Access Governance
Emergency (break-glass) access — time-boxed and fully audited. Every request, approval, and revocation writes an immutable audit record. Internal Auditor is read-only.
Request emergency access
Requesting requires an operator role; approving/revoking requires controller or platform-admin. The Internal Auditor persona is 403'd on all actions.
Emergency access grants—
| Requester | Scope | Justification | Status | Requested | Expires | Approver | Actions |
|---|
"Expired" is computed from the grant's expiry time (an approved window that has elapsed); the underlying record stays auditable. Approvals set a time-boxed expiry.