familienarchiv/.claude/projects/-home-marcel-Desktop-familienarchiv/memory/project_single_family_access.md

name, description, type

name	description	type
Single-family access model	Familienarchiv is used by one family — no multi-tenancy, no document ownership, no row-level security needed	project

The archive serves a single family. There is no multi-tenant isolation, no document ownership, and no row-level access control. Everyone with the correct role (READ_ALL / WRITE_ALL) can read and edit all documents. Do not suggest row-level security, per-user document ownership, or tenant filtering.

Why: Single-family use case — all authenticated users with the right role are trusted equally. How to apply: Skip IDOR / ownership-check recommendations. Role-based access via @RequirePermission is the correct and sufficient access control model for this app.