#58. Implement Tiered_Admin_Permissions (Super-Admin vs Manager)

[JerryIdoko]

Description: A "Manager" should be able to add new team members, but only a "Super-Admin" should be able to revoke them. This task involves a hierarchical permission system. The add_beneficiary function is open to the Manager role, but revoke_vesting is strictly locked to the SuperAdmin role. This allows projects to delegate the "Onboarding" of employees to HR or project managers while keeping the high-stakes "Clawback" power in the hands of the founders or the legal entity, improving operational efficiency.

Labels: security, governance, backend

[Jennnybee]

@Jennnybee has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Good day.

Let me handle this for you.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Jennnybee to this issue.

[drips-wave]

Congratulations, @Jennnybee! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @Jennnybee: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊