4.2 IAM scoped read-only by default

4. Safe Space / PL4-least-privilege

4.2 IAM scoped read-only by default

DB, Kubernetes, AWS

---

Levels

Level 0

Agents run as admin

Level 1

Mixed scopes

Level 2

Strict least-privilege; write requires **structurally-enforced** elevation — platform-gated (IAM policy-as-code + JIT, credential tenancy, GitOps-triggered grants), not procedural (ticketed approval that then executes with unscoped credentials). See [GitOps JIT privilege elevation](recipes/gitops-jit-privilege-elevation.md) for a known-good shape

Level 3

Permission requests logged; recurring legitimate elevations get scoped permanent grants; unused permissions auto-revoked

---

Recipes that advance this criterion

• Bot-token credential tenancy
• GitOps JIT privilege elevation
• Observe-before-enforce gate promotion
• Project-scoped reader account for shared content ingestion