← Get Audit Ready • ↑ Documents

<aside> 🔐

Goal: Show “least privilege” in practice by documenting role-based access to critical systems.

</aside>

What the auditor wants

• Evidence of the Principle of Least Privilege.
• A formal list showing access to critical systems (AWS, GitHub, databases, etc.) is governed by roles (for example, “Admin” vs “Read-only”) instead of broad admin access by default.

How to clear this task

<aside> 📝

Option A: Use the built-in form

• Click + New Submission to open the New RBAC Matrix Submission form.
• For each key system, capture:
  • System (for example, AWS)
  • Role name (for example, prod:operator)
  • Permissions / scope (what the role can actually do)
  • Approved by and Last reviewed
• Use Add RBAC row to add multiple entries.
• Click Review to submit. </aside>

<aside> 📎

Option B: Upload an existing matrix

• If you already track this in a spreadsheet, click Upload Evidence and attach it. </aside>

<aside> 👤

Solo founders

You can consider this not relevant.

</aside>