## Goal

Ensure each person only has access required for their job responsibilities.

## Role model

- `OWNER`: governs risk, billing, and final approvals.
- `ADMIN`: runs configuration and team management.

The product does not currently expose a third operational role. Internal functions such as finance, support, or operations must be mapped to `OWNER` or `ADMIN` based on real risk.

## Recommended process

<Steps>
  <Step title="1) Invite with minimum role">Start from least privilege and promote only with justified need.</Step>
  <Step title="2) Validate organization scope">Confirm each member can access only relevant organizations.</Step>
  <Step title="3) Review access periodically">Run monthly reviews for active members, pending invites, and elevated roles.</Step>
  <Step title="4) Track critical changes">Keep audit trail for promotions, demotions, and removals.</Step>
</Steps>

## Critical controls

- Do not leave organization ownership dependent on a single person.
- Disable inactive high-privilege accounts.
- Expire stale pending invites.
