Security
Access Control Overview
The Publix Mobile App Chat service relies on Azure AD security groups to manage access. Each group follows the naming convention AAD_S0PMOBAI_APP_<ROLE>_<env>, where <env> is one of DEV, TST, STG, or PRD. Access is scoped by environment so team members receive only the permissions required for their work.
Roles and Responsibilities
| Group name | Intended members | Access provided | Typical responsibilities |
|---|---|---|---|
AAD_S0PMOBAI_APP_ADMIN_<env> | Break-glass administrators designated by AI delivery leadership | Full administration rights for the chat application, reserved for emergency intervention | Perform emergency remediation, coordinate with incident response, and restore services when standard access is insufficient |
AAD_S0PMOBAI_APP_CHAT_<env> | Core chat operations team | Operational access to chat tooling and dashboards needed to monitor real-time activity | Monitor chat health, review alerts, and respond to operational incidents |
AAD_S0PMOBAI_APP_STAKEHOLDER_<env> | Business stakeholders who require visibility | Read-only access to reports and dashboards | Review performance metrics, adoption data, and release readiness indicators |
AAD_S0PMOBAI_APP_SUPPORT_<env> | Support engineers and help desk staff | Access to troubleshoot user issues and perform approved support actions | Investigate user tickets, coordinate escalations, and validate fixes |
How to Request Access
- Consult the AI Delivery Team lead engineers or managers to confirm the correct role and environment before submitting any request.
- Submit a Request Center ticket specifying the exact group and environment (
DEV,TST,STG, orPRD). - Include the business justification, expected duration, and manager approval details in the request.
- Wait for the automated workflow to route the request to the application owner and security approvers; approvals are required before membership changes occur.
- Once approved, the Request Center workflow adds the requester to the corresponding Azure AD group. Confirm membership before performing environment changes.
Good Practices
- Request the least-privileged group that supports the task at hand.
- Review group memberships regularly to ensure they align with current responsibilities.
- Remove access promptly when team members change roles or leave the team.
- Treat
AAD_S0PMOBAI_APP_ADMIN_<env>as emergency-only access; rely on operational or support roles for day-to-day work.