{
  "schema": "symbelion.access_control_policy.v2",
  "version": "v9.5.0-dimensioning-readiness-activation-campaign",
  "release": "v9.5.0",
  "status": "ACTIVE_ACCESS_CONTROL_POLICY",
  "generated_utc": "2026-05-07T04:12:20Z",
  "public_domain": "pub.symbelion.eternite.com",
  "technical_domain": "debian.symbelion.eternite.com",
  "non_destructive_default": true,
  "source_deletion": false,
  "destructive_actions_enabled": false,
  "explicit_apply_required": true,
  "initial_admin": {
    "name": "Cédric Mannu",
    "email": "cedric.mannu@gmail.com",
    "roles": [
      "admin",
      "operator",
      "validator"
    ]
  },
  "role_model": [
    "admin",
    "operator",
    "declared_user",
    "viewer",
    "service_agent"
  ],
  "domain_policy": {
    "pub.symbelion.eternite.com": {
      "admin_mode": "admin surfaces restricted by declared policy",
      "user_mode": "declared users only for user resources"
    },
    "debian.symbelion.eternite.com": {
      "admin_mode": "technical/admin only",
      "user_mode": "no broad user exposure by default"
    }
  },
  "open_source_access_path": [
    "static policy foundation",
    "reverse-proxy auth option",
    "local users/groups",
    "Samba/SMB workgroups when needed",
    "OIDC/Authelia/Keycloak-compatible future hardening"
  ],
  "windows_workgroup_compatible": true,
  "active_directory_required": false
}