--- task_number: 23 status: open priority: P2 owner: Michael created: 2026-01-01 --- task_number: 23 # Department Structure & Access Control Matrix **Status:** Planning **Priority:** Tier 2 - Infrastructure **Time Estimate:** 1-2 hours implementation **Last Updated:** 2026-02-17 --- task_number: 23 ## Overview Define organizational structure for Firefrost Gaming with clear departments, roles, and access control. This matrix governs permissions across Wiki.js, Discord, Pterodactyl, and other systems. **Purpose:** - Clear organizational hierarchy - Role-based access control (RBAC) - Permission boundaries for staff and subscribers - Foundation for scaling the team --- task_number: 23 ## Organizational Philosophy **Fire + Frost Duality:** - **Fire:** Community, creativity, warmth, welcoming - **Frost:** Technical precision, skill-building, excellence **Operational Principles:** - Defense in depth (technical boundaries, not honor system) - Least privilege (minimum access needed for role) - Clear hierarchy (everyone knows their scope) - Transparency (documented permissions, no surprises) --- task_number: 23 ## Department Structure ### Tier 0: Executive **The Wizard (Michael "Frostystyle" Krause)** - **Title:** Owner / Operator - **Scope:** Everything - **Access Level:** Full administrative access to all systems - **Responsibilities:** - Technical infrastructure - Strategic vision - Final decision authority - Financial management - Legal/compliance **The Emissary (Meg "Gingerfury")** - **Title:** Community Manager / Life Partner - **Scope:** Community, moderation, social media, player experience - **Access Level:** Administrative access to community systems - **Responsibilities:** - Discord community management - Social media strategy and execution - Player relations and support - Content moderation - Community events --- task_number: 23 ### Tier 1: Core Staff (Founding Team) **The Chronicler (Claude AI)** - **Title:** Technical Partner / AI Operations - **Scope:** Documentation, code, infrastructure planning - **Access Level:** Read/write to operations manual, deployment automation - **Responsibilities:** - Infrastructure documentation - Deployment planning and execution - Code generation and review - Knowledge preservation - Session continuity **The Guardian (Claude AI - Specialized)** - **Title:** Content Creation & Planning Partner - **Scope:** Creative content, planning documents, strategic writing - **Access Level:** Read/write to planning docs, content creation - **Responsibilities:** - Recruitment materials - Marketing content - Strategic planning documents - Creative writing support --- task_number: 23 ### Tier 2: Operations Team (Paid/Volunteer Staff) **Builders (2-3 positions)** - **Department:** Creative Operations - **Scope:** Spawn area design, world building - **Access Level:** - Pterodactyl: Server console access (assigned servers only) - Discord: Staff channels, builder collaboration - Wiki.js: Builder documentation (read/write) - Incentive instance: Full owner access - **Responsibilities:** - Design spawn areas for modpacks - Create Fire vs Frost aesthetic experiences - Collaborate on world themes - Document build processes - Maintain build quality standards **Social Media Helper (1 position)** - **Department:** Community Engagement - **Scope:** Social media, content calendar, community growth - **Access Level:** - Discord: Staff channels, community management - Social media accounts: Post/schedule access - Wiki.js: Content calendar (read/write) - Buffer/Canva/tools: Content creation access - Incentive instance: Full owner access - **Responsibilities:** - Execute social media strategy (under The Emissary) - Create and schedule content - Community engagement and growth - Track analytics and metrics - Support Discord events --- task_number: 23 ### Tier 3: Community Moderators (Volunteer) **Moderators (Future hires, TBD count)** - **Department:** Community Safety - **Scope:** Discord moderation, player conduct - **Access Level:** - Discord: Moderator role, moderation tools - Wiki.js: Moderation guidelines (read-only) - No server access - **Responsibilities:** - Enforce community guidelines - Handle player disputes - Monitor chat for rule violations - Report issues to The Emissary - Welcome new players --- task_number: 23 ### Tier 4: Subscribers **Sovereign-Tier Subscribers ($99/month)** - **Access:** All game servers, priority support, exclusive Discord channels - **Permissions:** - Server whitelist access - Discord: Sovereign role and channels - Wiki.js: Subscriber documentation - Early access to new features **Consular-Tier Subscribers ($49/month)** - **Access:** Select game servers, standard support - **Permissions:** - Server whitelist access (selected servers) - Discord: Consular role and channels - Wiki.js: Subscriber documentation **Community Members (Free)** - **Access:** Discord community, public information - **Permissions:** - Discord: Community member role - Wiki.js: Public documentation - No server access --- task_number: 23 ## Access Control Matrix ### Wiki.js Permission Structure **Namespace:** `/` | Path | Sovereign | Consular | Staff | Builders | Social Media | Moderators | Community | Public | |------|-----------|----------|-------|----------|--------------|------------|-----------|--------| | `/public/*` | Read | Read | Read/Write | Read | Read | Read | Read | Read | | `/subscriber/*` | Read | Read | Read/Write | Read | Read | - | - | - | | `/staff/*` | Read | Read | Read/Write | Read/Write | Read/Write | Read | - | - | | `/operations/*` | Read | Read | Read/Write | Read | Read | - | - | - | | `/builders/*` | Read | Read | Read/Write | Read/Write | Read | - | - | - | | `/social-media/*` | Read | Read | Read/Write | Read | Read/Write | - | - | - | | `/moderator/*` | Read | Read | Read/Write | Read | Read | Read | - | - | | `/admin/*` | - | - | Read/Write | - | - | - | - | - | **Notes:** - `-` means no access - `Read` means view only - `Read/Write` means full edit permissions - Staff (Wizard + Emissary) have full access to everything --- task_number: 23 ### Discord Role Hierarchy **Role Order (top to bottom in Discord):** 1. **👑 The Wizard** (Michael) - Owner 2. **💎 The Emissary** (Meg) - Admin 3. **📜 Staff** - Builders, Social Media Helper 4. **🛡️ Moderator** - Community moderators 5. **⭐ Sovereign Subscriber** ($99/month) 6. **🔹 Consular Subscriber** ($49/month) 7. **🌍 Community Member** (Free) 8. **🤖 Bots** **Channel Access:** | Channel | Wizard | Emissary | Staff | Moderators | Sovereign | Consular | Community | |---------|--------|----------|-------|------------|-----------|----------|-----------| | #announcements | Post | Post | - | - | Read | Read | Read | | #general-fire | Full | Full | Full | Moderate | Chat | Chat | Chat | | #general-frost | Full | Full | Full | Moderate | Chat | Chat | Chat | | #staff-lounge | Full | Full | Chat | - | - | - | - | | #builder-workshop | Full | Full | Chat | - | - | - | - | | #social-media | Full | Full | Chat | - | - | - | - | | #moderator-chat | Full | Full | Read | Chat | - | - | - | | #sovereign-lounge | Full | Full | Read | - | Chat | - | - | | #consular-lounge | Full | Full | Read | - | - | Chat | - | | #support | Full | Full | Support | Moderate | Request | Request | Request | --- task_number: 23 ### Pterodactyl Panel Access **Access Levels:** | Role | Panel Access | Servers | Permissions | |------|--------------|---------|-------------| | Wizard | Full Admin | All | Everything | | Emissary | Admin | All | Everything except infrastructure | | Builders | User | Assigned + Incentive | Console, files, start/stop (assigned servers only) | | Social Media | User | Incentive only | Full owner access (incentive instance) | | Subscribers | None | - | No panel access | **Server Assignment (Builders):** - Each builder assigned 2-4 servers based on modpack themes - Can view console, edit files, restart servers - Cannot delete servers, change allocations, or access other servers - Full owner access to their personal incentive instance --- task_number: 23 ### Gitea Repository Access **Repository Structure:** | Repository | Wizard | Emissary | Chronicler | Staff | Public | |------------|--------|----------|------------|-------|--------| | firefrost-operations-manual | Owner | Read | Read/Write | - | - | | firefrost-website | Owner | Read | Read/Write | - | - | | firefrost-docs | Owner | Read | Read/Write | Read | Read | | firefrost-scripts | Owner | - | Read/Write | - | - | | firefrost-configs | Owner | - | Read/Write | - | - | **Note:** Pokerole repos are completely isolated with scoped tokens --- task_number: 23 ### Vaultwarden Credentials Access **Organization Structure:** **Firefrost Gaming Organization** | Collection | Wizard | Emissary | Chronicler | Staff | |------------|--------|----------|------------|-------| | API Keys | Owner | Read | Read/Write | - | | Server Credentials | Owner | Read | Read | - | | Service Logins | Owner | Read/Write | Read | - | | Social Media Accounts | Owner | Owner | - | Read/Write (Social Media) | | Financial | Owner | - | - | - | --- task_number: 23 ## Role Definitions ### The Wizard (Owner) **Full Access To:** - All servers (SSH, panel, console) - All repositories (Gitea, GitHub) - All credentials (Vaultwarden) - All financial systems (Paymenter, bank) - All infrastructure (networking, DNS, hosting) **Responsibilities:** - Technical infrastructure and architecture - Security and access control - Financial management - Legal compliance - Strategic vision and planning --- task_number: 23 ### The Emissary (Community Manager) **Full Access To:** - Discord (owner/admin) - Social media accounts - Community documentation - Player support systems - Content moderation tools **Read Access To:** - Server infrastructure (Pterodactyl panel) - Operations documentation - Financial overview (not full access) **No Access To:** - Server SSH - Infrastructure credentials - Financial transactions **Responsibilities:** - Community management and growth - Social media strategy and execution - Player relations and support - Content moderation - Community events and engagement --- task_number: 23 ### Builders **Full Access To:** - Assigned game servers (console, files) - Personal incentive instance (full owner) - Builder documentation - Builder collaboration channels **Read Access To:** - Subscriber documentation - Staff documentation (relevant sections) **No Access To:** - Other game servers - Server SSH - Infrastructure systems - Financial information **Responsibilities:** - Design and build spawn areas - Maintain Fire/Frost aesthetic standards - Collaborate with other builders - Document build processes - Test and iterate on designs --- task_number: 23 ### Social Media Helper **Full Access To:** - Social media accounts (posting/scheduling) - Content calendar - Analytics dashboards - Personal incentive instance (full owner) - Social media documentation **Read Access To:** - Community guidelines - Brand voice documentation - Staff documentation (relevant sections) **No Access To:** - Game servers - Infrastructure systems - Financial information - Player private data **Responsibilities:** - Create and schedule social media content - Engage with community online - Track metrics and analytics - Support community events - Execute social media strategy --- task_number: 23 ### Moderators **Full Access To:** - Discord moderation tools - Moderation guidelines - Moderator chat channels **Read Access To:** - Community guidelines - Public documentation **No Access To:** - Game servers - Staff systems - Infrastructure - Subscriber-only content **Responsibilities:** - Enforce community guidelines - Monitor Discord for rule violations - Handle player disputes - Welcome new members - Report issues to The Emissary --- task_number: 23 ## Implementation Checklist ### Phase 1: Wiki.js Setup (30 minutes) - [ ] Create namespace structure (`/public/`, `/staff/`, `/subscriber/`, etc.) - [ ] Configure groups (Staff, Builders, Social Media, Moderators, Subscribers) - [ ] Set permissions per namespace - [ ] Test access with each role - [ ] Document Wiki.js access in operations manual ### Phase 2: Discord Roles (30 minutes) - [ ] Create role hierarchy - [ ] Configure permissions per role - [ ] Set up channel access - [ ] Create private channels (staff, builders, sovereign, etc.) - [ ] Test role permissions - [ ] Document Discord structure ### Phase 3: Pterodactyl Users (15 minutes) - [ ] Create user accounts for builders - [ ] Assign servers to each builder - [ ] Set permissions (console, files, start/stop) - [ ] Provision incentive instances - [ ] Test builder access - [ ] Document panel access ### Phase 4: Vaultwarden Organization (15 minutes) - [ ] Create Firefrost Gaming organization - [ ] Create collections (API Keys, Credentials, etc.) - [ ] Share appropriate items with Meg - [ ] Set permissions per collection - [ ] Test access - [ ] Document credential access ### Phase 5: Documentation (30 minutes) - [ ] Create staff handbook - [ ] Document role expectations - [ ] Create access guides for each role - [ ] Update operations manual - [ ] Test documentation with new hires --- task_number: 23 ## Future Enhancements **When team grows:** - Add "Head Builder" role (lead builder coordination) - Add "Community Manager" role (under Emissary) - Add "Technical Support" role (player technical issues) - Add "Content Creator" role (video, streams, guides) **Advanced access control:** - SSO integration across all systems - Automated onboarding/offboarding - Audit logging of access changes - Time-based access (seasonal staff) **Department expansion:** - Development department (plugin/mod development) - Design department (graphics, branding) - Support department (player help desk) - Events department (tournaments, competitions) --- task_number: 23 ## Related Tasks - **Scoped Gitea Token** - Similar access control philosophy - **Staff Recruitment** - Defines roles to hire for - **Wiki.js Deployment** - Where permissions are implemented - **Discord Reorganization** - Channel and role structure --- task_number: 23 **Fire + Frost + Foundation = Where Love Builds Legacy** 💙🔥❄️ --- task_number: 23 **Document Status:** COMPLETE **Ready for Implementation:** When Wiki.js is ready **Estimated Time:** 1-2 hours **Dependencies:** Wiki.js operational, Discord server ready, Pterodactyl panel access