Context
AccessPolicy.condition: TEXT is unbounded SQL. No model of principal identity, role composition, deny-vs-allow precedence, or interaction with views.
What to do
Write docs/theory/access-control-model.adoc covering principals, role composition, policy precedence (deny-wins?), interaction with provenance/temporal views. Once stable, replace the free-form TEXT with a typed predicate language (start with column = constant).
Acceptance
Context
AccessPolicy.condition: TEXTis unbounded SQL. No model of principal identity, role composition, deny-vs-allow precedence, or interaction with views.What to do
Write
docs/theory/access-control-model.adoccovering principals, role composition, policy precedence (deny-wins?), interaction with provenance/temporal views. Once stable, replace the free-form TEXT with a typed predicate language (start with column = constant).Acceptance