SRS Alignment Notes
Purpose
This page records known alignment notes between the original SRS, extracted implementation evidence, and technical team confirmations.
Use this page when the documentation must preserve a difference between earlier requirement wording and the currently confirmed operating model.
Status Labels
| Status | Meaning |
|---|---|
| Confirmed | Confirmed by technical team or implementation evidence |
| Needs Evidence | Requires proof such as test case, screenshot, log, or code reference |
| Needs Technical Verification | Requires technical confirmation before final approval |
| Open Risk | Known gap that may affect security, operations, or approval |
Credential Lifecycle Alignment
| Area | Earlier SRS / Baseline Wording | Current Technical Confirmation | Documentation Decision | Status |
|---|---|---|---|---|
| Credential cancellation | Admin-only | Cancellation remains Admin-only | Keep cancellation Admin-only | Confirmed |
| Credential activation / deactivation | Previously documented as Admin-only in the RBAC matrix | Manager, Parent, and Student may activate/deactivate according to configured permissions | Update RBAC wording to distinguish cancellation from activation/deactivation | Confirmed; Evidence Pending |
| Credential replacement | Previously documented as Admin-only | Replacement remains Admin-controlled unless technical team confirms another workflow | Keep as Admin-only until evidence says otherwise | Needs Evidence |
| School Manager credential assignment | School Manager role was not fully reflected in earlier matrix | School Manager can assign card/bracelet to a student within assigned school scope | Document as allowed within assigned school scope | Confirmed; Evidence Pending |
| Delivery status | Earlier matrix did not clearly separate delivery status from cancellation | School Manager can update delivery/order status within assigned school scope | Document separately from cancellation/deactivation | Confirmed; Evidence Pending |
| NFC scanning | Dashboard boundary was unclear in early wording | Dashboard does not scan or read NFC credentials | Keep dashboard NFC scanning out of scope | Confirmed |
RBAC / Tenant Scope Alignment
| Area | Current Decision | Evidence Required |
|---|---|---|
| Main account categories | Admin, Employee, Student | Technical source or role seed/config reference |
| Employee account types | Manager, Seller, Parent, Supplier, Supplier Driver, Operator, Supervisor, Staff, Automated Call Driver, Service Provider | Technical source or permission mapping reference |
| School Manager scope | Manager can be linked to more than one school | Test or code evidence showing scope filtering |
| Supplier scope | Supplier can only access its own products, orders, and invoices | Negative access test evidence |
| Operator scope | Operator can be linked to more than one cafeteria | Negative access test evidence |
| Cross-tenant behavior | Access must be denied unless explicitly assigned | Tenant isolation test evidence |
Documentation Rule
When a requirement is not fully confirmed, do not write it as a final fact. Use one of:
Needs EvidenceNeeds Technical VerificationOpen Risk