63 changed files with 411 additions and 848 deletions
--- a/backend/src/config.js
+++ b/backend/src/config.js
@ -51,9 +51,15 @@ const config = {
    }
  },
  roles: {
-    super_admin: 'super_admin',
+
-    admin: 'org_admin',
+    super_admin: 'Super Administrator',
-    user: 'read_only_client',
+
    admin: 'Administrator',
  user: 'audit_viewer',
  },
  project_uuid: '5d25cc2f-a5bf-478e-a796-9053fc72e5d9',
--- a/backend/src/db/api/access_review_items.js
+++ b/backend/src/db/api/access_review_items.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -167,7 +166,7 @@ module.exports = class Access_review_itemsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const access_review_items = await TenantAccess.findByPkOrThrow(db.access_review_items, id, options);
+        const access_review_items = await db.access_review_items.findByPk(id, {}, {transaction});
@ -238,7 +237,14 @@ module.exports = class Access_review_itemsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const access_review_items = await TenantAccess.findAllByIds(db.access_review_items, ids, options);
+        const access_review_items = await db.access_review_items.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of access_review_items) {
@ -260,7 +266,7 @@ module.exports = class Access_review_itemsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const access_review_items = await TenantAccess.findByPkOrThrow(db.access_review_items, id, options);
+        const access_review_items = await db.access_review_items.findByPk(id, options);
        await access_review_items.update({
            deletedBy: currentUser.id
@ -278,7 +284,10 @@ module.exports = class Access_review_itemsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const access_review_items = await TenantAccess.findOne(db.access_review_items, where, options);
+        const access_review_items = await db.access_review_items.findOne(
            { where },
            { transaction },
        );
        if (!access_review_items) {
            return access_review_items;
--- a/backend/src/db/api/access_reviews.js
+++ b/backend/src/db/api/access_reviews.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -155,7 +154,7 @@ module.exports = class Access_reviewsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const access_reviews = await TenantAccess.findByPkOrThrow(db.access_reviews, id, options);
+        const access_reviews = await db.access_reviews.findByPk(id, {}, {transaction});
@ -223,7 +222,14 @@ module.exports = class Access_reviewsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const access_reviews = await TenantAccess.findAllByIds(db.access_reviews, ids, options);
+        const access_reviews = await db.access_reviews.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of access_reviews) {
@ -245,7 +251,7 @@ module.exports = class Access_reviewsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const access_reviews = await TenantAccess.findByPkOrThrow(db.access_reviews, id, options);
+        const access_reviews = await db.access_reviews.findByPk(id, options);
        await access_reviews.update({
            deletedBy: currentUser.id
@ -263,7 +269,10 @@ module.exports = class Access_reviewsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const access_reviews = await TenantAccess.findOne(db.access_reviews, where, options);
+        const access_reviews = await db.access_reviews.findOne(
            { where },
            { transaction },
        );
        if (!access_reviews) {
            return access_reviews;
--- a/backend/src/db/api/artifact_type_catalog.js
+++ b/backend/src/db/api/artifact_type_catalog.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -103,7 +102,7 @@ module.exports = class Artifact_type_catalogDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const artifact_type_catalog = await TenantAccess.findByPkOrThrow(db.artifact_type_catalog, id, options);
+        const artifact_type_catalog = await db.artifact_type_catalog.findByPk(id, {}, {transaction});
@ -147,7 +146,14 @@ module.exports = class Artifact_type_catalogDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const artifact_type_catalog = await TenantAccess.findAllByIds(db.artifact_type_catalog, ids, options);
+        const artifact_type_catalog = await db.artifact_type_catalog.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of artifact_type_catalog) {
@ -169,7 +175,7 @@ module.exports = class Artifact_type_catalogDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const artifact_type_catalog = await TenantAccess.findByPkOrThrow(db.artifact_type_catalog, id, options);
+        const artifact_type_catalog = await db.artifact_type_catalog.findByPk(id, options);
        await artifact_type_catalog.update({
            deletedBy: currentUser.id
@ -187,7 +193,10 @@ module.exports = class Artifact_type_catalogDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const artifact_type_catalog = await TenantAccess.findOne(db.artifact_type_catalog, where, options);
+        const artifact_type_catalog = await db.artifact_type_catalog.findOne(
            { where },
            { transaction },
        );
        if (!artifact_type_catalog) {
            return artifact_type_catalog;
--- a/backend/src/db/api/artifacts.js
+++ b/backend/src/db/api/artifacts.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -233,7 +232,7 @@ module.exports = class ArtifactsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const artifacts = await TenantAccess.findByPkOrThrow(db.artifacts, id, options);
+        const artifacts = await db.artifacts.findByPk(id, {}, {transaction});
@ -359,7 +358,14 @@ module.exports = class ArtifactsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const artifacts = await TenantAccess.findAllByIds(db.artifacts, ids, options);
+        const artifacts = await db.artifacts.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of artifacts) {
@ -381,7 +387,7 @@ module.exports = class ArtifactsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const artifacts = await TenantAccess.findByPkOrThrow(db.artifacts, id, options);
+        const artifacts = await db.artifacts.findByPk(id, options);
        await artifacts.update({
            deletedBy: currentUser.id
@ -399,7 +405,10 @@ module.exports = class ArtifactsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const artifacts = await TenantAccess.findOne(db.artifacts, where, options);
+        const artifacts = await db.artifacts.findOne(
            { where },
            { transaction },
        );
        if (!artifacts) {
            return artifacts;
--- a/backend/src/db/api/audit_logs.js
+++ b/backend/src/db/api/audit_logs.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -165,7 +164,7 @@ module.exports = class Audit_logsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const audit_logs = await TenantAccess.findByPkOrThrow(db.audit_logs, id, options);
+        const audit_logs = await db.audit_logs.findByPk(id, {}, {transaction});
@ -236,7 +235,14 @@ module.exports = class Audit_logsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const audit_logs = await TenantAccess.findAllByIds(db.audit_logs, ids, options);
+        const audit_logs = await db.audit_logs.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of audit_logs) {
@ -258,7 +264,7 @@ module.exports = class Audit_logsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const audit_logs = await TenantAccess.findByPkOrThrow(db.audit_logs, id, options);
+        const audit_logs = await db.audit_logs.findByPk(id, options);
        await audit_logs.update({
            deletedBy: currentUser.id
@ -276,7 +282,10 @@ module.exports = class Audit_logsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const audit_logs = await TenantAccess.findOne(db.audit_logs, where, options);
+        const audit_logs = await db.audit_logs.findOne(
            { where },
            { transaction },
        );
        if (!audit_logs) {
            return audit_logs;
--- a/backend/src/db/api/connected_systems.js
+++ b/backend/src/db/api/connected_systems.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -173,7 +172,7 @@ module.exports = class Connected_systemsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const connected_systems = await TenantAccess.findByPkOrThrow(db.connected_systems, id, options);
+        const connected_systems = await db.connected_systems.findByPk(id, {}, {transaction});
@ -238,7 +237,14 @@ module.exports = class Connected_systemsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const connected_systems = await TenantAccess.findAllByIds(db.connected_systems, ids, options);
+        const connected_systems = await db.connected_systems.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of connected_systems) {
@ -260,7 +266,7 @@ module.exports = class Connected_systemsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const connected_systems = await TenantAccess.findByPkOrThrow(db.connected_systems, id, options);
+        const connected_systems = await db.connected_systems.findByPk(id, options);
        await connected_systems.update({
            deletedBy: currentUser.id
@ -278,7 +284,10 @@ module.exports = class Connected_systemsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const connected_systems = await TenantAccess.findOne(db.connected_systems, where, options);
+        const connected_systems = await db.connected_systems.findOne(
            { where },
            { transaction },
        );
        if (!connected_systems) {
            return connected_systems;
--- a/backend/src/db/api/control_frameworks.js
+++ b/backend/src/db/api/control_frameworks.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -113,7 +112,7 @@ module.exports = class Control_frameworksDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const control_frameworks = await TenantAccess.findByPkOrThrow(db.control_frameworks, id, options);
+        const control_frameworks = await db.control_frameworks.findByPk(id, {}, {transaction});
@ -160,7 +159,14 @@ module.exports = class Control_frameworksDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const control_frameworks = await TenantAccess.findAllByIds(db.control_frameworks, ids, options);
+        const control_frameworks = await db.control_frameworks.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of control_frameworks) {
@ -182,7 +188,7 @@ module.exports = class Control_frameworksDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const control_frameworks = await TenantAccess.findByPkOrThrow(db.control_frameworks, id, options);
+        const control_frameworks = await db.control_frameworks.findByPk(id, options);
        await control_frameworks.update({
            deletedBy: currentUser.id
@ -200,7 +206,10 @@ module.exports = class Control_frameworksDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const control_frameworks = await TenantAccess.findOne(db.control_frameworks, where, options);
+        const control_frameworks = await db.control_frameworks.findOne(
            { where },
            { transaction },
        );
        if (!control_frameworks) {
            return control_frameworks;
--- a/backend/src/db/api/control_requirements.js
+++ b/backend/src/db/api/control_requirements.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -137,7 +136,7 @@ module.exports = class Control_requirementsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const control_requirements = await TenantAccess.findByPkOrThrow(db.control_requirements, id, options);
+        const control_requirements = await db.control_requirements.findByPk(id, {}, {transaction});
@ -199,7 +198,14 @@ module.exports = class Control_requirementsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const control_requirements = await TenantAccess.findAllByIds(db.control_requirements, ids, options);
+        const control_requirements = await db.control_requirements.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of control_requirements) {
@ -221,7 +227,7 @@ module.exports = class Control_requirementsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const control_requirements = await TenantAccess.findByPkOrThrow(db.control_requirements, id, options);
+        const control_requirements = await db.control_requirements.findByPk(id, options);
        await control_requirements.update({
            deletedBy: currentUser.id
@ -239,7 +245,10 @@ module.exports = class Control_requirementsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const control_requirements = await TenantAccess.findOne(db.control_requirements, where, options);
+        const control_requirements = await db.control_requirements.findOne(
            { where },
            { transaction },
        );
        if (!control_requirements) {
            return control_requirements;
--- a/backend/src/db/api/evidence_models.js
+++ b/backend/src/db/api/evidence_models.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -165,7 +164,7 @@ module.exports = class Evidence_modelsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const evidence_models = await TenantAccess.findByPkOrThrow(db.evidence_models, id, options);
+        const evidence_models = await db.evidence_models.findByPk(id, {}, {transaction});
@ -251,7 +250,14 @@ module.exports = class Evidence_modelsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const evidence_models = await TenantAccess.findAllByIds(db.evidence_models, ids, options);
+        const evidence_models = await db.evidence_models.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of evidence_models) {
@ -273,7 +279,7 @@ module.exports = class Evidence_modelsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const evidence_models = await TenantAccess.findByPkOrThrow(db.evidence_models, id, options);
+        const evidence_models = await db.evidence_models.findByPk(id, options);
        await evidence_models.update({
            deletedBy: currentUser.id
@ -291,7 +297,10 @@ module.exports = class Evidence_modelsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const evidence_models = await TenantAccess.findOne(db.evidence_models, where, options);
+        const evidence_models = await db.evidence_models.findOne(
            { where },
            { transaction },
        );
        if (!evidence_models) {
            return evidence_models;
--- a/backend/src/db/api/exceptions.js
+++ b/backend/src/db/api/exceptions.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -181,7 +180,7 @@ module.exports = class ExceptionsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const exceptions = await TenantAccess.findByPkOrThrow(db.exceptions, id, options);
+        const exceptions = await db.exceptions.findByPk(id, {}, {transaction});
@ -259,7 +258,14 @@ module.exports = class ExceptionsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const exceptions = await TenantAccess.findAllByIds(db.exceptions, ids, options);
+        const exceptions = await db.exceptions.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of exceptions) {
@ -281,7 +287,7 @@ module.exports = class ExceptionsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const exceptions = await TenantAccess.findByPkOrThrow(db.exceptions, id, options);
+        const exceptions = await db.exceptions.findByPk(id, options);
        await exceptions.update({
            deletedBy: currentUser.id
@ -299,7 +305,10 @@ module.exports = class ExceptionsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const exceptions = await TenantAccess.findOne(db.exceptions, where, options);
+        const exceptions = await db.exceptions.findOne(
            { where },
            { transaction },
        );
        if (!exceptions) {
            return exceptions;
--- a/backend/src/db/api/identity_workflows.js
+++ b/backend/src/db/api/identity_workflows.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -179,7 +178,7 @@ module.exports = class Identity_workflowsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const identity_workflows = await TenantAccess.findByPkOrThrow(db.identity_workflows, id, options);
+        const identity_workflows = await db.identity_workflows.findByPk(id, {}, {transaction});
@ -252,7 +251,14 @@ module.exports = class Identity_workflowsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const identity_workflows = await TenantAccess.findAllByIds(db.identity_workflows, ids, options);
+        const identity_workflows = await db.identity_workflows.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of identity_workflows) {
@ -274,7 +280,7 @@ module.exports = class Identity_workflowsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const identity_workflows = await TenantAccess.findByPkOrThrow(db.identity_workflows, id, options);
+        const identity_workflows = await db.identity_workflows.findByPk(id, options);
        await identity_workflows.update({
            deletedBy: currentUser.id
@ -292,7 +298,10 @@ module.exports = class Identity_workflowsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const identity_workflows = await TenantAccess.findOne(db.identity_workflows, where, options);
+        const identity_workflows = await db.identity_workflows.findOne(
            { where },
            { transaction },
        );
        if (!identity_workflows) {
            return identity_workflows;
--- a/backend/src/db/api/notifications.js
+++ b/backend/src/db/api/notifications.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -167,7 +166,7 @@ module.exports = class NotificationsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const notifications = await TenantAccess.findByPkOrThrow(db.notifications, id, options);
+        const notifications = await db.notifications.findByPk(id, {}, {transaction});
@ -238,7 +237,14 @@ module.exports = class NotificationsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const notifications = await TenantAccess.findAllByIds(db.notifications, ids, options);
+        const notifications = await db.notifications.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of notifications) {
@ -260,7 +266,7 @@ module.exports = class NotificationsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const notifications = await TenantAccess.findByPkOrThrow(db.notifications, id, options);
+        const notifications = await db.notifications.findByPk(id, options);
        await notifications.update({
            deletedBy: currentUser.id
@ -278,7 +284,10 @@ module.exports = class NotificationsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const notifications = await TenantAccess.findOne(db.notifications, where, options);
+        const notifications = await db.notifications.findOne(
            { where },
            { transaction },
        );
        if (!notifications) {
            return notifications;
--- a/backend/src/db/api/organization_settings.js
+++ b/backend/src/db/api/organization_settings.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -189,7 +188,7 @@ module.exports = class Organization_settingsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const organization_settings = await TenantAccess.findByPkOrThrow(db.organization_settings, id, options);
+        const organization_settings = await db.organization_settings.findByPk(id, {}, {transaction});
@ -261,7 +260,14 @@ module.exports = class Organization_settingsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const organization_settings = await TenantAccess.findAllByIds(db.organization_settings, ids, options);
+        const organization_settings = await db.organization_settings.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of organization_settings) {
@ -283,7 +289,7 @@ module.exports = class Organization_settingsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const organization_settings = await TenantAccess.findByPkOrThrow(db.organization_settings, id, options);
+        const organization_settings = await db.organization_settings.findByPk(id, options);
        await organization_settings.update({
            deletedBy: currentUser.id
@ -301,7 +307,10 @@ module.exports = class Organization_settingsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const organization_settings = await TenantAccess.findOne(db.organization_settings, where, options);
+        const organization_settings = await db.organization_settings.findOne(
            { where },
            { transaction },
        );
        if (!organization_settings) {
            return organization_settings;
--- a/backend/src/db/api/organizations.js
+++ b/backend/src/db/api/organizations.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -77,7 +76,7 @@ module.exports = class OrganizationsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const organizations = await TenantAccess.findByPkOrThrow(db.organizations, id, options);
+        const organizations = await db.organizations.findByPk(id, {}, {transaction});
@ -106,7 +105,14 @@ module.exports = class OrganizationsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const organizations = await TenantAccess.findAllByIds(db.organizations, ids, options);
+        const organizations = await db.organizations.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of organizations) {
@ -128,7 +134,7 @@ module.exports = class OrganizationsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const organizations = await TenantAccess.findByPkOrThrow(db.organizations, id, options);
+        const organizations = await db.organizations.findByPk(id, options);
        await organizations.update({
            deletedBy: currentUser.id
@ -146,7 +152,10 @@ module.exports = class OrganizationsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const organizations = await TenantAccess.findOne(db.organizations, where, options);
+        const organizations = await db.organizations.findOne(
            { where },
            { transaction },
        );
        if (!organizations) {
            return organizations;
--- a/backend/src/db/api/proof_packets.js
+++ b/backend/src/db/api/proof_packets.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -165,7 +164,7 @@ module.exports = class Proof_packetsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const proof_packets = await TenantAccess.findByPkOrThrow(db.proof_packets, id, options);
+        const proof_packets = await db.proof_packets.findByPk(id, {}, {transaction});
@ -265,7 +264,14 @@ module.exports = class Proof_packetsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const proof_packets = await TenantAccess.findAllByIds(db.proof_packets, ids, options);
+        const proof_packets = await db.proof_packets.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of proof_packets) {
@ -287,7 +293,7 @@ module.exports = class Proof_packetsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const proof_packets = await TenantAccess.findByPkOrThrow(db.proof_packets, id, options);
+        const proof_packets = await db.proof_packets.findByPk(id, options);
        await proof_packets.update({
            deletedBy: currentUser.id
@ -305,7 +311,10 @@ module.exports = class Proof_packetsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const proof_packets = await TenantAccess.findOne(db.proof_packets, where, options);
+        const proof_packets = await db.proof_packets.findOne(
            { where },
            { transaction },
        );
        if (!proof_packets) {
            return proof_packets;
--- a/backend/src/db/api/remediation_items.js
+++ b/backend/src/db/api/remediation_items.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -171,7 +170,7 @@ module.exports = class Remediation_itemsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const remediation_items = await TenantAccess.findByPkOrThrow(db.remediation_items, id, options);
+        const remediation_items = await db.remediation_items.findByPk(id, {}, {transaction});
@ -275,7 +274,14 @@ module.exports = class Remediation_itemsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const remediation_items = await TenantAccess.findAllByIds(db.remediation_items, ids, options);
+        const remediation_items = await db.remediation_items.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of remediation_items) {
@ -297,7 +303,7 @@ module.exports = class Remediation_itemsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const remediation_items = await TenantAccess.findByPkOrThrow(db.remediation_items, id, options);
+        const remediation_items = await db.remediation_items.findByPk(id, options);
        await remediation_items.update({
            deletedBy: currentUser.id
@ -315,7 +321,10 @@ module.exports = class Remediation_itemsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const remediation_items = await TenantAccess.findOne(db.remediation_items, where, options);
+        const remediation_items = await db.remediation_items.findOne(
            { where },
            { transaction },
        );
        if (!remediation_items) {
            return remediation_items;
--- a/backend/src/db/api/sampled_subjects.js
+++ b/backend/src/db/api/sampled_subjects.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -175,7 +174,7 @@ module.exports = class Sampled_subjectsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const sampled_subjects = await TenantAccess.findByPkOrThrow(db.sampled_subjects, id, options);
+        const sampled_subjects = await db.sampled_subjects.findByPk(id, {}, {transaction});
@ -249,7 +248,14 @@ module.exports = class Sampled_subjectsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const sampled_subjects = await TenantAccess.findAllByIds(db.sampled_subjects, ids, options);
+        const sampled_subjects = await db.sampled_subjects.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of sampled_subjects) {
@ -271,7 +277,7 @@ module.exports = class Sampled_subjectsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const sampled_subjects = await TenantAccess.findByPkOrThrow(db.sampled_subjects, id, options);
+        const sampled_subjects = await db.sampled_subjects.findByPk(id, options);
        await sampled_subjects.update({
            deletedBy: currentUser.id
@ -289,7 +295,10 @@ module.exports = class Sampled_subjectsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const sampled_subjects = await TenantAccess.findOne(db.sampled_subjects, where, options);
+        const sampled_subjects = await db.sampled_subjects.findOne(
            { where },
            { transaction },
        );
        if (!sampled_subjects) {
            return sampled_subjects;
--- a/backend/src/db/api/tenantAccess.js
+++ b/backend/src/db/api/tenantAccess.js
@ -1,121 +0,0 @@
 const db = require('../models');
 const { Op } = db.Sequelize;
 class TenantAccess {
  static getNotFoundError(message = 'Item not found') {
    const error = new Error(message);
    error.code = 404;
    return error;
  }
  static hasGlobalAccess(currentUser) {
    return Boolean(currentUser?.app_role?.globalAccess);
  }
  static getCurrentOrganizationId(currentUser) {
    return (
      currentUser?.organization?.id ||
      currentUser?.organizations?.id ||
      currentUser?.organizationId ||
      currentUser?.organizationsId ||
      null
    );
  }
  static getOwnershipField(model) {
    if (model?.rawAttributes?.organizationId) {
      return 'organizationId';
    }
    if (model?.rawAttributes?.organizationsId) {
      return 'organizationsId';
    }
    if (model?.getTableName?.() === 'organizations') {
      return 'id';
    }
    return null;
  }
  static buildTenantWhere(model, where = {}, options = {}) {
    const ownershipField = this.getOwnershipField(model);
    if (!ownershipField) {
      return where;
    }
    const currentUser = options.currentUser;
    if (!currentUser || this.hasGlobalAccess(currentUser)) {
      return where;
    }
    const organizationId = this.getCurrentOrganizationId(currentUser);
    if (!organizationId) {
      throw this.getNotFoundError();
    }
    const tenantWhere = { [ownershipField]: organizationId };
    if (!where || Object.keys(where).length === 0) {
      return tenantWhere;
    }
    return {
      [Op.and]: [where, tenantWhere],
    };
  }
  static async findOne(model, where = {}, options = {}) {
    return model.findOne({
      where: this.buildTenantWhere(model, where, options),
      transaction: options.transaction,
    });
  }
  static async findByPk(model, id, options = {}) {
    return this.findOne(model, { id }, options);
  }
  static async findByPkOrThrow(model, id, options = {}) {
    const record = await this.findByPk(model, id, options);
    if (!record) {
      throw this.getNotFoundError();
    }
    return record;
  }
  static async findAllByIds(model, ids = [], options = {}) {
    const uniqueIds = [...new Set((ids || []).filter(Boolean))];
    if (!uniqueIds.length) {
      return [];
    }
    const records = await model.findAll({
      where: this.buildTenantWhere(
        model,
        {
          id: {
            [Op.in]: uniqueIds,
          },
        },
        options,
      ),
      transaction: options.transaction,
    });
    if (records.length !== uniqueIds.length) {
      throw this.getNotFoundError();
    }
    return records;
  }
 }
 module.exports = TenantAccess;
--- a/backend/src/db/api/user_invitations.js
+++ b/backend/src/db/api/user_invitations.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -155,7 +154,7 @@ module.exports = class User_invitationsDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const user_invitations = await TenantAccess.findByPkOrThrow(db.user_invitations, id, options);
+        const user_invitations = await db.user_invitations.findByPk(id, {}, {transaction});
@ -223,7 +222,14 @@ module.exports = class User_invitationsDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const user_invitations = await TenantAccess.findAllByIds(db.user_invitations, ids, options);
+        const user_invitations = await db.user_invitations.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of user_invitations) {
@ -245,7 +251,7 @@ module.exports = class User_invitationsDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const user_invitations = await TenantAccess.findByPkOrThrow(db.user_invitations, id, options);
+        const user_invitations = await db.user_invitations.findByPk(id, options);
        await user_invitations.update({
            deletedBy: currentUser.id
@ -263,7 +269,10 @@ module.exports = class User_invitationsDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const user_invitations = await TenantAccess.findOne(db.user_invitations, where, options);
+        const user_invitations = await db.user_invitations.findOne(
            { where },
            { transaction },
        );
        if (!user_invitations) {
            return user_invitations;
--- a/backend/src/db/api/users.js
+++ b/backend/src/db/api/users.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
 const bcrypt = require('bcrypt');
 const config = require('../../config');
@ -245,7 +244,7 @@ module.exports = class UsersDBApi {
        const transaction = (options && options.transaction) || undefined;
-        const users = await TenantAccess.findByPkOrThrow(db.users, id, options);
+        const users = await db.users.findByPk(id, {}, {transaction});
@ -358,7 +357,14 @@ module.exports = class UsersDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const users = await TenantAccess.findAllByIds(db.users, ids, options);
+        const users = await db.users.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of users) {
@ -380,7 +386,7 @@ module.exports = class UsersDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const users = await TenantAccess.findByPkOrThrow(db.users, id, options);
+        const users = await db.users.findByPk(id, options);
        await users.update({
            deletedBy: currentUser.id
@ -398,7 +404,10 @@ module.exports = class UsersDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const users = await TenantAccess.findOne(db.users, where, options);
+        const users = await db.users.findOne(
            { where },
            { transaction },
        );
        if (!users) {
            return users;
--- a/backend/src/db/api/workflow_templates.js
+++ b/backend/src/db/api/workflow_templates.js
@ -3,7 +3,6 @@ const db = require('../models');
 const FileDBApi = require('./file');
 const crypto = require('crypto');
 const Utils = require('../utils');
 const TenantAccess = require('./tenantAccess');
@ -151,7 +150,7 @@ module.exports = class Workflow_templatesDBApi {
        const transaction = (options && options.transaction) || undefined;
        const globalAccess = currentUser.app_role?.globalAccess;
-        const workflow_templates = await TenantAccess.findByPkOrThrow(db.workflow_templates, id, options);
+        const workflow_templates = await db.workflow_templates.findByPk(id, {}, {transaction});
@ -210,7 +209,14 @@ module.exports = class Workflow_templatesDBApi {
        const currentUser = (options && options.currentUser) || { id: null };
        const transaction = (options && options.transaction) || undefined;
-        const workflow_templates = await TenantAccess.findAllByIds(db.workflow_templates, ids, options);
+        const workflow_templates = await db.workflow_templates.findAll({
            where: {
                id: {
                    [Op.in]: ids,
                },
            },
            transaction,
        });
        await db.sequelize.transaction(async (transaction) => {
            for (const record of workflow_templates) {
@ -232,7 +238,7 @@ module.exports = class Workflow_templatesDBApi {
        const currentUser = (options && options.currentUser) || {id: null};
        const transaction = (options && options.transaction) || undefined;
-        const workflow_templates = await TenantAccess.findByPkOrThrow(db.workflow_templates, id, options);
+        const workflow_templates = await db.workflow_templates.findByPk(id, options);
        await workflow_templates.update({
            deletedBy: currentUser.id
@ -250,7 +256,10 @@ module.exports = class Workflow_templatesDBApi {
    static async findBy(where, options) {
        const transaction = (options && options.transaction) || undefined;
-        const workflow_templates = await TenantAccess.findOne(db.workflow_templates, where, options);
+        const workflow_templates = await db.workflow_templates.findOne(
            { where },
            { transaction },
        );
        if (!workflow_templates) {
            return workflow_templates;
--- a/backend/src/db/seeders/20260410120000-role-model-alignment.js
+++ b/backend/src/db/seeders/20260410120000-role-model-alignment.js
@ -1,442 +0,0 @@
 'use strict';
 const bcrypt = require('bcrypt');
 const config = require('../../config');
 const CRUD_OPERATIONS = ['CREATE', 'READ', 'UPDATE', 'DELETE'];
 const ENTITY_NAMES = [
  'users',
  'roles',
  'permissions',
  'organizations',
  'user_invitations',
  'connected_systems',
  'control_frameworks',
  'control_requirements',
  'identity_workflows',
  'evidence_models',
  'artifacts',
  'sampled_subjects',
  'proof_packets',
  'remediation_items',
  'access_reviews',
  'access_review_items',
  'exceptions',
  'audit_logs',
  'notifications',
  'organization_settings',
  'artifact_type_catalog',
  'workflow_templates',
 ];
 const ROLE_RENAMES = {
  'Super Administrator': 'super_admin',
  Administrator: 'org_admin',
  org_governance_lead: 'compliance_manager',
  platform_ops_manager: 'security_manager',
  evidence_operations_lead: 'iam_operator',
  audit_viewer: 'auditor',
  platform_owner: 'read_only_client',
 };
 const SAMPLE_USER_EMAILS = {
  org_admin: 'admin@flatlogic.com',
  compliance_manager: 'john@doe.com',
  read_only_client: 'client@hello.com',
  security_manager: 'security.manager@flatlogic.com',
  iam_operator: 'iam.operator@flatlogic.com',
  auditor: 'auditor@flatlogic.com',
 };
 function getCrudPermissions(entityNames) {
  return entityNames.flatMap((entityName) =>
    CRUD_OPERATIONS.map((operation) => `${operation}_${entityName.toUpperCase()}`),
  );
 }
 function getReadPermissions(entityNames) {
  return entityNames.map((entityName) => `READ_${entityName.toUpperCase()}`);
 }
 module.exports = {
  async up(queryInterface, Sequelize) {
    const transaction = await queryInterface.sequelize.transaction();
    try {
      const [roleRows] = await queryInterface.sequelize.query(
        `SELECT id, name FROM "roles" WHERE "deletedAt" IS NULL`,
        { transaction },
      );
      const roleIdsByName = roleRows.reduce((accumulator, role) => {
        accumulator[role.name] = role.id;
        return accumulator;
      }, {});
      for (const [legacyName, targetName] of Object.entries(ROLE_RENAMES)) {
        const roleId = roleIdsByName[legacyName] || roleIdsByName[targetName];
        if (!roleId) {
          throw new Error(`Missing role row for '${legacyName}' -> '${targetName}' alignment.`);
        }
        await queryInterface.bulkUpdate(
          'roles',
          {
            name: targetName,
            globalAccess: targetName === 'super_admin',
            updatedAt: new Date(),
          },
          { id: roleId },
          { transaction },
        );
        roleIdsByName[targetName] = roleId;
      }
      const managedRoleNames = [
        'super_admin',
        'org_admin',
        'compliance_manager',
        'security_manager',
        'iam_operator',
        'auditor',
        'read_only_client',
      ];
      const managedRoleIds = managedRoleNames.map((roleName) => roleIdsByName[roleName]).filter(Boolean);
      const [permissionRows] = await queryInterface.sequelize.query(
        `SELECT id, name FROM "permissions" WHERE "deletedAt" IS NULL`,
        { transaction },
      );
      const permissionIdsByName = permissionRows.reduce((accumulator, permission) => {
        accumulator[permission.name] = permission.id;
        return accumulator;
      }, {});
      const permissionMatrix = {
        super_admin: [
          ...getCrudPermissions(ENTITY_NAMES),
          'READ_API_DOCS',
          'CREATE_SEARCH',
        ],
        org_admin: [
          'READ_USERS',
          'CREATE_USERS',
          'UPDATE_USERS',
          'DELETE_USERS',
          'READ_ROLES',
          'READ_PERMISSIONS',
          'READ_ORGANIZATIONS',
          'UPDATE_ORGANIZATIONS',
          'READ_USER_INVITATIONS',
          'CREATE_USER_INVITATIONS',
          'UPDATE_USER_INVITATIONS',
          'DELETE_USER_INVITATIONS',
          ...getCrudPermissions([
            'connected_systems',
            'control_frameworks',
            'control_requirements',
            'identity_workflows',
            'evidence_models',
            'artifacts',
            'sampled_subjects',
            'proof_packets',
            'remediation_items',
            'access_reviews',
            'access_review_items',
            'exceptions',
            'notifications',
            'organization_settings',
            'artifact_type_catalog',
            'workflow_templates',
          ]),
          'READ_AUDIT_LOGS',
          'READ_API_DOCS',
          'CREATE_SEARCH',
        ],
        compliance_manager: [
          ...getReadPermissions([
            'users',
            'roles',
            'organizations',
            'user_invitations',
            'connected_systems',
            'sampled_subjects',
            'exceptions',
            'audit_logs',
            'notifications',
            'organization_settings',
            'artifact_type_catalog',
            'workflow_templates',
          ]),
          ...getCrudPermissions([
            'control_frameworks',
            'control_requirements',
            'identity_workflows',
            'evidence_models',
            'proof_packets',
            'remediation_items',
            'access_reviews',
            'access_review_items',
          ]),
          'READ_ARTIFACTS',
          'UPDATE_ARTIFACTS',
          'CREATE_SEARCH',
        ],
        security_manager: [
          ...getReadPermissions([
            'users',
            'roles',
            'organizations',
            'control_frameworks',
            'control_requirements',
            'evidence_models',
            'proof_packets',
            'sampled_subjects',
            'notifications',
            'organization_settings',
            'artifact_type_catalog',
            'workflow_templates',
          ]),
          ...getCrudPermissions([
            'connected_systems',
            'remediation_items',
            'exceptions',
          ]),
          'READ_IDENTITY_WORKFLOWS',
          'UPDATE_IDENTITY_WORKFLOWS',
          'READ_ARTIFACTS',
          'UPDATE_ARTIFACTS',
          'READ_ACCESS_REVIEWS',
          'READ_ACCESS_REVIEW_ITEMS',
          'UPDATE_ACCESS_REVIEW_ITEMS',
          'READ_AUDIT_LOGS',
          'CREATE_SEARCH',
        ],
        iam_operator: [
          ...getReadPermissions([
            'users',
            'roles',
            'organizations',
            'connected_systems',
            'control_frameworks',
            'control_requirements',
            'evidence_models',
            'notifications',
            'artifact_type_catalog',
            'workflow_templates',
          ]),
          'READ_IDENTITY_WORKFLOWS',
          'UPDATE_IDENTITY_WORKFLOWS',
          'CREATE_ARTIFACTS',
          'READ_ARTIFACTS',
          'UPDATE_ARTIFACTS',
          'CREATE_SAMPLED_SUBJECTS',
          'READ_SAMPLED_SUBJECTS',
          'UPDATE_SAMPLED_SUBJECTS',
          'CREATE_PROOF_PACKETS',
          'READ_PROOF_PACKETS',
          'UPDATE_PROOF_PACKETS',
          'READ_ACCESS_REVIEWS',
          'READ_ACCESS_REVIEW_ITEMS',
          'UPDATE_ACCESS_REVIEW_ITEMS',
          'READ_EXCEPTIONS',
          'UPDATE_EXCEPTIONS',
          'CREATE_SEARCH',
        ],
        auditor: [
          ...getReadPermissions([
            'users',
            'roles',
            'organizations',
            'control_frameworks',
            'control_requirements',
            'identity_workflows',
            'evidence_models',
            'artifacts',
            'proof_packets',
            'remediation_items',
            'access_reviews',
            'access_review_items',
            'exceptions',
            'audit_logs',
            'artifact_type_catalog',
            'workflow_templates',
          ]),
          'CREATE_SEARCH',
        ],
        read_only_client: [
          ...getReadPermissions([
            'organizations',
            'organization_settings',
            'proof_packets',
            'remediation_items',
            'access_reviews',
            'access_review_items',
          ]),
          'CREATE_SEARCH',
        ],
      };
      await queryInterface.bulkDelete(
        'rolesPermissionsPermissions',
        {
          roles_permissionsId: {
            [Sequelize.Op.in]: managedRoleIds,
          },
        },
        { transaction },
      );
      const rolePermissionRows = [];
      const createdAt = new Date();
      const updatedAt = new Date();
      for (const [roleName, permissionNames] of Object.entries(permissionMatrix)) {
        const roleId = roleIdsByName[roleName];
        const uniquePermissionNames = [...new Set(permissionNames)];
        for (const permissionName of uniquePermissionNames) {
          const permissionId = permissionIdsByName[permissionName];
          if (!permissionId) {
            throw new Error(`Missing permission '${permissionName}' while aligning '${roleName}'.`);
          }
          rolePermissionRows.push({
            createdAt,
            updatedAt,
            roles_permissionsId: roleId,
            permissionId,
          });
        }
      }
      await queryInterface.bulkInsert('rolesPermissionsPermissions', rolePermissionRows, { transaction });
      const [organizationRows] = await queryInterface.sequelize.query(
        `SELECT id, name FROM "organizations" WHERE "deletedAt" IS NULL ORDER BY "createdAt" ASC`,
        { transaction },
      );
      const primaryOrganizationId = organizationRows[0]?.id || null;
      if (!primaryOrganizationId) {
        throw new Error('At least one organization is required to assign organization-scoped sample users.');
      }
      const adminHash = bcrypt.hashSync(config.admin_pass, config.bcrypt.saltRounds);
      const userHash = bcrypt.hashSync(config.user_pass, config.bcrypt.saltRounds);
      const [existingUsers] = await queryInterface.sequelize.query(
        `SELECT id, email FROM "users" WHERE "deletedAt" IS NULL`,
        { transaction },
      );
      const existingUsersByEmail = existingUsers.reduce((accumulator, user) => {
        accumulator[user.email] = user;
        return accumulator;
      }, {});
      const ensureUser = async ({ email, firstName, lastName, password, roleName }) => {
        const roleId = roleIdsByName[roleName];
        const existingUser = existingUsersByEmail[email];
        if (existingUser) {
          await queryInterface.bulkUpdate(
            'users',
            {
              firstName,
              lastName,
              emailVerified: true,
              provider: config.providers.LOCAL,
              app_roleId: roleId,
              organizationsId: roleName === 'super_admin' ? null : primaryOrganizationId,
              updatedAt: new Date(),
            },
            { id: existingUser.id },
            { transaction },
          );
          return;
        }
        await queryInterface.bulkInsert(
          'users',
          [
            {
              id: Sequelize.Utils.toDefaultValue(Sequelize.UUIDV4()),
              firstName,
              lastName,
              email,
              emailVerified: true,
              provider: config.providers.LOCAL,
              password,
              app_roleId: roleId,
              organizationsId: roleName === 'super_admin' ? null : primaryOrganizationId,
              createdAt: new Date(),
              updatedAt: new Date(),
            },
          ],
          { transaction },
        );
      };
      await ensureUser({
        email: 'super_admin@flatlogic.com',
        firstName: 'Super',
        lastName: 'Admin',
        password: adminHash,
        roleName: 'super_admin',
      });
      await ensureUser({
        email: SAMPLE_USER_EMAILS.org_admin,
        firstName: 'Organization',
        lastName: 'Admin',
        password: adminHash,
        roleName: 'org_admin',
      });
      await ensureUser({
        email: SAMPLE_USER_EMAILS.compliance_manager,
        firstName: 'Compliance',
        lastName: 'Manager',
        password: userHash,
        roleName: 'compliance_manager',
      });
      await ensureUser({
        email: SAMPLE_USER_EMAILS.security_manager,
        firstName: 'Security',
        lastName: 'Manager',
        password: userHash,
        roleName: 'security_manager',
      });
      await ensureUser({
        email: SAMPLE_USER_EMAILS.iam_operator,
        firstName: 'IAM',
        lastName: 'Operator',
        password: userHash,
        roleName: 'iam_operator',
      });
      await ensureUser({
        email: SAMPLE_USER_EMAILS.auditor,
        firstName: 'Audit',
        lastName: 'Reviewer',
        password: userHash,
        roleName: 'auditor',
      });
      await ensureUser({
        email: SAMPLE_USER_EMAILS.read_only_client,
        firstName: 'Client',
        lastName: 'Viewer',
        password: userHash,
        roleName: 'read_only_client',
      });
      await transaction.commit();
    } catch (error) {
      await transaction.rollback();
      throw error;
    }
  },
  async down() {},
 };
--- a/backend/src/routes/access_review_items.js
+++ b/backend/src/routes/access_review_items.js
@ -3,7 +3,6 @@ const express = require('express');
 const Access_review_itemsService = require('../services/access_review_items');
 const Access_review_itemsDBApi = require('../db/api/access_review_items');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -443,12 +442,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Access_review_itemsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/access_reviews.js
+++ b/backend/src/routes/access_reviews.js
@ -3,7 +3,6 @@ const express = require('express');
 const Access_reviewsService = require('../services/access_reviews');
 const Access_reviewsDBApi = require('../db/api/access_reviews');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -440,12 +439,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Access_reviewsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/artifact_type_catalog.js
+++ b/backend/src/routes/artifact_type_catalog.js
@ -3,7 +3,6 @@ const express = require('express');
 const Artifact_type_catalogService = require('../services/artifact_type_catalog');
 const Artifact_type_catalogDBApi = require('../db/api/artifact_type_catalog');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -432,12 +431,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Artifact_type_catalogDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/artifacts.js
+++ b/backend/src/routes/artifacts.js
@ -3,7 +3,6 @@ const express = require('express');
 const ArtifactsService = require('../services/artifacts');
 const ArtifactsDBApi = require('../db/api/artifacts');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -449,12 +448,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await ArtifactsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/audit_logs.js
+++ b/backend/src/routes/audit_logs.js
@ -3,7 +3,6 @@ const express = require('express');
 const Audit_logsService = require('../services/audit_logs');
 const Audit_logsDBApi = require('../db/api/audit_logs');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -446,12 +445,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Audit_logsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/connected_systems.js
+++ b/backend/src/routes/connected_systems.js
@ -3,7 +3,6 @@ const express = require('express');
 const Connected_systemsService = require('../services/connected_systems');
 const Connected_systemsDBApi = require('../db/api/connected_systems');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -444,12 +443,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Connected_systemsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/control_frameworks.js
+++ b/backend/src/routes/control_frameworks.js
@ -3,7 +3,6 @@ const express = require('express');
 const Control_frameworksService = require('../services/control_frameworks');
 const Control_frameworksDBApi = require('../db/api/control_frameworks');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -435,12 +434,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Control_frameworksDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/control_requirements.js
+++ b/backend/src/routes/control_requirements.js
@ -3,7 +3,6 @@ const express = require('express');
 const Control_requirementsService = require('../services/control_requirements');
 const Control_requirementsDBApi = require('../db/api/control_requirements');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -441,12 +440,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Control_requirementsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/evidence_models.js
+++ b/backend/src/routes/evidence_models.js
@ -3,7 +3,6 @@ const express = require('express');
 const Evidence_modelsService = require('../services/evidence_models');
 const Evidence_modelsDBApi = require('../db/api/evidence_models');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -439,12 +438,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Evidence_modelsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/exceptions.js
+++ b/backend/src/routes/exceptions.js
@ -3,7 +3,6 @@ const express = require('express');
 const ExceptionsService = require('../services/exceptions');
 const ExceptionsDBApi = require('../db/api/exceptions');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -440,12 +439,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await ExceptionsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/identity_workflows.js
+++ b/backend/src/routes/identity_workflows.js
@ -3,7 +3,6 @@ const express = require('express');
 const Identity_workflowsService = require('../services/identity_workflows');
 const Identity_workflowsDBApi = require('../db/api/identity_workflows');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -444,12 +443,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Identity_workflowsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/notifications.js
+++ b/backend/src/routes/notifications.js
@ -3,7 +3,6 @@ const express = require('express');
 const NotificationsService = require('../services/notifications');
 const NotificationsDBApi = require('../db/api/notifications');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -438,12 +437,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await NotificationsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/organization_settings.js
+++ b/backend/src/routes/organization_settings.js
@ -3,7 +3,6 @@ const express = require('express');
 const Organization_settingsService = require('../services/organization_settings');
 const Organization_settingsDBApi = require('../db/api/organization_settings');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -440,12 +439,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Organization_settingsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/organizations.js
+++ b/backend/src/routes/organizations.js
@ -3,7 +3,6 @@ const express = require('express');
 const OrganizationsService = require('../services/organizations');
 const OrganizationsDBApi = require('../db/api/organizations');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -429,12 +428,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await OrganizationsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/proof_packets.js
+++ b/backend/src/routes/proof_packets.js
@ -3,7 +3,6 @@ const express = require('express');
 const Proof_packetsService = require('../services/proof_packets');
 const Proof_packetsDBApi = require('../db/api/proof_packets');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -437,12 +436,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Proof_packetsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/remediation_items.js
+++ b/backend/src/routes/remediation_items.js
@ -3,7 +3,6 @@ const express = require('express');
 const Remediation_itemsService = require('../services/remediation_items');
 const Remediation_itemsDBApi = require('../db/api/remediation_items');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -438,12 +437,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Remediation_itemsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/sampled_subjects.js
+++ b/backend/src/routes/sampled_subjects.js
@ -3,7 +3,6 @@ const express = require('express');
 const Sampled_subjectsService = require('../services/sampled_subjects');
 const Sampled_subjectsDBApi = require('../db/api/sampled_subjects');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -447,12 +446,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Sampled_subjectsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/user_invitations.js
+++ b/backend/src/routes/user_invitations.js
@ -3,7 +3,6 @@ const express = require('express');
 const User_invitationsService = require('../services/user_invitations');
 const User_invitationsDBApi = require('../db/api/user_invitations');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -437,12 +436,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await User_invitationsDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/users.js
+++ b/backend/src/routes/users.js
@ -3,7 +3,6 @@ const express = require('express');
 const UsersService = require('../services/users');
 const UsersDBApi = require('../db/api/users');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -438,14 +437,11 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await UsersDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
  if (!payload) {
    throw TenantAccess.getNotFoundError();
  }
-  delete payload.password;
+    delete payload.password;
  res.status(200).send(payload);
 }));
--- a/backend/src/routes/workflow_templates.js
+++ b/backend/src/routes/workflow_templates.js
@ -3,7 +3,6 @@ const express = require('express');
 const Workflow_templatesService = require('../services/workflow_templates');
 const Workflow_templatesDBApi = require('../db/api/workflow_templates');
 const TenantAccess = require('../db/api/tenantAccess');
 const wrapAsync = require('../helpers').wrapAsync;
 const config = require('../config');
@ -440,12 +439,9 @@ router.get('/autocomplete', async (req, res) => {
 router.get('/:id', wrapAsync(async (req, res) => {
  const payload = await Workflow_templatesDBApi.findBy(
    { id: req.params.id },
    { currentUser: req.currentUser },
  );
-  if (!payload) {
+  
    throw TenantAccess.getNotFoundError();
  }
  res.status(200).send(payload);
 }));
--- a/backend/src/services/access_review_items.js
+++ b/backend/src/services/access_review_items.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Access_review_itemsDBApi = require('../db/api/access_review_items');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Access_review_itemsService {
    try {
      let access_review_items = await Access_review_itemsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!access_review_items) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'access_review_itemsNotFound',
        );
      }
      const updatedAccess_review_items = await Access_review_itemsDBApi.update(
--- a/backend/src/services/access_reviews.js
+++ b/backend/src/services/access_reviews.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Access_reviewsDBApi = require('../db/api/access_reviews');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Access_reviewsService {
    try {
      let access_reviews = await Access_reviewsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!access_reviews) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'access_reviewsNotFound',
        );
      }
      const updatedAccess_reviews = await Access_reviewsDBApi.update(
--- a/backend/src/services/artifact_type_catalog.js
+++ b/backend/src/services/artifact_type_catalog.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Artifact_type_catalogDBApi = require('../db/api/artifact_type_catalog');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Artifact_type_catalogService {
    try {
      let artifact_type_catalog = await Artifact_type_catalogDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!artifact_type_catalog) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'artifact_type_catalogNotFound',
        );
      }
      const updatedArtifact_type_catalog = await Artifact_type_catalogDBApi.update(
--- a/backend/src/services/artifacts.js
+++ b/backend/src/services/artifacts.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const ArtifactsDBApi = require('../db/api/artifacts');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class ArtifactsService {
    try {
      let artifacts = await ArtifactsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!artifacts) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'artifactsNotFound',
        );
      }
      const updatedArtifacts = await ArtifactsDBApi.update(
--- a/backend/src/services/audit_logs.js
+++ b/backend/src/services/audit_logs.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Audit_logsDBApi = require('../db/api/audit_logs');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Audit_logsService {
    try {
      let audit_logs = await Audit_logsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!audit_logs) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'audit_logsNotFound',
        );
      }
      const updatedAudit_logs = await Audit_logsDBApi.update(
--- a/backend/src/services/connected_systems.js
+++ b/backend/src/services/connected_systems.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Connected_systemsDBApi = require('../db/api/connected_systems');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Connected_systemsService {
    try {
      let connected_systems = await Connected_systemsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!connected_systems) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'connected_systemsNotFound',
        );
      }
      const updatedConnected_systems = await Connected_systemsDBApi.update(
--- a/backend/src/services/control_frameworks.js
+++ b/backend/src/services/control_frameworks.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Control_frameworksDBApi = require('../db/api/control_frameworks');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Control_frameworksService {
    try {
      let control_frameworks = await Control_frameworksDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!control_frameworks) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'control_frameworksNotFound',
        );
      }
      const updatedControl_frameworks = await Control_frameworksDBApi.update(
--- a/backend/src/services/control_requirements.js
+++ b/backend/src/services/control_requirements.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Control_requirementsDBApi = require('../db/api/control_requirements');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Control_requirementsService {
    try {
      let control_requirements = await Control_requirementsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!control_requirements) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'control_requirementsNotFound',
        );
      }
      const updatedControl_requirements = await Control_requirementsDBApi.update(
--- a/backend/src/services/evidence_models.js
+++ b/backend/src/services/evidence_models.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Evidence_modelsDBApi = require('../db/api/evidence_models');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Evidence_modelsService {
    try {
      let evidence_models = await Evidence_modelsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!evidence_models) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'evidence_modelsNotFound',
        );
      }
      const updatedEvidence_models = await Evidence_modelsDBApi.update(
--- a/backend/src/services/exceptions.js
+++ b/backend/src/services/exceptions.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const ExceptionsDBApi = require('../db/api/exceptions');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class ExceptionsService {
    try {
      let exceptions = await ExceptionsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!exceptions) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'exceptionsNotFound',
        );
      }
      const updatedExceptions = await ExceptionsDBApi.update(
--- a/backend/src/services/identity_workflows.js
+++ b/backend/src/services/identity_workflows.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Identity_workflowsDBApi = require('../db/api/identity_workflows');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Identity_workflowsService {
    try {
      let identity_workflows = await Identity_workflowsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!identity_workflows) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'identity_workflowsNotFound',
        );
      }
      const updatedIdentity_workflows = await Identity_workflowsDBApi.update(
--- a/backend/src/services/notifications.js
+++ b/backend/src/services/notifications.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const NotificationsDBApi = require('../db/api/notifications');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class NotificationsService {
    try {
      let notifications = await NotificationsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!notifications) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'notificationsNotFound',
        );
      }
      const updatedNotifications = await NotificationsDBApi.update(
--- a/backend/src/services/organization_settings.js
+++ b/backend/src/services/organization_settings.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Organization_settingsDBApi = require('../db/api/organization_settings');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Organization_settingsService {
    try {
      let organization_settings = await Organization_settingsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!organization_settings) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'organization_settingsNotFound',
        );
      }
      const updatedOrganization_settings = await Organization_settingsDBApi.update(
--- a/backend/src/services/organizations.js
+++ b/backend/src/services/organizations.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const OrganizationsDBApi = require('../db/api/organizations');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class OrganizationsService {
    try {
      let organizations = await OrganizationsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!organizations) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'organizationsNotFound',
        );
      }
      const updatedOrganizations = await OrganizationsDBApi.update(
--- a/backend/src/services/proof_packets.js
+++ b/backend/src/services/proof_packets.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Proof_packetsDBApi = require('../db/api/proof_packets');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Proof_packetsService {
    try {
      let proof_packets = await Proof_packetsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!proof_packets) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'proof_packetsNotFound',
        );
      }
      const updatedProof_packets = await Proof_packetsDBApi.update(
--- a/backend/src/services/remediation_items.js
+++ b/backend/src/services/remediation_items.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Remediation_itemsDBApi = require('../db/api/remediation_items');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Remediation_itemsService {
    try {
      let remediation_items = await Remediation_itemsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!remediation_items) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'remediation_itemsNotFound',
        );
      }
      const updatedRemediation_items = await Remediation_itemsDBApi.update(
--- a/backend/src/services/sampled_subjects.js
+++ b/backend/src/services/sampled_subjects.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Sampled_subjectsDBApi = require('../db/api/sampled_subjects');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Sampled_subjectsService {
    try {
      let sampled_subjects = await Sampled_subjectsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!sampled_subjects) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'sampled_subjectsNotFound',
        );
      }
      const updatedSampled_subjects = await Sampled_subjectsDBApi.update(
--- a/backend/src/services/user_invitations.js
+++ b/backend/src/services/user_invitations.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const User_invitationsDBApi = require('../db/api/user_invitations');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class User_invitationsService {
    try {
      let user_invitations = await User_invitationsDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!user_invitations) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'user_invitationsNotFound',
        );
      }
      const updatedUser_invitations = await User_invitationsDBApi.update(
--- a/backend/src/services/users.js
+++ b/backend/src/services/users.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const UsersDBApi = require('../db/api/users');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -115,11 +114,13 @@ module.exports = class UsersService {
    try {
      let users = await UsersDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!users) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'iam.errors.userNotFound',
        );
      }
      const updatedUser = await UsersDBApi.update(
--- a/backend/src/services/workflow_templates.js
+++ b/backend/src/services/workflow_templates.js
@ -2,7 +2,6 @@ const db = require('../db/models');
 const Workflow_templatesDBApi = require('../db/api/workflow_templates');
 const processFile = require("../middlewares/upload");
 const ValidationError = require('./notifications/errors/validation');
 const TenantAccess = require('../db/api/tenantAccess');
 const csv = require('csv-parser');
 const axios = require('axios');
 const config = require('../config');
@ -71,11 +70,13 @@ module.exports = class Workflow_templatesService {
    try {
      let workflow_templates = await Workflow_templatesDBApi.findBy(
        {id},
-        {transaction, currentUser},
+        {transaction},
      );
      if (!workflow_templates) {
-        throw TenantAccess.getNotFoundError();
+        throw new ValidationError(
          'workflow_templatesNotFound',
        );
      }
      const updatedWorkflow_templates = await Workflow_templatesDBApi.update(