Skip to main content

Access Control Review

Reviewed on: 2026-01-21 Status: Draft (requires deployment-specific validation)

This document defines baseline access control expectations for services using Primus.

Baseline Requirements

Enforce least privilege for service identities and database roles.
Separate admin and application roles.
Use RBAC where applicable.
Require MFA for administrative access.

Evidence Needed for Production

Role definitions and mappings
Access review logs
Audit trails for privilege changes

Review Log

2026-01-21: Baseline guidance documented. Validation pending.

Baseline Requirements
Evidence Needed for Production
Review Log