flowchart TD subgraph Users["User Layer"] direction LR Alice["Alice
Sales Manager"]:::userNode Bob["Bob
Sales Rep"]:::userNode Carol["Carol
HR Specialist"]:::userNode DanU["Dan
Finance Analyst"]:::userNode end subgraph Roles["Role Layer"] direction LR SalesMgr["Sales Manager"]:::roleNode SalesRep["Sales Rep"]:::roleNode HRSpec["HR Specialist"]:::roleNode Finance["Finance"]:::roleNode Employee["Employee
base role"]:::roleNode Admin["Admin
all permissions"]:::roleNode end subgraph Perms["Permission Layer"] direction LR PFaq["read_public_faq"]:::permNode PSales["read_sales"]:::permNode PTeam["read_team_sales"]:::permNode PHr["read_hr_data"]:::permNode PPii["read_pii"]:::permNode PFin["read_financial"]:::permNode PNotes["write_sales_notes"]:::permNode PDisc["approve_discounts"]:::permNode PStar["* wildcard"]:::permNode end %% User -> Role assignments (solid) Alice ==>|"assigned"| SalesMgr Bob ==>|"assigned"| SalesRep Carol ==>|"assigned"| HRSpec DanU ==>|"assigned"| Finance %% Role -> Role inheritance (dotted) SalesMgr -.->|"inherits"| SalesRep SalesRep -.->|"inherits"| Employee HRSpec -.->|"inherits"| Employee Finance -.->|"inherits"| Employee %% Role -> Permission grants (solid) Employee --> PFaq SalesRep --> PSales SalesRep --> PNotes SalesMgr --> PTeam SalesMgr --> PDisc HRSpec --> PHr HRSpec --> PPii Finance --> PFin Admin --> PStar classDef userNode fill:#1976d2,stroke:#0d47a1,stroke-width:2px,color:#fff,font-size:14px classDef roleNode fill:#2e7d32,stroke:#1b5e20,stroke-width:2px,color:#fff,font-size:14px classDef permNode fill:#ef6c00,stroke:#e65100,stroke-width:2px,color:#fff,font-size:13px linkStyle default stroke:#888,stroke-width:1.5px,font-size:12px