# pbc-identity metadata.
#
# Loaded at boot by org.vibeerp.platform.metadata.MetadataLoader,
# tagged source='core'. Re-loaded on every boot from the YAML below
# (delete-then-insert), so this file is the source of truth — edits
# made via the future SPA customization UI live in metadata__* rows
# tagged source='user' and are NEVER touched by the loader.

entities:
  - name: User
    pbc: identity
    table: identity__user
    description: A user account in the framework

  - name: Role
    pbc: identity
    table: identity__role
    description: A named bundle of permissions assignable to users

permissions:
  - key: identity.user.read
    description: Read user records
  - key: identity.user.create
    description: Create new user records
  - key: identity.user.update
    description: Update user records
  - key: identity.user.disable
    description: Disable a user (soft-delete; row is preserved for audit)
  - key: identity.role.read
    description: Read role records
  - key: identity.role.create
    description: Create new roles
  - key: identity.role.assign
    description: Assign or revoke a role for a user

menus:
  - path: /identity/users
    label: Users
    icon: people
    section: System
    order: 100
  - path: /identity/roles
    label: Roles
    icon: shield-lock
    section: System
    order: 110