Sentra Membership — Role & Permission Matrix¶
Untuk mengamankan keuangan dan hak operasional antar cabang, sistem menerapkan pemisahan tugas secara ketat berdasarkan RBAC (Role-Based Access Control).
6.1 RBAC Matrix Table¶
| Module Action | Owner | Branch Manager | Receptionist | Trainer | Staff Operasional | Member |
|---|---|---|---|---|---|---|
| View Financial Reports | ✓ | ✓ (Own Branch) | ✗ | ✗ | ✗ | ✗ |
| Create Membership Package | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Override Booking Capacity | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Process Wallet Topup | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ (Online) |
| Manual Wallet Refund | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Check-in Member Manual | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Assign Trainer Schedule | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| View Trainer Commission | ✓ | ✓ | ✗ | ✓ (Own) | ✗ | ✗ |
| Access Gate Logs Audit | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Book Class / Session | ✗ | ✗ | ✓ (For Walk-in) | ✗ | ✗ | ✓ |
Catatan: Akses dibatasi berdasarkan parameter domain (misal: Branch Manager Surabaya hanya dapat memanipulasi kapasitas atau melihat laporan kas cabang Surabaya saja).
6.2 Role Descriptions¶
| Role | Scope | Keterangan |
|---|---|---|
| Owner / Executive | Semua cabang | Akses penuh semua data finansial, laporan konsolidasi, setting paket |
| Branch Manager | 1 cabang tertentu | Operasional harian cabang, penjadwalan trainer, override kapasitas |
| Receptionist / Frontdesk | 1 cabang tertentu | Check-in member, top-up wallet, cetak kartu RFID |
| Trainer / Instruktur | Kelas sendiri | Lihat jadwal, absensi member, lihat slip komisi sendiri |
| Staff Operasional | Terbatas | Akses operasional non-finansial sesuai penugasan |
| Member | Akun sendiri | Booking kelas, top-up online, lihat riwayat kunjungan sendiri |
6.3 Domain Isolation Rule¶
Setiap aksi yang dilakukan oleh Branch Manager dan Receptionist secara otomatis difilter oleh middleware berdasarkan branch_id JWT claim. Tidak ada jalur API yang memungkinkan Branch Manager Cabang A mengakses data Cabang B tanpa eskalasi izin dari Owner.