Access Map
This document tracks who can access each system, what level of access they have, and how credentials are managed.
👥 Core Access
| System | Primary Owner | Access Type | Notes |
|---|---|---|---|
| Zoho One | Luis | Admin | Full access; tied to corporate email |
| Microsoft 365 | Luis | Global Admin | Includes Outlook, Teams, and OneDrive |
| QuickBooks Online | Cody | Accountant | Access for financial reports and billing |
| Cloudflare | Cody | Admin | Domain and portal management |
| Drive (QiVault) | Cody | Owner | Root sync + nightly rclone backup |
| Cursor / GitHub | Cody | Developer | For portal and automation builds |
🧱 Access Control
- MFA required on all admin accounts.
- Passwords stored in Zoho Vault (shared vault:
Operations_Admin). - Access reviewed quarterly.
- Departing users → access revoked within 24 hours.
flowchart TB ZOHO["Zoho One"] <--> QBO["QuickBooks"] ZOHO --> DRIVE["Drive (QiVault)"] QBO --> DRIVE DRIVE --> SUPA["Supabase (RAG)"] SUPA --> PAGES["Cloudflare Pages"] CURSOR["Cursor"] --> GH["GitHub"] --> PAGES CF["Cloudflare"] --> PAGES CF -. Zero Trust .- ZOHO CF -. Zero Trust .- DRIVE
Last updated: 2025-11-12