Allowed and denied examples
Same tenant + same restaurant + same branch order read: allowedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: managerrequested resource: order:branch_fountain_square:ORD-1001expected decision: allowreason: Actor, order and request context share the same tenantId, restaurantId and branchId for a read-only order lookup.auditRequired: trueredactionLevel: none
Alloworder
Same tenant + same restaurant + different branch order read: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: cashierrequested resource: order:branch_seaside:ORD-2002expected decision: denyreason: Cross-branch order reads are denied unless an explicit branch grant exists; this preview intentionally has no grant.auditRequired: trueredactionLevel: branch-summary
Denyorder
Same tenant + different restaurant branch access: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: adminrequested resource: restaurant:restaurant_ganja_grill/branch:branch_nizamiexpected decision: denyreason: Restaurant boundary changed inside the same tenant, so branch details are denied without a restaurant-level assignment.auditRequired: trueredactionLevel: tenant-safe-summary
Denyrestaurant-branch
Different tenant access: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: ownerrequested resource: tenant:tenant_private_competitor/restaurant:restaurant_old_city/ordersexpected decision: denyreason: Cross-tenant access is always denied in this preview and returns full redaction to prevent tenant data leakage.auditRequired: trueredactionLevel: full-redaction
Denyorder
POS device from wrong branch: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: pos-devicerequested resource: pos-device:POS-SEASIDE-02/session:branch_seasideexpected decision: denyreason: A POS device registered to another branch cannot open a session for this branch context.auditRequired: trueredactionLevel: branch-summary
Denypos-device-session
Waiter assigned to wrong branch/table: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: waiterrequested resource: table:branch_seaside:T12expected decision: denyreason: Waiter table assignment is scoped to one branch; wrong branch or table assignments are denied by default.auditRequired: trueredactionLevel: branch-summary
Denywaiter-table-assignment
Kitchen station from wrong branch: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: kitchenrequested resource: kitchen-station:branch_seaside:grill/ticket:KOT-3003expected decision: denyreason: Kitchen tickets stay within the issuing branch so stations cannot view tickets from another branch.auditRequired: trueredactionLevel: branch-summary
Denykitchen-station-ticket
Courier assigned to wrong branch delivery: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: courierrequested resource: delivery:branch_seaside:DEL-4004expected decision: denyreason: Courier delivery assignment belongs to a different branch, so address and customer details stay redacted.auditRequired: trueredactionLevel: full-redaction
Denydelivery-assignment
Reports export across branches without explicit grant: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: reportingrequested resource: reports:restaurant_baku_central:all-branches:sales-exportexpected decision: denyreason: Cross-branch reports export is denied because this preview creates no explicit multi-branch reporting grant.auditRequired: trueredactionLevel: tenant-safe-summary
Denyreports-export
Tenant domain route mismatch: deniedtenantId: tenant_az_demo_food_grouprestaurantId: restaurant_baku_centralbranchId: branch_fountain_squareactor role: domain-routerrequested resource: host:orders.other-tenant.example.invalid/path:/branch_fountain_square/menuexpected decision: denyreason: Domain tenant resolution does not match the route tenantId, so the request is denied before branch data is shown.auditRequired: trueredactionLevel: full-redaction
Denytenant-domain-route