Access is deny-all and allow by exception based on roles.

Access is deny-all and allow by exception based on roles, except for admin roles, addressing NIST Access Control AC 17 and addressing NIST Change Management for establishing Base Line Configurations (NIST CM 2) access restrictions for configuration management (NI5T CM 5 and 6) and Least Functionality (NIST CM 7) and monitoring Configuration Management for bot activity across the Development, Test, and Production environment of (NIST CM 9).