...
Make sure you have a list of all the consumers onboarded in the system and are tracked.
Any New consumer which will be onboarded should be taken approval from higher authoritiesgo through a design review.
Make sure you analyze the risk of providing access to consumers and soley trust them with ACL’s you are attaching to them.
Never Give access to an APP for the SuperAdmin ACL
Have your consumers are categorized as mentioned in this document.
You Must not provide access to SuperAdmin role to Any Consumer whether be it internal/Application. Only rare case we will be providing Access to Consumers with SuperAdmin roles and with approval from atleast 2 higher authorities who are responsible for the environment.
Make sure you perform an audit of all the consumers every release and remove unused consumers.
...