# Access controls ## Executive Summary Eli implements strict internal access controls to minimize security risks and protect customer data. Our principle of least privilege ensures that team members can only access the minimum systems and data necessary for their role, with comprehensive logging and monitoring of all administrative activities. ## Internal Team Access Management **Principle of Least Privilege** * **Role-based access** - Team members receive only permissions required for their specific responsibilities * **Production access restrictions** - Limited number of authorized personnel with production system access * **Time-limited access** - Temporary elevated permissions for specific maintenance tasks * **Regular access reviews** - Quarterly audits of team member permissions and access levels **Administrative Access Controls** * **Individual cloud provider accounts** for MongoDB Atlas, Vercel, Firebase Console, and GitLab * **Cloud provider IAM** - Each service manages access through their own security systems * **Multi-factor authentication** enforced by cloud providers (Google, MongoDB, etc.) * **Direct accountability** through small team structure and personal account responsibility ## Production Environment Security **Database Access Controls** * **MongoDB Atlas managed access** with cloud provider security controls * **Individual developer accounts** with MongoDB Atlas authentication * **Environment separation** preventing development access to production data * **Connection logging** through MongoDB Atlas audit features **Application Access Management** * **GitLab-based deployment** with code review requirements for production changes * **Vercel automatic deployments** from approved Git branches * **Environment separation** through cloud provider project isolation * **API key management** through individual cloud provider consoles ## Data Access Governance **Customer Data Protection** * **Organizational data isolation** - Technical barriers preventing cross-customer data access * **Data minimization** - Team members access only data necessary for support or maintenance * **Anonymization tools** for development and testing environments **Audit and Monitoring** * **Complete access logging** - All administrative actions recorded with timestamps and user identification * **Immutable audit trails** stored securely for compliance and forensic analysis *** **For questions about our internal access controls or security procedures, contact:** **Last Updated:** October 2025 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eliapp.io/confidentialite-et-securite-en/security-operations/access-controls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.