Control 2.8: Access Control and Segregation of Duties
Control ID: 2.8 Pillar: Management Regulatory Reference: SOX 302/404, FINRA 4511, GLBA 501(b), SEC 17a-4 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Establish role-based access control mechanisms and segregation of duties (SoD) for AI agent governance. No single individual should be able to initiate, approve, and deploy agents to production without independent review.
Why This Matters for FSI
- SOX 302/404: Segregation of duties required for financial systems and internal controls
- FINRA 4511: Access to records must be controlled and logged
- GLBA 501(b): Restrict access to customer information through least privilege
- SEC 17a-4: Control over records modification with immutable audit logs
- OCC 2011-12: Separate roles for model development vs. validation
Control Description
This control defines role-based access, approval workflows, and continuous access monitoring to prevent unauthorized changes:
| Capability | Description | FSI Application |
|---|---|---|
| Role Separation | Distinct roles for create, review, approve, deploy | SOX SoD requirements |
| Least Privilege | Minimum access needed for job function | Data protection |
| Access Reviews | Quarterly recertification of access rights | Audit compliance |
| Just-in-Time Access | PIM for administrative roles | Attack surface reduction |
| Continuous Monitoring | Real-time access analytics | Anomaly detection |
Agent Governance Role Matrix
| Role | Create/Edit | Review | Approve | Deploy | Configure |
|---|---|---|---|---|---|
| Agent Developer | Yes | No | No | No | No |
| Agent Reviewer | No | Yes | No | No | No |
| Agent Approver | No | No | Yes | No | No |
| Release Manager | No | No | No | Yes | No |
| Platform Admin | No | No | No | No | Yes |
Key Configuration Points
- Create security groups in Entra ID for each governance role
- Configure Power Platform security roles with appropriate permissions
- Implement Privileged Identity Management (PIM) for Zone 3 admin roles
- Build approval workflows that enforce SoD (creator cannot approve own work)
- Enable quarterly access reviews with auto-remediation
- Configure continuous access evaluation for Power Platform
- Monitor for stale accounts (no sign-in >90 days)
Service Principal Security Group Bypass
Role assignments verified through security groups may not apply to Service Principal identities performing automated actions. Service Principals authenticate with application credentials without user group membership, bypassing group-based role controls.
Compensating Control:
- Audit Service Principal permissions separately using Entra ID Enterprise Applications blade
- Document Service Principal role assignments in a dedicated tracking spreadsheet or Dataverse table
- Review Service Principal API permissions quarterly as part of access reviews
- Apply least-privilege principle by granting Service Principals only required Power Platform security roles (not System Administrator)
See Environment Lifecycle Management solution for Service Principal governance patterns.
Regression Detection for Access Control Changes
When access control policies or role assignments change, sequential agent evaluations can help detect unintended behavioral regressions. Running evaluation comparisons before and after access control modifications helps validate that agents continue to operate within expected boundaries. See Control 2.18 - Automated Conflict of Interest Testing for the full evaluation methodology.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Default user access; self-service; no SoD required | Low risk, personal use |
| Zone 2 (Team) | Team owner approval; Creator must differ from Approver | Shared agents require accountability |
| Zone 3 (Enterprise) | Full SoD enforcement: Creator, Reviewer, Approver, and Deployer must all be different | Maximum control for customer-facing |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Security role configuration, environment access |
| Entra Privileged Role Admin | PIM configuration, access reviews |
| AI Governance Lead | Role definitions, SoD policy enforcement |
| Compliance Officer | Access review oversight, exception approval |
Related Controls
| Control | Relationship |
|---|---|
| 1.1 - Restrict Agent Publishing | Publishing requires appropriate role |
| 1.18 - Application-Level RBAC | Agent-level access control |
| 2.3 - Change Management | Approval workflows |
| Agent Sharing Access Restriction Detector | Enforces zone-based sharing policies with approval workflows |
| 2.12 - Supervision and Oversight | Oversight access requirements |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Security groups created for all agent governance roles
- Power Platform security roles configured with appropriate permissions
- No segregation of duties violations detected (run SoD check)
- Quarterly access reviews scheduled and completing
- PIM configured for admin roles in Zone 3 environments
- Approval workflows enforce creator cannot approve own work
Additional Resources
- Microsoft Learn: Configure Privileged Identity Management
- Microsoft Learn: Create an access review
- Microsoft Learn: Power Platform security roles
- Microsoft Learn: Manage high-privileged admin roles
Advanced Implementation: Environment Lifecycle Management
For implementing segregation of duties in environment provisioning (requester cannot approve own request), see Environment Lifecycle Management.
Implementation Note
Organizations should verify that their implementation meets their specific regulatory obligations. This control supports compliance efforts but requires proper configuration and ongoing validation.
Updated: February 2026 | Version: v1.2 | UI Verification Status: Current