NexobizFoundation Console

Phase 2 Foundation

Auth, RBAC, and tenant runtime control

Lock down the operating identity layer before workflows, CRM, AI agents, and business modules start moving customer data.

Runtime guarded
Guarded

Auth runtime

Deny by default

RBAC

Resolved

Tenant context

Idempotent

Installer handoff

RBAC Roles

system.owner

platform

Controls installation, licensing, and platform authority

tenant.owner

tenant

Owns tenant users, roles, branches, and subscription handoff

branch.admin

branch

Manages branch-level users and local operations

operator

branch

Executes daily work inside assigned tenant boundaries

auditor

tenant

Reads audit, security, and compliance evidence

Tenant Runtime

Verified domain
Subdomain
Tenant header
License binding
Cross-tenant access defaults to deny

Phase 2 Exit Gates

Phase 1 release gate
Phase 2 foundation validator
API route contract validator
Frontend production build
Signed release manifest
Package cleanliness
Smoke test