{ "schema": "https://saferpage.de/schemas/trust-team-permissions.v1", "generated_at": "2026-06-09T03:30:35+00:00", "domain": "br-ticket.de", "available": true, "scan": { "id": "c4089039-b736-4075-add8-2afd6d98b6b1", "checked_at": "2026-06-08 15:30:00.222528+02" }, "status": "team_permissions_blueprint_ready", "summary": "Trust Team Permissions für br-ticket.de: 6 Rollen, 6 Berechtigungsmodule, 5 Freigabe-Workflows, Score 100.", "metrics": { "role_count": 6, "permission_module_count": 6, "approval_workflow_count": 5, "provisioning_control_count": 5, "maintenance_item_count": 4, "guardrail_count": 6, "readiness_score": 100 }, "team_roles": [ { "id": "trust_owner", "label": "Trust Owner", "purpose": "Verantwortet Trust-Center-Inhalte, Freigaben, Go-live und regelmäßige Betreiberreviews.", "risk_level": "high", "permissions": [ "designer_publish", "document_review", "access_policy_review", "analytics_view" ], "owner": "Security/Compliance Lead", "review_cadence": "monthly_and_quarterly" }, { "id": "trust_collaborator", "label": "Trust Collaborator", "purpose": "Pflegt zugewiesene Q&A, Dokumentmetadaten und Kundenantworten ohne Publish- oder Einstellungsrechte.", "risk_level": "medium", "permissions": [ "knowledge_contribute_assigned", "questionnaire_draft", "feedback_triage" ], "owner": "Trust Operations", "review_cadence": "quarterly" }, { "id": "sales_reviewer", "label": "Sales Reviewer", "purpose": "Sieht relevante Connections, Access-Request-Kontext und freigegebene Antworten, ohne Knowledge Base zu verändern.", "risk_level": "medium", "permissions": [ "audience_view_relevant", "connection_context", "crm_activity_view" ], "owner": "Sales Enablement", "review_cadence": "monthly" }, { "id": "legal_reviewer", "label": "Legal Reviewer", "purpose": "Prüft NDA-Versionen, Redlines, Dokument-NDA-Ausnahmen und lokale Legal-Hinweise vor Veröffentlichung.", "risk_level": "high", "permissions": [ "nda_review", "legal_agreement_approve", "localization_review" ], "owner": "Legal/Datenschutz", "review_cadence": "quarterly" }, { "id": "viewer_privacy_admin", "label": "Viewer Privacy Admin", "purpose": "Bearbeitet Revocation, De-Identifizierung, Löschanfragen und Downstream-Cleanup ohne Content-Publish-Rechte.", "risk_level": "high", "permissions": [ "viewer_delete", "revocation_sync", "retention_exception_review" ], "owner": "Datenschutz", "review_cadence": "monthly" }, { "id": "auditor_view_only", "label": "Auditor View Only", "purpose": "Erhält nur lesenden Zugriff auf freigegebene Nachweise, Auditlog-Auszüge und Reviewstatus.", "risk_level": "low", "permissions": [ "evidence_view", "audit_export_view" ], "owner": "Compliance", "review_cadence": "per_engagement" } ], "permission_modules": [ { "id": "knowledge", "label": "Knowledge / Q&A / Dokumente", "levels": [ "hidden", "self_serve", "contribute_assigned", "edit_assigned", "manage_all" ], "sensitive_fields": [ "private_documents", "past_answers", "external_sources" ] }, { "id": "trust_audience", "label": "Trust Center Audience", "levels": [ "hidden", "view_relevant", "manage_connections", "approve_requests", "manage_settings" ], "sensitive_fields": [ "viewer_email", "access_group", "nda_status" ] }, { "id": "trust_designer", "label": "Trust Center Designer", "levels": [ "hidden", "edit_draft", "publish_language", "go_live_offline", "manage_settings" ], "sensitive_fields": [ "custom_url", "public_sections", "localized_content" ] }, { "id": "questionnaires", "label": "Questionnaires / RFx", "levels": [ "hidden", "draft", "contribute_assigned", "approve_answers", "manage_settings" ], "sensitive_fields": [ "customer_questionnaire", "evidence_links", "attachments" ] }, { "id": "preview", "label": "Preview und Access-Gruppen-Test", "levels": [ "hidden", "public_preview", "approved_preview", "privileged_group_preview", "email_scope_preview" ], "sensitive_fields": [ "privileged_group_names", "private_document_titles" ] }, { "id": "insights", "label": "Insights und CRM-Kontext", "levels": [ "hidden", "view_relevant", "view_aggregated", "export", "billing_admin" ], "sensitive_fields": [ "pipeline_value", "viewer_activity", "deal_context" ] } ], "approval_workflows": [ { "id": "access_request_approval", "label": "Access Requests freigeben oder ablehnen", "required_roles": [ "trust_owner", "sales_reviewer" ], "guardrail": "Zweistufige Prüfung für neue Domains, NDA-Ausnahmen und High-Risk-Gruppen." }, { "id": "document_publish", "label": "Neue oder aktualisierte Dokumente veröffentlichen", "required_roles": [ "trust_owner", "legal_reviewer" ], "guardrail": "Owner, Ablaufdatum, Access-Level, NDA und Preview müssen vor Go-live bestätigt sein." }, { "id": "knowledge_answer_approval", "label": "Q&A und Fragebogenantworten freigeben", "required_roles": [ "trust_owner", "trust_collaborator" ], "guardrail": "Antworten nur mit Quelle, Confidence, Produkt-/Region-Scope und Reviewstatus freigeben." }, { "id": "viewer_privacy_action", "label": "Viewer löschen, de-identifizieren oder widerrufen", "required_roles": [ "viewer_privacy_admin" ], "guardrail": "Identitätsprüfung, Ausnahmegrund, Downstream-Systeme und Auditlog müssen vor Abschluss gesetzt sein." }, { "id": "role_change", "label": "Interne Rollen ändern", "required_roles": [ "trust_owner" ], "guardrail": "Keine Selbstfreigabe: Rollenänderungen brauchen zweiten Admin oder SSO/SCIM-Policy-Nachweis." } ], "provisioning_controls": [ { "id": "sso_required", "label": "SSO für interne Betreiberzugriffe erzwingen", "status": "required", "evidence": "Identity Provider, MFA, Session-Policy" }, { "id": "scim_review", "label": "SCIM-Gruppen und ausgeschiedene Nutzer monatlich prüfen", "status": "required", "evidence": "Provisioning-Log, Deprovisioning-Report" }, { "id": "least_privilege", "label": "Rollen nach Modul und Aufgabe schneiden", "status": "enforced", "evidence": "Rollenmatrix, Owner, Berechtigungslevel" }, { "id": "additive_role_warning", "label": "Additive Rollen und Objektrollen vor Freigabe simulieren", "status": "required", "evidence": "Preview der effektiven Rechte" }, { "id": "break_glass", "label": "Break-Glass-Zugriff getrennt protokollieren", "status": "recommended", "evidence": "Zeitbegrenzung, Ticket, Nachprüfung" } ], "maintenance_cadence": [ { "id": "monthly_access_review", "label": "Monatlicher Rollen- und Mitgliederreview", "scope": "roles_members_connections", "owner": "Trust Owner" }, { "id": "quarterly_permission_review", "label": "Quartalsprüfung für Publish-, Knowledge- und Legal-Rechte", "scope": "high_risk_permissions", "owner": "Compliance/Legal" }, { "id": "integration_health", "label": "SSO, SCIM, Slack/Teams und CRM Sync prüfen", "scope": "identity_and_notifications", "owner": "IT/Security" }, { "id": "content_owner_refresh", "label": "Owner für Dokumente, Q&A und Subprozessoren bestätigen", "scope": "knowledge_and_documents", "owner": "Trust Operations" } ], "guardrails": [ { "id": "no_public_member_data", "label": "Keine internen Nutzerlisten, E-Mails oder Rollenzuordnungen öffentlich exportieren", "status": "enforced" }, { "id": "no_self_approval", "label": "Kritische Freigaben nicht von derselben Person erstellen und genehmigen lassen", "status": "required" }, { "id": "separate_sales_from_publish", "label": "Sales darf Access-Kontext sehen, aber keine Trust-Inhalte veröffentlichen", "status": "required" }, { "id": "preview_before_publish", "label": "Effektive Rollen und Audience-Preview vor Publish und Gruppenänderungen testen", "status": "required" }, { "id": "delete_on_departure", "label": "Austritte, Rollenwechsel und temporäre Auditoren zügig deprovisionieren", "status": "required" }, { "id": "audit_without_viewer_leak", "label": "Audit-Exporte aggregieren oder pseudonymisieren Viewer-Kontext", "status": "enforced" } ], "permissions_contract": { "does_not_invite_real_users": true, "does_not_change_roles": true, "does_not_export_member_identity": true, "required_before_live": [ "domain_claim", "operator_auth", "sso_mfa", "scim_deprovisioning", "role_engine", "approval_separation", "audit_log", "viewer_privacy_cleanup" ] }, "links": { "html": "https://saferpage.de/trust/br-ticket.de/team-rollen", "json": "https://saferpage.de/trust/br-ticket.de/team-rollen-json", "csv": "https://saferpage.de/trust/br-ticket.de/team-rollen-csv", "markdown": "https://saferpage.de/trust/br-ticket.de/team-rollen-md", "trust_center": "https://saferpage.de/trust/br-ticket.de", "go_live": "https://saferpage.de/trust/br-ticket.de/go-live", "access_groups": "https://saferpage.de/trust/br-ticket.de/gruppen", "connections": "https://saferpage.de/trust/br-ticket.de/connections", "knowledge_sources": "https://saferpage.de/trust/br-ticket.de/wissen", "questionnaire_intake": "https://saferpage.de/trust/br-ticket.de/questionnaire-intake", "viewer_privacy": "https://saferpage.de/trust/br-ticket.de/viewer-datenschutz", "analytics": "https://saferpage.de/trust-analytics/br-ticket.de", "api_operations": "https://saferpage.de/trust/br-ticket.de/api", "data_room": "https://saferpage.de/datenraum/br-ticket.de" }, "disclaimer": "Trust Team Permissions ist ein Betreiber-Blueprint. Diese öffentliche Seite lädt keine echten Nutzer ein, ändert keine Rollen und veröffentlicht keine internen Mitgliederidentitäten." }