · SendView own clientSync only
/expenses/approvalsApprove · OverrideApproveViewApprove up to $1kSubmit onlyIngest
/expenses/policiesManageManageViewView
/automation/cash-controlsOverridePropose overrideView · AttestViewEmit signals
/automation/rulesManageManageReviewView
/automation/bonus-controlsApproveVerifyAttestPost payableView ownSync payroll
/intelligence/leakageAcceptVerify · Draft invoiceReviewSend invoiceEmit signals
/intelligence/recommendationsAccept · RejectCommentReview
/ledger/journalsPostPostAttestPostPost via signed events
/auditViewViewView · ExportViewView ownAppend
Sensitive-value rules
  • Bank balances masked for Team; visible to Rose, Christin, Accountant.
  • Payroll amounts visible only to Rose, Christin, Accountant.
  • Carmen may view and export everything but never post value.
  • Integration service accounts may only post signed events — never authenticate interactively.
  • Every deny returns an audit event; every override requires a justification string.