Systems
The core nomenclature patterns apply everywhere, but each system has specific conventions for how identifiers map to that platform’s constructs. This section covers the system-specific details.
System Coverage
Section titled “System Coverage”| System | Key Concepts | Page |
|---|---|---|
| Google Workspace | Groups, Drives, OUs, GAM automation | Google Workspace |
| Platform Engineering | Shared admin accounts, fleet naming, infra conventions | Platform Engineering |
| AWS | Identity Center, Organizations, account naming | AWS |
| Git (GitLab / GitHub) | Repo naming, namespace conventions, hosting chooser | Git |
Cross-System Principles
Section titled “Cross-System Principles”These principles apply regardless of which system you’re configuring:
- Same tokens everywhere. The
prv-{team}-{type}-{qualifier}pattern and the same token vocabulary apply in every system. - Groups for access, not individuals. Map role groups to system-level permissions wherever the system supports it.
- Least privilege. Grant the minimum access needed. Prefer scoped roles over broad ones.
- Documentation. Every system integration should document which role groups map to which system permissions.