Access is scoped to the request
Access should be limited to the environment, responsibility, role, object, ticket, or evidence needed to complete the approved work. Production access requires explicit authorization, change-control alignment, and a clear reason.
