The access-control design that determines what users, agents, tools, and services can see or do in the deployment. Needs to be reviewed before enabling any write actions.