[
  {
    "role_id": "role_001",
    "name": "engineering_developer",
    "permissions": ["code_repo_read", "code_repo_write", "ci_cd_trigger", "staging_deploy", "jira_access", "confluence_read", "slack_engineering"],
    "department": "Engineering",
    "level_requirement": "L1",
    "description": "Standard developer access to code repositories, CI/CD pipelines, staging environments, and engineering collaboration tools."
  },
  {
    "role_id": "role_002",
    "name": "engineering_admin",
    "permissions": ["code_repo_admin", "ci_cd_admin", "staging_deploy", "production_deploy", "infra_access", "secrets_management", "jira_admin", "confluence_write", "slack_engineering", "pagerduty_admin"],
    "department": "Engineering",
    "level_requirement": "L4",
    "description": "Administrative engineering access including production deployments, infrastructure management, and secrets management."
  },
  {
    "role_id": "role_003",
    "name": "engineering_lead",
    "permissions": ["code_repo_read", "code_repo_write", "code_repo_approve", "ci_cd_trigger", "staging_deploy", "production_deploy", "jira_admin", "confluence_write", "slack_engineering", "pagerduty_oncall"],
    "department": "Engineering",
    "level_requirement": "L3",
    "description": "Engineering lead access with code review approval rights, production deployment capabilities, and project management tools."
  },
  {
    "role_id": "role_004",
    "name": "product_viewer",
    "permissions": ["jira_access", "confluence_read", "analytics_dashboard_read", "slack_product", "figma_view"],
    "department": "Product",
    "level_requirement": "L1",
    "description": "Read-only access to product management tools, analytics dashboards, and design files."
  },
  {
    "role_id": "role_005",
    "name": "product_manager",
    "permissions": ["jira_admin", "confluence_write", "analytics_dashboard_read", "analytics_dashboard_write", "slack_product", "figma_view", "figma_comment", "feature_flags_manage", "a_b_testing_admin"],
    "department": "Product",
    "level_requirement": "L2",
    "description": "Full product management access including analytics, feature flag management, A/B testing, and project tracking administration."
  },
  {
    "role_id": "role_006",
    "name": "finance_analyst",
    "permissions": ["erp_read", "financial_reports_read", "expense_system_read", "budget_dashboard_read", "slack_finance", "confluence_read"],
    "department": "Finance",
    "level_requirement": "L1",
    "description": "Read access to financial systems, ERP data, expense reports, and budget dashboards."
  },
  {
    "role_id": "role_007",
    "name": "finance_manager",
    "permissions": ["erp_read", "erp_write", "financial_reports_read", "financial_reports_write", "expense_system_admin", "budget_dashboard_admin", "payroll_read", "slack_finance", "confluence_write", "vendor_management"],
    "department": "Finance",
    "level_requirement": "L3",
    "description": "Full finance management access including ERP write, payroll viewing, expense administration, and vendor management."
  },
  {
    "role_id": "role_008",
    "name": "hr_coordinator",
    "permissions": ["hris_read", "hris_write_basic", "recruiting_ats_read", "benefits_portal_read", "slack_hr", "confluence_read", "onboarding_system_read"],
    "department": "Human Resources",
    "level_requirement": "L1",
    "description": "Basic HR operations access for coordinating onboarding, maintaining employee records, and viewing recruiting pipelines."
  },
  {
    "role_id": "role_009",
    "name": "hr_manager",
    "permissions": ["hris_read", "hris_write", "hris_admin", "recruiting_ats_admin", "benefits_portal_admin", "payroll_read", "payroll_write", "compensation_data_read", "slack_hr", "confluence_write", "onboarding_system_admin", "offboarding_system_admin", "performance_review_admin"],
    "department": "Human Resources",
    "level_requirement": "L3",
    "description": "Full HR management access including HRIS administration, recruiting, payroll, benefits, performance reviews, and onboarding/offboarding systems."
  },
  {
    "role_id": "role_010",
    "name": "security_analyst",
    "permissions": ["siem_read", "vulnerability_scanner_read", "access_logs_read", "dlp_dashboard_read", "slack_security", "confluence_read", "incident_management_read"],
    "department": "Security",
    "level_requirement": "L2",
    "description": "Security monitoring access for reviewing SIEM alerts, vulnerability scans, access logs, and DLP incidents."
  },
  {
    "role_id": "role_011",
    "name": "security_admin",
    "permissions": ["siem_admin", "vulnerability_scanner_admin", "access_logs_read", "access_management_admin", "dlp_admin", "firewall_admin", "slack_security", "confluence_write", "incident_management_admin", "secrets_management", "identity_provider_admin"],
    "department": "Security",
    "level_requirement": "L4",
    "description": "Full security administration including SIEM, access management, DLP, firewall rules, identity provider configuration, and incident response."
  },
  {
    "role_id": "role_012",
    "name": "data_science_analyst",
    "permissions": ["data_warehouse_read", "jupyter_notebooks", "ml_platform_read", "analytics_dashboard_read", "slack_data", "confluence_read", "s3_data_buckets_read"],
    "department": "Data Science",
    "level_requirement": "L1",
    "description": "Data analysis access including data warehouse queries, Jupyter notebooks, ML platform viewing, and analytics dashboards."
  },
  {
    "role_id": "role_013",
    "name": "data_science_lead",
    "permissions": ["data_warehouse_read", "data_warehouse_write", "jupyter_notebooks", "ml_platform_admin", "analytics_dashboard_write", "gpu_cluster_access", "slack_data", "confluence_write", "s3_data_buckets_read", "s3_data_buckets_write", "model_registry_admin"],
    "department": "Data Science",
    "level_requirement": "L3",
    "description": "Advanced data science access including data warehouse writes, ML platform administration, GPU cluster usage, and model registry management."
  },
  {
    "role_id": "role_014",
    "name": "sales_crm_user",
    "permissions": ["crm_read", "crm_write", "sales_dashboard_read", "email_sequences", "slack_sales", "confluence_read", "contract_management_read"],
    "department": "Sales",
    "level_requirement": "L1",
    "description": "Standard sales access to CRM, sales dashboards, email outreach tools, and contract viewing."
  },
  {
    "role_id": "role_015",
    "name": "sales_manager",
    "permissions": ["crm_admin", "sales_dashboard_admin", "email_sequences", "commission_reports_read", "slack_sales", "confluence_write", "contract_management_write", "quota_management", "territory_management"],
    "department": "Sales",
    "level_requirement": "L3",
    "description": "Sales management access including CRM administration, commission reports, quota setting, and territory management."
  },
  {
    "role_id": "role_016",
    "name": "marketing_specialist",
    "permissions": ["marketing_automation_read", "marketing_automation_write", "social_media_management", "analytics_dashboard_read", "slack_marketing", "confluence_read", "cms_write", "design_tools_access"],
    "department": "Marketing",
    "level_requirement": "L1",
    "description": "Marketing operations access including automation platforms, social media management, CMS, and analytics."
  },
  {
    "role_id": "role_017",
    "name": "customer_support_agent",
    "permissions": ["ticketing_system_read", "ticketing_system_write", "knowledge_base_read", "crm_read", "slack_support", "confluence_read", "phone_system_access"],
    "department": "Customer Support",
    "level_requirement": "L1",
    "description": "Customer support agent access to ticketing system, knowledge base, CRM viewing, and phone system."
  },
  {
    "role_id": "role_018",
    "name": "design_contributor",
    "permissions": ["figma_edit", "design_system_read", "design_system_write", "slack_design", "confluence_read", "jira_access", "asset_library_access"],
    "department": "Design",
    "level_requirement": "L1",
    "description": "Design team access including Figma editing, design system contributions, and asset library management."
  },
  {
    "role_id": "role_019",
    "name": "legal_counsel",
    "permissions": ["contract_management_read", "contract_management_write", "legal_document_vault", "compliance_dashboard_read", "e_discovery_access", "slack_legal", "confluence_write", "vendor_management"],
    "department": "Legal",
    "level_requirement": "L2",
    "description": "Legal team access to contract management, document vault, compliance monitoring, e-discovery tools, and vendor management."
  },
  {
    "role_id": "role_020",
    "name": "general_employee",
    "permissions": ["email_access", "slack_general", "confluence_read", "hris_self_service", "benefits_portal_self_service", "expense_system_submit", "learning_platform_access"],
    "department": "all",
    "level_requirement": "L1",
    "description": "Baseline access granted to all employees including email, Slack, self-service HR portal, benefits, expense submission, and learning platform."
  }
]