# Dynamic Roles and Permissions - Next Step

This patch adds the safe foundation for configurable permissions without changing existing role behaviour yet.

Added:
- `config/ngbvd_permissions.php`
- `database/migrations/2026_06_03_000010_create_ngbvd_role_permissions_tables.php`
- `app/Services/AccessControl/PermissionRegistry.php`

Recommended next implementation step:
1. Create a role-permission management screen under User Management.
2. Seed the `permissions` table from `PermissionRegistry::flatten()`.
3. Assign all permissions to Administrator by default.
4. Add middleware checks gradually by module, starting with Resources, Users, and API Integrations.
5. Only after confirmation, replace hard-coded role checks in the sidebar and controllers.

This avoids breaking the current production access model while preparing for full dynamic access control.