Arbor — Feature · Permissions model

Feature · Permissions

Role-based access tied to the entity tree

Permissions inherit down the tree by default and can be overridden per node, so a building manager doesn't see the rest of the fund.

arbor / Lumina / permissions

Portfolio tree · M. Rivera

Lumina Fund read

Metropolitan edit

Exchange House admin

Ground floor edit

Floors 1–4 edit

Bishopsgate Ct —

King's Cross 12 —

Northern Hub —

Granted

Out of scope

Effective access · Exchange House

Inheritance and overrides at this node

Each level shows the role that resolves here, where it came from, and whether it was inherited or set explicitly.

Level

Source

Read

Write

Fund

Inherited from Lumina Fund role

Read

None

Property

Inherited from Metropolitan

Read

Edit

Building

Override · set on this node

Read

Admin

Space

Inherited from Exchange House

Read

Edit

Meter

Inherited from Exchange House

Read

Edit

Scoped view

This user signs in and sees only Exchange House and below. The rest of Lumina is invisible in the nav, the search, and the URL space. Sibling buildings render greyed out only on this admin screen so the model is legible.

What you're looking at

Inherited by default. A role set on a Fund or Property flows down to every child node, so the team doesn't keep a separate ACL in sync with the tree.

Overrides are per-node. A building manager can be promoted to admin at a single Building without touching the rest of the fund, and the override is visible in the audit trail.

Scoped views, end to end. The same scope drives the nav, search, URL space and exports, so a user without access doesn't even see a placeholder.