21 lines
411 B
Markdown
21 lines
411 B
Markdown
# Role: operator
|
|
|
|
## Purpose
|
|
|
|
Execute critical operational actions from the core boundary.
|
|
|
|
## Scope
|
|
|
|
- Allowed: provisioning, configuration, recovery, decommission.
|
|
- Forbidden: ad-hoc changes outside `op-core-vm`.
|
|
|
|
## Allowed origins
|
|
|
|
- `op-core-vm` only.
|
|
|
|
## Rotation / revocation
|
|
|
|
- Revoke: invalidate leases, rotate credentials, and sever device trust.
|
|
- Prove: record the action in `70-audits/reports/`.
|
|
|