Database access is controlled via standard means. Currently the web UI is read-only to any user, and access to Django admin is allowed for any Django superuser, created by 'python3 manage.py createsuperuser'.
In the future, we should allow owners of an organization to manage just their own organization, or control read access on a per user-basis, but this is presently not available, and we expect most corporate users to be comfortable with sharing organizational stats throughout their organization.
Control over who can view SourceOptics can be potentially gated by SSO technology, such as Shibboleth. See Apache & Nginx for details.
SourceOptics does not allow web access of source control content (other than metadata) but does keep a local copy of checkouts on the server.