Access Control
Infrastructure access
Credential management
All sensitive keys and credentials are stored in AWS Secrets Manager and accessed at runtime by authorized service instances only. No credentials exist in source code, configuration files, or environment files committed to version control.
IAM role separation
Access to AWS infrastructure is governed by IAM roles with strict separation of duties:
Production data and services
Company CTO only, plus service-to-service IAM roles
Staging and development
Development team (for testing and debugging)
Production monitoring and logs
Development team (read-only — no access to production data stores)
Multi-factor authentication
Access to production infrastructure requires a valid multi-factor authentication (MFA) token. MFA is enforced for all privileged access to cloud consoles, servers, and data stores.
Application-level access control
Authentication
All users authenticate via Microsoft Entra ID (Azure AD) or Google Identity using industry-standard OAuth 2.0. Rockhopper does not maintain its own authentication system — credentials are never stored or managed by the platform.
Authorization
Every API request is authorized against the user's team membership and role before any data is returned or modified:
Team-scoped — Users can only access files and data belonging to teams they are members of. There is no cross-team data visibility.
Role-based — Admin, Manager, and Contributor roles determine what actions a user can perform (e.g., inviting members, dismissing reviews).
File-scoped — Individual file access is verified on every request through dedicated access guards.
No API endpoint is accessible without authentication and authorization checks.
Quarterly access reviews
All employee access to production systems is reviewed by management at least quarterly. Reviews verify that each user's access is appropriate for their current role and complies with the principles of least privilege and separation of duties. Results are documented, and access is modified or removed where applicable.
Employee lifecycle
Access provisioning and deprovisioning follow formal procedures:
Provisioning — Access to systems is granted based on job role and requires a documented request with manager approval before access is provided. Users are assigned unique identifiers and must acknowledge company policies before receiving access.
Deprovisioning — When an employee is terminated, access to all systems is revoked within 24 hours of termination.
Audit logging
All data mutations — creating, updating, and deleting records — are logged with:
The acting user's identity
The resource type and ID affected
A timestamp
This audit trail is maintained for SOC 2 compliance and is available for forensic review.
Last updated