Docs / Security / Identity & Access
Identity and access controls.
Gvner enforces role-based access, scoped credentials, and multi-party approval for sensitive changes.
How to use
1. Review control
Understand the control definition.
2. Verify implementation
Confirm evidence output exists.
3. Export proof
Generate evidence for auditors.
4. Monitor drift
Track changes to control posture.
Access model
Roles
Read-only, auditor, and admin roles with explicit capabilities.
Scoped credentials
API keys are bound to tenant and environment.
Dual control
Separate initiate vs approve for critical actions.
Session policies
Re-auth requirements and session TTLs.
Audit visibility
Every login/logout event is auditable
Approvals record identity and timestamp
Exports include identity changes
Key API endpoints
GET /identity/roles — role mappingsPOST /identity/role-map — map rolesEvidence outputs
Role mapping evidence
Access change ledger entries