End user
Own data and workspaces
Tenant-scoped to the active organization.
Compliance
This matrix defines the intended responsibility split for least-privilege reviews and access governance.
Own data and workspaces
Tenant-scoped to the active organization.
Members, invites, billing, and org settings
Requires MFA step-up.
Support tickets and compliance requests
Access should be audited and limited.
DSAR, retention, DPIA, and breach handling
Owns evidence updates.
Health, queue, backups, and incidents
Least-privilege operational access.