Summary
RNHT needs a clearer access-control and approval workflow around sensitive admin actions.
Why this matters
Community platforms often mix day-to-day coordination with higher-risk actions like financial changes, member data updates, and privileged administration. Those flows need clear boundaries.
Suggested scope
- Define the core roles and permission boundaries for members, volunteers, admins, and finance or operations staff
- Add approval requirements for sensitive actions such as record deletion, financial changes, or bulk updates
- Document how audit history is retained for privileged operations
- Capture the minimum policy model needed for future UI and API enforcement
Done when
- Sensitive operations have explicit approval boundaries
- Role capabilities are documented clearly
- Privileged actions leave an audit trail
Summary
RNHT needs a clearer access-control and approval workflow around sensitive admin actions.
Why this matters
Community platforms often mix day-to-day coordination with higher-risk actions like financial changes, member data updates, and privileged administration. Those flows need clear boundaries.
Suggested scope
Done when