---
name: Single-family access model
description: Familienarchiv is used by one family — no multi-tenancy, no document ownership, no row-level security needed
type: project
---

The archive serves a single family. There is no multi-tenant isolation, no document ownership, and no row-level access control. Everyone with the correct role (READ_ALL / WRITE_ALL) can read and edit all documents. Do not suggest row-level security, per-user document ownership, or tenant filtering.

**Why:** Single-family use case — all authenticated users with the right role are trusted equally.
**How to apply:** Skip IDOR / ownership-check recommendations. Role-based access via `@RequirePermission` is the correct and sufficient access control model for this app.