commit 94a4d5f9958c8787530b1be1348435fd32badd7a
parent 9c7fbe61202c40dfa532636cdc7ed41297eab648
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Thu, 11 Dec 2025 10:09:00 +0900
dd77: minor clarification
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/design-documents/077-merchant-self-provisioning.rst b/design-documents/077-merchant-self-provisioning.rst
@@ -68,12 +68,12 @@ Self provisioning:
Once a user logs in with an external (OIDC) IdP for the first time, a new user entry is created in the merchant backend which is not associated with any instance.
This user/token only has access to the self-service page of the Merchant backoffice UI.
-The user may create a new instance (and is immediately added as a user to instance as its creator).
+The user may create a new instance (and is immediately added as a user to the new instance as its creator).
We may want to require that OIDC users have an email address (either as their external ID or as a property) and
use this as our local User ID.
Alternatively (or additionally), other users may add this new user to their instances.
The authorization logic of the merchant backend must be modified such that any user that is not associated with an instance is not allowed to perform any operations on it.
-For now, all associated users have the same roles/rights and are effectively admins.
+For now, all associated users have the same roles/rights and are effectively instance admins.
Migration:
----------
