namespace ZB.MOM.WW.ScadaBridge.Security;
///
/// Single source of truth for role-name string literals used across the
/// Security module and downstream authorization checks.
///
///
/// Role names appear in three independent contexts:
/// (LDAP-group → role resolution),
/// (policy RequireClaim values + the audit role arrays), and at LDAP
/// mapping rows configured by an operator. Holding the literals here means a
/// rename either succeeds everywhere or fails to compile, eliminating the
/// "string drift" class that Security-018 documented.
///
public static class Roles
{
public const string Admin = "Admin";
public const string Design = "Design";
public const string Deployment = "Deployment";
public const string Audit = "Audit";
public const string AuditReadOnly = "AuditReadOnly";
}