Add enterprise docs structure and include pending core maintenance updates.
This commit is contained in:
Joseph Doherty
32
docs/access.md
Normal file
32
docs/access.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# Access And Permissions
|
||||
|
||||
## Roles
|
||||
|
||||
- Maintainer: merge authority, release authority, incident ownership.
|
||||
- Reviewer: approves pull requests and validates architecture/security impact.
|
||||
- Contributor: proposes changes through pull requests.
|
||||
- Consumer: integrates published package versions in downstream applications.
|
||||
|
||||
## Least-Privilege Model
|
||||
|
||||
- Limit maintainer privileges to required release and incident responders.
|
||||
- Use reviewer role for routine code review and documentation updates.
|
||||
- Restrict package publishing credentials to release maintainers.
|
||||
|
||||
## Approval Workflow
|
||||
|
||||
1. Contributor opens pull request.
|
||||
2. Reviewer validates tests, documentation, and risk impact.
|
||||
3. Maintainer approves merge for high-risk or release-impacting changes.
|
||||
4. Release maintainer publishes approved release artifacts.
|
||||
|
||||
## Periodic Access Review
|
||||
|
||||
1. Review maintainer and publisher access quarterly.
|
||||
2. Remove inactive accounts and obsolete credentials.
|
||||
3. Confirm access ownership in repository settings and package feed controls.
|
||||
|
||||
## Emergency Access
|
||||
|
||||
- Temporary elevated access requires a tracked incident issue.
|
||||
- Remove temporary access immediately after incident closure.
|
||||
Reference in New Issue
Block a user