MOPC-Portal/docs/round-redesign-architecture-docs/mixed-round-design-implementation-docs/shared/authz-matrix.md

# Authorization Matrix

Roles:

- `SUPER_ADMIN`
- `PROGRAM_ADMIN`
- `AWARD_MASTER`
- `JURY_MEMBER`
- `APPLICANT`
- `OBSERVER`
- `AUDIENCE` (public voting context)

| Capability | Super Admin | Program Admin | Award Master | Jury | Applicant | Observer | Audience |
|---|---|---|---|---|---|---|---|
| Create/Edit Pipeline | Yes | Yes (scoped) | No | No | No | No | No |
| Publish Pipeline | Yes | Yes (scoped) | No | No | No | No | No |
| Configure Stage Rules | Yes | Yes (scoped) | No | No | No | No | No |
| Execute Manual Transition | Yes | Yes (scoped) | Limited (award scoped) | No | No | No | No |
| Override Decision | Yes | Yes (scoped) | Limited (award scoped) | No | No | No | No |
| View Audit Timeline | Yes | Yes (scoped) | Award scoped | Own actions | No | Read-only scoped | No |
| Assign Jurors | Yes | Yes (scoped) | Award scoped | No | No | No | No |
| Submit Evaluation | No | No | Optional (if configured) | Yes (assigned only) | No | No | No |
| Upload Intake Docs | No | No | No | No | Yes | No | No |
| Control Live Cursor | Yes | Yes (scoped) | No | No | No | No | No |
| Cast Audience Vote | No | No | No | No | Optional | No | Yes |

## Policy Notes

1. Program scoping applies to all admin operations.
2. `AWARD_MASTER` permissions are explicitly award-scoped and only active when governance mode allows it.
3. Jury endpoints always enforce assignment ownership and window constraints.
4. Audience endpoints enforce cohort membership + window state + dedupe key policy.