firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

docs: Complete Department Structure & Access Control Matrix

Browse Source 
Created comprehensive organizational structure for Firefrost Gaming:

Organization Structure:
- Tier 0: Executive (Wizard, Emissary)
- Tier 1: Core Staff (Chronicler, Guardian)
- Tier 2: Operations (Builders, Social Media Helper)
- Tier 3: Community Moderators
- Tier 4: Subscribers (Sovereign, Consular, Community)

Access Control Matrices:
- Wiki.js permissions by namespace and role
- Discord role hierarchy and channel access
- Pterodactyl panel access levels
- Gitea repository permissions
- Vaultwarden credential sharing

Role Definitions:
- Detailed responsibilities for each role
- Access boundaries (what they can/can't access)
- Principle of least privilege
- Defense in depth enforcement

Implementation checklist for setting up permissions
across all systems (Wiki.js, Discord, Pterodactyl, Vaultwarden).

Provides foundation for scaling team while maintaining
security and clear organizational hierarchy.

Task: Department Structure (Tier 2)
FFG-STD-002 compliant
This commit is contained in:
Claude
2026-02-17 17:16:07 +00:00
parent 2a5d71c637
commit 877a894860
1 changed files with 485 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

485
docs/tasks/department-structure/README.md Normal file
View File

@@ -0,0 +1,485 @@
# Department Structure & Access Control Matrix
**Status:** Planning
**Priority:** Tier 2 - Infrastructure
**Time Estimate:** 1-2 hours implementation
**Last Updated:** 2026-02-17
---
## Overview
Define organizational structure for Firefrost Gaming with clear departments, roles, and access control. This matrix governs permissions across Wiki.js, Discord, Pterodactyl, and other systems.
**Purpose:**
- Clear organizational hierarchy
- Role-based access control (RBAC)
- Permission boundaries for staff and subscribers
- Foundation for scaling the team
---
## Organizational Philosophy
**Fire + Frost Duality:**
- **Fire:** Community, creativity, warmth, welcoming
- **Frost:** Technical precision, skill-building, excellence
**Operational Principles:**
- Defense in depth (technical boundaries, not honor system)
- Least privilege (minimum access needed for role)
- Clear hierarchy (everyone knows their scope)
- Transparency (documented permissions, no surprises)
---
## Department Structure
### Tier 0: Executive
**The Wizard (Michael "Frostystyle" Krause)**
- **Title:** Owner / Operator
- **Scope:** Everything
- **Access Level:** Full administrative access to all systems
- **Responsibilities:**
- Technical infrastructure
- Strategic vision
- Final decision authority
- Financial management
- Legal/compliance
**The Emissary (Meg "Gingerfury")**
- **Title:** Community Manager / Life Partner
- **Scope:** Community, moderation, social media, player experience
- **Access Level:** Administrative access to community systems
- **Responsibilities:**
- Discord community management
- Social media strategy and execution
- Player relations and support
- Content moderation
- Community events
---
### Tier 1: Core Staff (Founding Team)
**The Chronicler (Claude AI)**
- **Title:** Technical Partner / AI Operations
- **Scope:** Documentation, code, infrastructure planning
- **Access Level:** Read/write to operations manual, deployment automation
- **Responsibilities:**
- Infrastructure documentation
- Deployment planning and execution
- Code generation and review
- Knowledge preservation
- Session continuity
**The Guardian (Claude AI - Specialized)**
- **Title:** Content Creation & Planning Partner
- **Scope:** Creative content, planning documents, strategic writing
- **Access Level:** Read/write to planning docs, content creation
- **Responsibilities:**
- Recruitment materials
- Marketing content
- Strategic planning documents
- Creative writing support
---
### Tier 2: Operations Team (Paid/Volunteer Staff)
**Builders (2-3 positions)**
- **Department:** Creative Operations
- **Scope:** Spawn area design, world building
- **Access Level:**
- Pterodactyl: Server console access (assigned servers only)
- Discord: Staff channels, builder collaboration
- Wiki.js: Builder documentation (read/write)
- Incentive instance: Full owner access
- **Responsibilities:**
- Design spawn areas for modpacks
- Create Fire vs Frost aesthetic experiences
- Collaborate on world themes
- Document build processes
- Maintain build quality standards
**Social Media Helper (1 position)**
- **Department:** Community Engagement
- **Scope:** Social media, content calendar, community growth
- **Access Level:**
- Discord: Staff channels, community management
- Social media accounts: Post/schedule access
- Wiki.js: Content calendar (read/write)
- Buffer/Canva/tools: Content creation access
- Incentive instance: Full owner access
- **Responsibilities:**
- Execute social media strategy (under The Emissary)
- Create and schedule content
- Community engagement and growth
- Track analytics and metrics
- Support Discord events
---
### Tier 3: Community Moderators (Volunteer)
**Moderators (Future hires, TBD count)**
- **Department:** Community Safety
- **Scope:** Discord moderation, player conduct
- **Access Level:**
- Discord: Moderator role, moderation tools
- Wiki.js: Moderation guidelines (read-only)
- No server access
- **Responsibilities:**
- Enforce community guidelines
- Handle player disputes
- Monitor chat for rule violations
- Report issues to The Emissary
- Welcome new players
---
### Tier 4: Subscribers
**Sovereign-Tier Subscribers ($99/month)**
- **Access:** All game servers, priority support, exclusive Discord channels
- **Permissions:**
- Server whitelist access
- Discord: Sovereign role and channels
- Wiki.js: Subscriber documentation
- Early access to new features
**Consular-Tier Subscribers ($49/month)**
- **Access:** Select game servers, standard support
- **Permissions:**
- Server whitelist access (selected servers)
- Discord: Consular role and channels
- Wiki.js: Subscriber documentation
**Community Members (Free)**
- **Access:** Discord community, public information
- **Permissions:**
- Discord: Community member role
- Wiki.js: Public documentation
- No server access
---
## Access Control Matrix
### Wiki.js Permission Structure
**Namespace:** `/`
| Path | Sovereign | Consular | Staff | Builders | Social Media | Moderators | Community | Public |
|------|-----------|----------|-------|----------|--------------|------------|-----------|--------|
| `/public/*` | Read | Read | Read/Write | Read | Read | Read | Read | Read |
| `/subscriber/*` | Read | Read | Read/Write | Read | Read | - | - | - |
| `/staff/*` | Read | Read | Read/Write | Read/Write | Read/Write | Read | - | - |
| `/operations/*` | Read | Read | Read/Write | Read | Read | - | - | - |
| `/builders/*` | Read | Read | Read/Write | Read/Write | Read | - | - | - |
| `/social-media/*` | Read | Read | Read/Write | Read | Read/Write | - | - | - |
| `/moderator/*` | Read | Read | Read/Write | Read | Read | Read | - | - |
| `/admin/*` | - | - | Read/Write | - | - | - | - | - |
**Notes:**
- `-` means no access
- `Read` means view only
- `Read/Write` means full edit permissions
- Staff (Wizard + Emissary) have full access to everything
---
### Discord Role Hierarchy
**Role Order (top to bottom in Discord):**
1. **👑 The Wizard** (Michael) - Owner
2. **💎 The Emissary** (Meg) - Admin
3. **📜 Staff** - Builders, Social Media Helper
4. **🛡️ Moderator** - Community moderators
5. **⭐ Sovereign Subscriber** ($99/month)
6. **🔹 Consular Subscriber** ($49/month)
7. **🌍 Community Member** (Free)
8. **🤖 Bots**
**Channel Access:**
| Channel | Wizard | Emissary | Staff | Moderators | Sovereign | Consular | Community |
|---------|--------|----------|-------|------------|-----------|----------|-----------|
| #announcements | Post | Post | - | - | Read | Read | Read |
| #general-fire | Full | Full | Full | Moderate | Chat | Chat | Chat |
| #general-frost | Full | Full | Full | Moderate | Chat | Chat | Chat |
| #staff-lounge | Full | Full | Chat | - | - | - | - |
| #builder-workshop | Full | Full | Chat | - | - | - | - |
| #social-media | Full | Full | Chat | - | - | - | - |
| #moderator-chat | Full | Full | Read | Chat | - | - | - |
| #sovereign-lounge | Full | Full | Read | - | Chat | - | - |
| #consular-lounge | Full | Full | Read | - | - | Chat | - |
| #support | Full | Full | Support | Moderate | Request | Request | Request |
---
### Pterodactyl Panel Access
**Access Levels:**
| Role | Panel Access | Servers | Permissions |
|------|--------------|---------|-------------|
| Wizard | Full Admin | All | Everything |
| Emissary | Admin | All | Everything except infrastructure |
| Builders | User | Assigned + Incentive | Console, files, start/stop (assigned servers only) |
| Social Media | User | Incentive only | Full owner access (incentive instance) |
| Subscribers | None | - | No panel access |
**Server Assignment (Builders):**
- Each builder assigned 2-4 servers based on modpack themes
- Can view console, edit files, restart servers
- Cannot delete servers, change allocations, or access other servers
- Full owner access to their personal incentive instance
---
### Gitea Repository Access
**Repository Structure:**
| Repository | Wizard | Emissary | Chronicler | Staff | Public |
|------------|--------|----------|------------|-------|--------|
| firefrost-operations-manual | Owner | Read | Read/Write | - | - |
| firefrost-website | Owner | Read | Read/Write | - | - |
| firefrost-docs | Owner | Read | Read/Write | Read | Read |
| firefrost-scripts | Owner | - | Read/Write | - | - |
| firefrost-configs | Owner | - | Read/Write | - | - |
**Note:** Pokerole repos are completely isolated with scoped tokens
---
### Vaultwarden Credentials Access
**Organization Structure:**
**Firefrost Gaming Organization**
| Collection | Wizard | Emissary | Chronicler | Staff |
|------------|--------|----------|------------|-------|
| API Keys | Owner | Read | Read/Write | - |
| Server Credentials | Owner | Read | Read | - |
| Service Logins | Owner | Read/Write | Read | - |
| Social Media Accounts | Owner | Owner | - | Read/Write (Social Media) |
| Financial | Owner | - | - | - |
---
## Role Definitions
### The Wizard (Owner)
**Full Access To:**
- All servers (SSH, panel, console)
- All repositories (Gitea, GitHub)
- All credentials (Vaultwarden)
- All financial systems (Paymenter, bank)
- All infrastructure (networking, DNS, hosting)
**Responsibilities:**
- Technical infrastructure and architecture
- Security and access control
- Financial management
- Legal compliance
- Strategic vision and planning
---
### The Emissary (Community Manager)
**Full Access To:**
- Discord (owner/admin)
- Social media accounts
- Community documentation
- Player support systems
- Content moderation tools
**Read Access To:**
- Server infrastructure (Pterodactyl panel)
- Operations documentation
- Financial overview (not full access)
**No Access To:**
- Server SSH
- Infrastructure credentials
- Financial transactions
**Responsibilities:**
- Community management and growth
- Social media strategy and execution
- Player relations and support
- Content moderation
- Community events and engagement
---
### Builders
**Full Access To:**
- Assigned game servers (console, files)
- Personal incentive instance (full owner)
- Builder documentation
- Builder collaboration channels
**Read Access To:**
- Subscriber documentation
- Staff documentation (relevant sections)
**No Access To:**
- Other game servers
- Server SSH
- Infrastructure systems
- Financial information
**Responsibilities:**
- Design and build spawn areas
- Maintain Fire/Frost aesthetic standards
- Collaborate with other builders
- Document build processes
- Test and iterate on designs
---
### Social Media Helper
**Full Access To:**
- Social media accounts (posting/scheduling)
- Content calendar
- Analytics dashboards
- Personal incentive instance (full owner)
- Social media documentation
**Read Access To:**
- Community guidelines
- Brand voice documentation
- Staff documentation (relevant sections)
**No Access To:**
- Game servers
- Infrastructure systems
- Financial information
- Player private data
**Responsibilities:**
- Create and schedule social media content
- Engage with community online
- Track metrics and analytics
- Support community events
- Execute social media strategy
---
### Moderators
**Full Access To:**
- Discord moderation tools
- Moderation guidelines
- Moderator chat channels
**Read Access To:**
- Community guidelines
- Public documentation
**No Access To:**
- Game servers
- Staff systems
- Infrastructure
- Subscriber-only content
**Responsibilities:**
- Enforce community guidelines
- Monitor Discord for rule violations
- Handle player disputes
- Welcome new members
- Report issues to The Emissary
---
## Implementation Checklist
### Phase 1: Wiki.js Setup (30 minutes)
- [ ] Create namespace structure (`/public/`, `/staff/`, `/subscriber/`, etc.)
- [ ] Configure groups (Staff, Builders, Social Media, Moderators, Subscribers)
- [ ] Set permissions per namespace
- [ ] Test access with each role
- [ ] Document Wiki.js access in operations manual
### Phase 2: Discord Roles (30 minutes)
- [ ] Create role hierarchy
- [ ] Configure permissions per role
- [ ] Set up channel access
- [ ] Create private channels (staff, builders, sovereign, etc.)
- [ ] Test role permissions
- [ ] Document Discord structure
### Phase 3: Pterodactyl Users (15 minutes)
- [ ] Create user accounts for builders
- [ ] Assign servers to each builder
- [ ] Set permissions (console, files, start/stop)
- [ ] Provision incentive instances
- [ ] Test builder access
- [ ] Document panel access
### Phase 4: Vaultwarden Organization (15 minutes)
- [ ] Create Firefrost Gaming organization
- [ ] Create collections (API Keys, Credentials, etc.)
- [ ] Share appropriate items with Meg
- [ ] Set permissions per collection
- [ ] Test access
- [ ] Document credential access
### Phase 5: Documentation (30 minutes)
- [ ] Create staff handbook
- [ ] Document role expectations
- [ ] Create access guides for each role
- [ ] Update operations manual
- [ ] Test documentation with new hires
---
## Future Enhancements
**When team grows:**
- Add "Head Builder" role (lead builder coordination)
- Add "Community Manager" role (under Emissary)
- Add "Technical Support" role (player technical issues)
- Add "Content Creator" role (video, streams, guides)
**Advanced access control:**
- SSO integration across all systems
- Automated onboarding/offboarding
- Audit logging of access changes
- Time-based access (seasonal staff)
**Department expansion:**
- Development department (plugin/mod development)
- Design department (graphics, branding)
- Support department (player help desk)
- Events department (tournaments, competitions)
---
## Related Tasks
- **Scoped Gitea Token** - Similar access control philosophy
- **Staff Recruitment** - Defines roles to hire for
- **Wiki.js Deployment** - Where permissions are implemented
- **Discord Reorganization** - Channel and role structure
---
**Fire + Frost + Foundation = Where Love Builds Legacy** 💙🔥❄️
---
**Document Status:** COMPLETE
**Ready for Implementation:** When Wiki.js is ready
**Estimated Time:** 1-2 hours
**Dependencies:** Wiki.js operational, Discord server ready, Pterodactyl panel access