Workspace-scoped access
Authenticated requests resolve an active membership and named server-side permission. Customer resource reads and mutations remain scoped to that authorized workspace.
- Suspended and non-member access fails closed
- Cross-workspace resource identifiers do not grant access
- Platform administration is separate from workspace roles