# Module: Azaion.Common.Entities.RoleEnum

## Purpose
Defines the authorization role hierarchy for the system.

## Public Interface

| Enum Value | Int Value | Description |
|-----------|-----------|-------------|
| `None` | 0 | No role assigned |
| `Operator` | 10 | Annotator access only; can send annotations to queue |
| `Validator` | 20 | Annotator + dataset explorer; can receive annotations from queue |
| `CompanionPC` | 30 | Companion PC role |
| `Admin` | 40 | Admin role |
| `ResourceUploader` | 50 | Can upload DLLs and AI models |
| `ApiAdmin` | 1000 | Full access to all operations |

## Internal Logic
Integer values define a loose hierarchy; higher values don't necessarily imply more permissions — policy-based authorization in `Program.cs` maps specific roles to policies.

## Dependencies
None.

## Consumers
- `User.Role` property type
- `RegisterUserRequest.Role` property type
- `Program.cs` — authorization policies (`apiAdminPolicy`, `apiUploaderPolicy`)
- `AuthService.CreateToken` — embeds role as claim
- `AzaionDbSchemaHolder` — maps Role to/from text in DB
- `UserService.GetUsers` — filters by role
- `UserService.ChangeRole` — updates user role

## Data Models
Part of the `User` entity.

## Configuration
None.

## External Integrations
None.

## Security
Core to the RBAC authorization model. `ApiAdmin` has unrestricted access; `ResourceUploader` can upload resources; other roles have endpoint-level restrictions.

## Tests
None.