Under the principle of least privilege, who determines whether a person has access within a SCI compartment?

Under the principle of least privilege, access to an SCI compartment is controlled by need-to-know. This means you’re allowed in only if your current duties genuinely require you to know the information inside that compartment. The determination is made by the security authority responsible for the compartment (often the compartment owner or the security officer) who reviews your role, tasks, and assignments to decide whether access is necessary. Having the right clearance alone doesn’t grant entry—need-to-know is the gatekeeper. The IT department enforces the access controls according to policy, and a supervisor may request access based on duties, but they do not unilaterally grant it without the need-to-know determination.