Verified Multi-Tenant Role Matrix
Use this page when you want proof that tenant-scoped RBAC rules are enforced exactly as documented.
What this path proves
- The same RBAC policy behaves correctly for five seeded roles across two tenants.
- Cross-tenant spoofing attempts are denied.
- The sample uses current workspace packages through an isolated local package cache.
- The flow has both focused test coverage and live HTTP replay coverage.
Current validation evidence
dotnet test sdk/dotnet/tests/PrimusSaaS.Rbac.Tests/PrimusSaaS.Rbac.Tests.csproj --framework net9.0 --filter FullyQualifiedName~BlindUserRbacDocsValidationTests /p:CollectCoverage=false --nologoCurrent run:31/31passed.examples/RbacDocsBlindValidation/verify-live.shThe verifier defines50live HTTP cases across the full role matrix and spoofed cross-tenant attempts.- CI workflow:
rbac-docs-blind-validation.yml
Validation host
The reference host is examples/RbacDocsBlindValidation.
It seeds:
- Application:
rbac-docs-blind-validation - Tenants:
tenant-primary,tenant-secondary - Roles:
Super Admin,Primary Tenant Admin,Secondary Tenant Admin,Participant Primary,Participant Secondary
Protected endpoints:
GET /api/platform/super-adminGET /api/tenant/admin/primaryGET /api/tenant/admin/secondaryPOST /api/tenant/participant/primary/requestGET /api/tenant/participant/secondary/profile
Run the verified flow locally
bash examples/RbacDocsBlindValidation/run-development.sh
This flow restores into an isolated local package cache so the host consumes packages built from the current workspace instead of a stale global NuGet cache.
Run the full verifier
bash examples/RbacDocsBlindValidation/verify-all.sh
That command runs:
- the focused xUnit slice in
BlindUserRbacDocsValidationTests.cs - the live HTTP matrix verifier
What this path does not prove
- Real JWT authentication
- Membership-validated tenant selection
- Tenant-scoped RBAC administration APIs
Use Verified Production-Style Role Matrix for that path.