azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session log: GuruRMM Client Portal and three-level identity hierarchy

Browse Source 
Documented completion of Client Portal feature work for GuruRMM. Extended
multi-tenancy architecture from two levels (Dev → Partner) to three levels
(Dev → Partner → Client).

Session work included:
- Added comprehensive Client Portal section to GuruRMM roadmap (~200 lines)
- Updated Multi-Tenancy section for three-level hierarchy
- Integrated Client Portal with PSA/CRM module
- Removed "customer portal" from PSA out-of-scope list
- Documented database schema (clients table, client_users table, client_id columns)
- Defined authentication/authorization for client users
- Specified UI/dashboard requirements for client portal
- Documented impersonation chain: Dev → Partner → Client

Commits referenced:
- guru-rmm be7b2ce: Client Portal feature
- ClaudeTools 201dfb1: Submodule update

This session was a continuation of earlier roadmap work that included PSA/CRM
module, standalone PSA capability, multi-tenancy identity model (ADR-001),
MSPBackups integration, and Integration Catalog.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-18 20:01:40 -07:00
parent 201dfb1ed1
commit ed409b7f1d
1 changed files with 175 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
session-logs/2026-05-18-session.md
View File

@@ -358,3 +358,178 @@ tail -20 /data/unifi-core/logs/cloud.log # (inside container)
- Jupiter /boot/config/go: persistent startup script for custom iptables rules - Jupiter /boot/config/go: persistent startup script for custom iptables rules
- Jupiter /boot/config/docker.cfg: Docker image path and size config - Jupiter /boot/config/docker.cfg: Docker image path and size config
- Jupiter /boot/config/ident.cfg: `USE_SSL="no"` — Unraid web UI is HTTP-only on port 80 - Jupiter /boot/config/ident.cfg: `USE_SSL="no"` — Unraid web UI is HTTP-only on port 80
---
## Update: 20:00 MST — GuruRMM Client Portal & Three-Level Identity Hierarchy
## User
- **User:** Mike Swanson (mike)
- **Machine:** Mikes-MacBook-Air
- **Role:** admin
- **Session span:** ~19:3020:00 MST
## Session Summary
This session completed the Client Portal feature work for GuruRMM, extending the multi-tenancy architecture from two levels (Dev → Partner) to three levels (Dev → Partner → Client). The work was a continuation from a previous conversation that was summarized due to context limits.
### Key Accomplishments
1. **Added comprehensive Client Portal section to GuruRMM roadmap**
- Documented three-level identity hierarchy: Dev/Admin (Level 1) → Partners/MSPs (Level 2) → Clients/End Customers (Level 3)
- Defined impersonation chain: Dev can impersonate Partners; Partners can impersonate Clients
- Specified client portal features: dashboard, asset list, active alerts, ticketing integration, documentation library
- Documented access patterns for dev support and partner support workflows
- Defined partner features for client management: client creation, access provisioning, impersonation controls
2. **Updated Multi-Tenancy & Partner Management section**
- Extended from two-level to three-level architecture
- Added Level 3 documentation (Clients/End Customers)
- Updated data isolation section to include `client_id` column filtering
- Cross-referenced Client Portal section
- Documented query layer enforcement for both `partner_id` and `client_id`
3. **Integrated Client Portal with PSA/CRM Module**
- Added Client Portal integration to built-in PSA features list
- Updated PSA dependencies to reference Client Portal (three-level identity hierarchy requirement)
- Removed "Customer portal" from PSA "Out of scope (v1)" list (now in scope)
- Cross-referenced Client Portal for PSA ticketing and documentation integration
4. **Database Schema Documentation**
- Added `clients` table specification: `client_id`, `partner_id`, `name`, `domain`, `logo_url`, `branding_config`
- Added `client_users` table specification: `client_user_id`, `client_id`, `email`, `password_hash`, `role` (view_only, admin)
- Specified `client_id` column requirements for existing tables: `sites`, `agents`, `alerts`, `tickets`, `documentation`
- Defined index requirements: `(partner_id, client_id)` for query performance
5. **Authentication & Authorization Design**
- Documented client user authentication flow (separate from partner auth)
- Specified client-scoped JWT tokens with `client_id` claim
- Defined permission model: clients have read-only access by default, can create tickets
- Documented impersonation controls: Dev → Partner → Client chain with audit logging
6. **UI/Dashboard Requirements**
- Specified client portal landing page: client-branded with logo and colors
- Defined client dashboard widgets: agent status summary, active alerts, recent tickets, documentation links
- Documented partner client management UI: client list, create client, configure access, impersonate client
- Specified impersonation banner: "Viewing as [Client Name] [Exit Impersonation]"
### Key Decisions
- **Three-level hierarchy confirmed**: Dev → Partner → Client is the canonical identity model for GuruRMM
- **Client Portal is in scope for v1**: Removed from PSA "out of scope" list, integrated with PSA ticketing and documentation
- **Data isolation at all three levels**: `partner_id` and `client_id` columns enforce logical isolation
- **Client users have limited permissions**: View-only by default, can create tickets, cannot modify config
- **Impersonation chain**: Dev can impersonate any Partner and any Client (through Partner context); Partners can impersonate their own Clients only
### Configuration Changes
**Files modified:**
- `projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md` (261 insertions, 10 deletions)
- Added Client Portal section (~200 lines)
- Updated Multi-Tenancy section for three-level hierarchy
- Updated PSA module built-in features and dependencies
- Removed "Customer portal" from PSA out-of-scope list
**Commits:**
- guru-rmm submodule: `be7b2ce` — "feat: add Client Portal feature with three-level identity hierarchy"
- ClaudeTools: `201dfb1` — "chore: update guru-rmm submodule for Client Portal feature"
### Commands & Outputs
```bash
# Updated FEATURE_ROADMAP.md with Client Portal integration
cd projects/msp-tools/guru-rmm
git status # Modified: docs/FEATURE_ROADMAP.md
# Committed changes to guru-rmm submodule
git add docs/FEATURE_ROADMAP.md
git commit -m "feat: add Client Portal feature with three-level identity hierarchy"
# [main be7b2ce] feat: add Client Portal feature with three-level identity hierarchy
# 1 file changed, 261 insertions(+), 10 deletions(-)
# Pushed to Gitea
git push origin main
# remote: Processed 1 references in total
# To http://172.16.3.20:3000/azcomputerguru/gururmm.git
# cc7dce0..be7b2ce main -> main
# Updated submodule reference in ClaudeTools
cd /Users/azcomputerguru/ClaudeTools
git add projects/msp-tools/guru-rmm
git commit -m "chore: update guru-rmm submodule for Client Portal feature"
# [main 201dfb1] chore: update guru-rmm submodule for Client Portal feature
# 1 file changed, 1 insertion(+), 1 deletion(-)
# Pushed to Gitea
git push origin main
# remote: Processed 1 references in total
# To http://172.16.3.20:3000/azcomputerguru/claudetools.git
# 095ee95..201dfb1 main -> main
```
## Credentials & Secrets
No new credentials or secrets were used or created in this session. All work was documentation and roadmap updates.
## Infrastructure & Servers
No infrastructure changes. All work was documentation in the GuruRMM roadmap.
## Pending / Incomplete Tasks
None — all Client Portal documentation completed:
- [x] Add Client Portal feature to roadmap
- [x] Update multi-tenancy architecture for three-level hierarchy
- [x] Link client portals to PSA module
- [x] Commit and push client portal documentation
## Reference Information
### GuruRMM Roadmap Sections Updated
1. **Multi-Tenancy & Partner Management** (lines ~752890)
- Now documents three-level hierarchy (Dev → Partner → Client)
- Cross-references Client Portal section
- Documents `client_id` column requirements
2. **Client Portal** (lines ~8921133, new section)
- Full feature specification for client portals
- Identity hierarchy and access patterns
- Database schema requirements
- Authentication/authorization design
- UI/dashboard requirements
- Partner client management features
3. **PSA/CRM Module & Plugin Architecture** (lines ~14091496)
- Updated built-in PSA features to include Client Portal integration
- Updated dependencies to reference Client Portal
- Removed "Customer portal" from out-of-scope list
### Cross-References
- ARCHITECTURE_DECISIONS.md ADR-001 — Multi-tenancy identity model (dev team with partner impersonation)
- FEATURE_ROADMAP.md Multi-Tenancy section — Two-level extended to three-level
- FEATURE_ROADMAP.md PSA module — Client Portal integration for ticketing and documentation
### Git References
- GuruRMM commit: `be7b2ce` — Client Portal feature
- ClaudeTools commit: `201dfb1` — Submodule update
- Previous commits in this roadmap work:
- `687753d` — PSA/CRM Module initial entry
- `49260e6` — Standalone deployment capability for PSA
- `423e0af` — Multi-tenancy architecture (ADR-001)
- `cc7dce0` — MSPBackups integration and Integration Catalog
### Context from Previous Work (Earlier in Session)
This session was a continuation of earlier roadmap work that included:
1. Multiple `/sync` attempts (network issues from office power failure)
2. PSA/CRM feature added to roadmap with plugin architecture
3. Standalone PSA capability defined (can run without GuruRMM RMM)
4. Multi-tenancy identity model finalized (ADR-001: Dev team with partner impersonation)
5. MSPBackups integration added
6. Integration Catalog/Marketplace created
7. Client Portal feature added (this update)
All documentation now reflects the three-level identity model and is cross-referenced appropriately.