Least-access workflow design comes before build.
The diagnostic identifies which systems, fields, records, and users are required for one workflow. Access is scoped to the agreed slice, not a broad transformation wishlist.
- Required systems and fields
- Role-based permissions
- Credential ownership
- Access blockers
- Data-retention expectations