PhotoRobot Access Control Policy

Choose document
PhotoRobot Security - Overview
PhotoRobot Architecture & Data Flow
PhotoRobot Security Measures Summary
PhotoRobot Business Continuity & DR Overview
PhotoRobot AI Governance Summary
PhotoRobot Information Security Policy
PhotoRobot Access Control Policy
PhotoRobot Incident Response Policy
PhotoRobot Backup Policy
PhotoRobot Disaster Recovery Policy
PhotoRobot SDLC Security Policy
PhotoRobot Change Management Policy
PhotoRobot Logging & Monitoring Standard

PhotoRobot Access Control Policy

This policy defines how PhotoRobot manages authentication, authorization, and user accounts.

Authentication

  • SSO via Google Identity (OIDC)
  • No local passwords within PhotoRobot Cloud
  • Password complexity and MFA policies enforced by Google

Authorization (RBAC)

Roles include:

  • Production
  • Backstage
  • Retoucher

Access is granted based on:

  • job responsibilities 
  • principle of least privilege 
  • approval workflow

Provisioning

  • Accounts created through SSO only
  • Access granted manually by an authorized admin
  • All assignments documented

Deprovisioning

  • Access removed immediately upon termination or role change
  • Offboarding checklist enforced
  • Logs kept for auditing

Session Controls

  • Automatic session expiration
  • Idle timeout enforced
  • Re-authentication required after expiry

System Access Reviews

  • Periodic access audits
  • Review of inactive accounts
  • Verification of least-privilege compliance

API Access

  • API keys tied to service accounts
  • Keys rotated regularly
  • Permissions scoped to required resources