AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Business OS Permissions

Permission adapter preview

Safe local QA evidence for the central permission adapter skeleton. This page uses the existing adapter with a static read-only snapshot, creates no real role or grant, adds no auth bypass and calls no real backend.

2 allowedRead-only permission examples granted by the static snapshot.
4 deniedMutation, bypass, secret and DNS examples stay blocked.
falseAdapter runtime mutation enabled flag.
truePreview expectations match adapter decisions.

Permission examples

Restaurant profile readbusiness_os.restaurant.profile.readRead-only restaurant profile access is granted by the local preview snapshot.
allowed
Order readbusiness_os.restaurant.orders.readRead-only order access is granted for the same tenant, restaurant and branch scope.
allowed
Staff role mutationbusiness_os.restaurant.staff.writeThe preview snapshot does not grant staff role mutation authority.
denied
POS risk action bypasspos.risk_action.bypass_preview_onlyPOS bypass is intentionally not a grantable preview action; the adapter receives an ungranted audit action as the local denial probe.
denied
Billing provider secret readbilling.provider_secret.read_preview_onlyProvider secret reads are outside the adapter preview grants and remain denied without exposing secret names or values.
denied
Domain/DNS mutationdomain.dns.mutate_preview_onlyDomain and DNS mutation is represented as an ungranted branch write probe and remains human-gated.
denied

Safety envelope

No real permission grantStatic snapshot only.
true
No auth bypassAdapter evaluation only.
true
No backend connectionMock route only.
true
No production or staging touchLocal preview evidence.
true
No secrets or env filesNo values read or written.
true
No velora-crm changesBusiness OS repository only.
true