# Access Control ## Infrastructure access ### Credential management All sensitive keys and credentials are stored in **AWS Secrets Manager** and accessed at runtime by authorized service instances only. No credentials exist in source code, configuration files, or environment files committed to version control. ### IAM role separation Access to AWS infrastructure is governed by IAM roles with strict separation of duties: | Scope | Who has access | | ---------------------------------- | ------------------------------------------------------------------ | | **Production data and services** | Company CTO only, plus service-to-service IAM roles | | **Staging and development** | Development team (for testing and debugging) | | **Production monitoring and logs** | Development team (read-only — no access to production data stores) | ### Multi-factor authentication Access to production infrastructure requires a valid multi-factor authentication (MFA) token. MFA is enforced for all privileged access to cloud consoles, servers, and data stores. ## Application-level access control ### Authentication All users authenticate via **Microsoft Entra ID** (Azure AD) or **Google Identity** using industry-standard OAuth 2.0. Rockhopper does not maintain its own authentication system — credentials are never stored or managed by the platform. ### Authorization Every API request is authorized against the user's team membership and role before any data is returned or modified: * **Team-scoped** — Users can only access files and data belonging to teams they are members of. There is no cross-team data visibility. * **Role-based** — Admin, Manager, and Contributor roles determine what actions a user can perform (e.g., inviting members, dismissing reviews). * **File-scoped** — Individual file access is verified on every request through dedicated access guards. No API endpoint is accessible without authentication and authorization checks. ### Quarterly access reviews All employee access to production systems is reviewed by management at least quarterly. Reviews verify that each user's access is appropriate for their current role and complies with the principles of least privilege and separation of duties. Results are documented, and access is modified or removed where applicable. ### Employee lifecycle Access provisioning and deprovisioning follow formal procedures: * **Provisioning** — Access to systems is granted based on job role and requires a documented request with manager approval before access is provided. Users are assigned unique identifiers and must acknowledge company policies before receiving access. * **Deprovisioning** — When an employee is terminated, access to all systems is revoked within **24 hours** of termination. ### Audit logging All data mutations — creating, updating, and deleting records — are logged with: * The acting user's identity * The resource type and ID affected * A timestamp This audit trail is maintained for SOC 2 compliance and is available for forensic review. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rockhopper.co/security-and-compliance/access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.