pub const fn protected_roles() -> &'static [Role]Expand description
Roles the framework refuses to lose its last active member of.
The orphan guards in auth/guards.rs and auth::would_orphan_role
loop over this list and reject any change that would empty the
active-member set for one of these tiers — the system stays
recoverable from the UI even after staff turnover.
Currently [Administrator, Developer]. Both protect the panel
itself: losing every Developer locks the platform-level recovery
path; losing every Administrator locks the operational recovery
path. Lower tiers are not protected — projects can run with zero
Supervisors / Staff / Users without breaking authority.