01
Model
- RBAC with org/tenant scoping and row-level constraints.
- Approvals for sensitive actions (overrides, refunds, schedule changes).
- Reason codes required for exceptions.
Platform / Permissions
Roles, approvals, and audit you can hand to security.
Least-privilege by design with approvals, reason codes, and full change history.
02
Transparency
Who changed what
Audit logs for roles, assignments, billing state, and proof edits.
Customer-safe activity
Visibility controls for customer-facing updates and notifications.
Support workflows
Scoped support roles with recorded actions and temporary elevation when approved.