Access Control

Master Control Review Surface

Loading the live local MCP snapshot. Governance Operator can review and run governed actions on Access Control.

Mutation enabledAccess ControlLoading SnapshotAuto 30sUpdated Awaiting first syncFallback Snapshot0/5 Live SourcesCommercial surfaces remain mock-backed
Access Control is in governed modeGovernance Operator can review and run privileged changes here. Mutation roles: Governance Operator / Finance Reviewer.
Live Local SnapshotLoading the live local MCP snapshot.
Last update: Awaiting first live snapshotAwaiting the first live snapshot.Auto-refresh runs every 30 seconds while this tab is active.

Access Control

Governance-first role visibility, client-local control policy, and theme guardrails for managed engines.

Governance OperatorMutation enabled
4
Governed Roles
2
Client Control Policies
3
Approved Theme Packages
3
Visible Access Requests

Live Governance Context

Current governance, platform, runtime, and integration posture behind access decisions.

offline
7/7 online
Control APIs healthy
1 node needs review
All engines reachable

Theme Registry

Approved presentation-only theme packages that can be assigned to client-local engine panels.

3 Packages
Native light commerce

Commerce

Presentation onlyApprovedSafe for client-local storefront administration.
Native dark neutral

Neutral operations

Presentation onlyApprovedSuitable for admin-heavy storefronts with no custom script support.
Custom presentation package

Tenant branded

CSS and image assets onlyReview requiredRequires validation before client assignment.

ACL Matrix

Role and privilege posture that governs platform operators and client-local admin personas.

4 Roles
RoleScopePrivilegesSession PolicyApproval Path
Governance OperatorPlatform-wideApprove provisioning, privileged access, lease exceptionsMFA + reason loggingSelf-service for standard approvals
Client Admin OperatorPer engine local control panelManage approved engine-local settings, review branded themes, request support escalationDelegated engine-local access onlyEscalates to Governance Operator
Finance ReviewerCommercial controlsApprove billing exceptions, validate lease cost exposureRead-mostly with approval write accessShared approval with Governance Operator
Support AuditorAudit visibilityReview access history, read privileged action trailsRead-only governed sessionsNo direct mutation rights

Client Control Policies

Engine-local control surfaces that may be provisioned for Client Admin Operators.

2 Policies
  • 01
    Storefront client adminSaaS storefront -> Catalog, orders, branding, and user-local settingsNative or approved custom presentation package · No governance, node, or deployment controls are exposed.
  • 02
    BaaS read-only client adminBaaS -> Status visibility, approved settings, and audit-safe controlsNo client theming by default · Production integration settings remain governance controlled.

Local ACL Workflow

Approve or deny the local ACL request queue while staying anchored to the live governance posture.

3 Visible
Taylor Nguyen -> Client Admin Operator

Needs governed admin access for launch review

Northwind StudioRequested by: OwnerRisk: MediumStatus: Pending approval
Morgan Patel -> Finance Reviewer

Billing exception review for overage reconciliation

POD Engine CharlieRequested by: Governance Operator 2Risk: LowStatus: Needs justification
Escalation required for Governance Operator.
Jamie Ortiz -> Support Auditor

Audit visibility during provisioning handoff

Harbor Goods PODRequested by: Support LeadRisk: LowStatus: Pre-cleared
Escalation required for Governance Operator.

Theme Guardrails

Theme packages stay limited to presentation-only scope even when local client control is enabled.

Presentation only
  • 01
    Custom themes stop at CSS and imagesClient Admin Operators can only apply approved presentation assets and template styling.No backend logic, scripts, or policy mutation is allowed.
  • 02
    Governance owns deployment and placementClient-local access never grants Production Node, AI service, or API package control.Those controls remain on the Governance Node.
  • 03
    Audit continuity stays intactTheme selection and local access posture changes must remain visible in the audit trail.This keeps presentation changes reviewable.

Role-Aware Actions

Governed operational actions stay explicit about role requirements while client-local control remains bounded.

Governed
Break-glass admin session

Open a governed admin session for a tenant when launch-blocking work requires intervention.

Required Role: Governance OperatorCurrent Session: Governance OperatorAvailable now
Quota exception package

Raise a burst capacity exception before provisioning final approval.

Required Role: Governance Operator + Finance ReviewerCurrent Session: Governance OperatorAvailable now
Lease expansion override

Increase Worker AI cycle cap outside the default lease envelope.

Required Role: Governance OperatorCurrent Session: Governance OperatorAvailable now
Rollback package approval

Authorize a governed rollback to the last certified deployment package when release health regresses.

Required Role: Governance Operator + Support AuditorCurrent Session: Governance OperatorAvailable now
Engine retirement package

Retire an engine with explicit revocation of AI leases, API services, and client control access.

Required Role: Governance Operator + Finance ReviewerCurrent Session: Governance OperatorAvailable now

Live Access Audit

Recent access-control audit events from the live governance snapshot when available.

1 Events
  • 01
    ACL seed package approved for Harbor GoodsSupport Auditor visibility was pre-cleared for provisioning handoff.Category: access-control / Severity: low