7 lines
509 B
Markdown
7 lines
509 B
Markdown
# Tenant scoping and approvals (NR2)
|
|
|
|
- All Notify APIs require `tenant_id` in request and ledger records.
|
|
- High-impact actions (escalations, PII-bearing templates, cross-tenant fan-out) need N-of-M approvals: default 2 of 3 approvers with `Notify.Approver` role.
|
|
- Approvals captured as DSSE-signed records (future hook) and stored alongside rule change requests.
|
|
- Rejection reasons must be logged and returned in error payloads; audit log keeps requester, approver IDs, timestamps, and rule/template IDs.
|