Roles a caller is allowed to assign to another org member.
Source of truth for privilege-escalation checks in both backend
mutations and frontend UI gating.
Gated at the mutation/procedure layer to admin+; these sets encode
who can assign what among those with access.
Roles a caller is allowed to assign to another org member. Source of truth for privilege-escalation checks in both backend mutations and frontend UI gating.
Gated at the mutation/procedure layer to admin+; these sets encode who can assign what among those with access.