ce727eb30d
All checks were successful
CI / verify (push) Successful in 2m33s
Add canonical operations/security/access/feature docs and fix path integrity to improve onboarding and incident readiness.
1.6 KiB
1.6 KiB
Access and Permissions
This document defines the least-privilege access model for CBDDC environments.
Roles
| Role | Typical Permissions | Approval Required |
|---|---|---|
| Runtime Operator | Read health/logs, restart service, run incident checks | Team lead or on-call manager |
| Deployment Engineer | Deploy approved releases, update runtime configuration | Change approval for production |
| Security Administrator | Manage secrets, rotate tokens, review access | Security approval |
| Maintainer | Modify CBDDC source/docs, merge reviewed changes | Pull request review |
Least-Privilege Rules
- Grant access by role, not by individual preference.
- Use environment-specific credentials and scoped service accounts.
- Do not share production credentials across environments.
- Remove elevated access promptly after incident or change window.
Approval Flow
- Request access with role, environment, and business reason.
- Approver validates least-privilege scope.
- Access is granted with expiration date when applicable.
- Grant/revoke events are logged for auditability.
Periodic Access Review
- Review active privileged access at least quarterly.
- Remove dormant or unowned accounts immediately.
- Validate that emergency access accounts are controlled and monitored.
Secret Handling
- Store
AuthToken, connection strings, and credentials in approved secret stores. - Never commit secrets to source control.
- Rotate secrets after incidents and on scheduled cadence.