BOLT — Roles & Accountability¶
BOLT eliminates ownership ambiguity. Every solution has a named owner. Every role has a defined boundary. Every accountability gap is closed by design.
TL;DR
Six roles eliminate ownership ambiguity: Citizen Developer (Tier 1), Business Team/Solution Owner (Tier 2–3), Platform Team (all tiers — standards and enablement), Tech Solution Team (Tier 1 support), Line of Business IT (Tier 3–4 delivery), Security/Compliance Function (cross-tier governance). Every solution has a named owner at creation.
Applies To
Audience: Platform Lead · Business Team · Line of Business IT · Security BOLT Tiers: All Frameworks: BOLT
Why Ownership Clarity Matters¶
The most common failure mode in enterprise citizen development is not a security failure or a technical failure. It is an ownership failure. Solutions built without clear ownership accumulate over time — nobody knows who to contact when they break, nobody maintains them when the original builder moves on, and nobody decommissions them when they are no longer needed.
BOLT defines six roles with explicit accountabilities. Every solution built within the BOLT model has a named owner at every relevant level — the solution itself, the workspace it runs in, and the platform it runs on. Ownership is documented at creation, not discovered during an incident.
The Six BOLT Roles¶
The RACI Summary¶
| Role | Tier 1 | Tier 2 | Tier 3 | Tier 4 |
|---|---|---|---|---|
| Citizen Developer | A/R | — | — | — |
| Business Team / Solution Owner | — | A/R | R | I |
| Platform Team | R (standards) | R (onboarding) | C | C |
| Tech Solution Team | C (support) | Routes to Platform Team | — | — |
| Line of Business IT | — | I | A/R | A/R |
| Security / Compliance Function | Periodic review | I + Periodic review | Mandatory sign-off | Mandatory sign-off |
A = Accountable · R = Responsible · C = Consulted · I = Informed
Role 1 — Citizen Developer¶
Primary Tier: Tier 1
What the Citizen Developer Owns¶
The Citizen Developer is a business user — not a developer by training or job function — who uses no-code platform capabilities to build personal productivity solutions within the default workspace.
Owns and is accountable for: - Tier 1 personal productivity solutions end-to-end — from build to maintenance to decommissioning - Building and maintaining no-code solutions within the default productivity workspace - Adhering to approved connectors and data classification boundaries at all times - Completing required training before building — the Platform Team's onboarding programme defines what this covers - Engaging the Tech Solution Team for day-to-day support questions - Escalating to the Platform Team when a solution need exceeds the Tier 1 boundary
Does not own: - Tier 2–4 solution delivery - Platform configuration or workspace management - Connector approvals or security assessments - Support for other users' Tier 1 solutions
The Citizen Developer Profile¶
Citizen Developers come from every part of the organisation. They are not required to have a technical background. What they do require:
- Completion of the BOLT citizen developer training programme
- Understanding of the data classification policy — what can and cannot be built in the default workspace
- Awareness of when to escalate — the Tier 1 boundary criteria must be understood before building begins
- A commitment to ownership — Tier 1 solutions built by an individual are that individual's responsibility
Supporting the Citizen Developer¶
The most important thing a platform team can do to support citizen developers is remove uncertainty. Citizen developers who are unclear about what they can build, which connectors they can use, or when they need to ask for help will either build the wrong thing or not build at all.
The Platform Team's investment in clear guidelines, accessible training, and fast support response for Tier 1 is what enables the B and O principles at scale.
Role 2 — Business Team / Solution Owner¶
Primary Tiers: Tier 2 (ownership), Tier 3 (requirements and UAT)
What the Business Team Owns¶
The Business Team — typically led by a power user, business analyst, or designated solution owner — is the primary delivery team for Tier 2 solutions. In Tier 3, the business team owns requirements, user acceptance, and the ongoing business relationship with the solution.
Owns and is accountable for (Tier 2): - Tier 2 solutions end-to-end — design, build, test, go-live, and ongoing maintenance - Business requirements definition — articulating what the solution needs to do in sufficient detail to build it correctly - User acceptance testing — confirming the solution meets the business requirement before go-live - Solution maintenance and support for their own users — the Platform Team does not inherit this - Engaging the Platform Team early for new use cases — before significant time is invested in a direction that may not be appropriate - Documenting solution ownership, purpose, and data classification at the time of creation
Owns and is accountable for (Tier 3): - Business requirements definition - User acceptance testing and go-live sign-off - Ongoing business relationship with the solution — communicating changes in business requirements to Line of Business IT - Business-side support for end users
Does not own: - Enterprise security architecture design - Platform infrastructure management - Tier 3 and Tier 4 technical delivery and architecture - Connector approvals outside the approved library
The Power User / Business Analyst Profile¶
Tier 2 delivery typically requires more capability than pure no-code Tier 1 building. Business team members leading Tier 2 delivery benefit from:
- Familiarity with Power Apps and Power Automate at a low-code level
- Understanding of Dataverse data modelling basics
- Awareness of DLP policy implications — which connectors are available in the workspace
- Completion of the BOLT power user training path in addition to the citizen developer training
The Platform Team's enablement programme should provide tiered training that supports both Tier 1 citizen developers and Tier 2 business analysts.
Role 3 — Platform Team¶
Primary Tiers: All tiers — standards and enablement ownership
What the Platform Team Owns¶
The Platform Team is the custodian of the BOLT operating model. It does not build business solutions. It builds and maintains the platform, the standards, the guardrails, and the enablement infrastructure that makes business ownership safe and scalable.
Owns and is accountable for: - Platform standards, guardrails, and connector library management — defining and maintaining the rules within which business teams operate - Security pre-approvals and accreditation maintenance for Tier 1 and Tier 2 solutions — working with the security / compliance function to keep platform-level approvals current - Citizen developer and power user enablement and training — designing and delivering the onboarding programme - BOLT processes, templates, and best practices — the operational documentation that makes BOLT repeatable - Licence management and workspace strategy — ensuring the right licences are in place for the right tiers and users - Monitoring and telemetry — using CoE Starter Kit and platform analytics to maintain visibility across the estate - New platform capability assessment — evaluating new features and clearing them with the security / compliance function before enabling for business teams - BOLT operating model governance — ensuring the model is followed, tiers are correctly assigned, and escalations happen when required
Does not own: - Building business solutions end-to-end for business teams — this is business ownership - Line of Business IT solution architecture and delivery - Individual Tier 1 and Tier 2 solution approval — the pre-approval model covers this
The Platform Team as Enabler¶
The Platform Team's success is measured by the success of the business teams it enables. A Platform Team that measures success by the number of approvals it has reviewed has misunderstood its role. A Platform Team that measures success by the number of business teams confidently building within the guardrails has understood it correctly.
This means the Platform Team must be: - Accessible — business teams should be able to get guidance quickly without formal processes for routine questions - Proactive — identifying solutions that are approaching tier boundaries before they cross them - Pragmatic — guardrails designed to be as permissive as the risk profile allows, not as restrictive as the risk profile permits
Role 4 — Tech Solution Team¶
Primary Tier: Tier 1
What the Tech Solution Team Owns¶
The Tech Solution Team (IT Support / Client Services) is the first point of contact for citizen developers with day-to-day questions and issues in the personal productivity space. It does not configure the platform or own solutions — it answers questions and routes to the Platform Team when appropriate.
Owns and is accountable for: - First-line support for citizen developers in the Personal Productivity space (Tier 1) within their area of expertise - Common questions, troubleshooting, and day-to-day support for Tier 1 issues they can resolve - Routing to the Platform Team for anything outside their area of expertise, anything related to platform configuration, connectors, or workspace management, and anything related to onboarding or training
Does not own: - Support for Tier 2, 3, or 4 solutions - Platform configuration, connectors, or workspace management - Onboarding or training — routes to Platform Team - Solution design guidance — routes to Platform Team
The Routing Principle¶
The Tech Solution Team's most important function within BOLT is knowing when to route. A citizen developer who contacts the Tech Solution Team with a question about why a specific connector is not available should be routed to the Platform Team — not given an incorrect answer or left without a clear path to resolution.
Clear routing criteria — what the Tech Solution Team handles versus what routes to the Platform Team — should be documented and shared with both teams as part of BOLT implementation.
Role 5 — Line of Business IT¶
Primary Tiers: Tier 3 (co-delivery), Tier 4 (owned delivery)
What Line of Business IT Owns¶
Line of Business IT teams are the enterprise IT delivery partners for complex solutions. Under BOLT, they co-develop Tier 3 solutions with business teams and own Tier 4 solutions end-to-end.
Owns and is accountable for: - Fusion team delivery for Tier 3 complex solutions — co-development, architecture ownership, integration design - Enterprise and strategic application development — Tier 4 full SDLC ownership - Architecture reviews for business-critical solutions — assessing whether solution design meets enterprise integration, security, and quality standards - Integration design with core enterprise systems — ensuring that Power Platform integrations with ERP, CRM, HR, and other enterprise systems follow enterprise architecture standards - Go-live sign-off for Tier 3 and Tier 4 solutions — confirming the solution is ready for production deployment from a technical and architectural perspective
Does not own: - Tier 1 and Tier 2 citizen development day-to-day oversight - Platform Team responsibilities — connector library, workspace strategy, citizen developer training - Business requirements — the business team owns what the solution needs to do
The Fusion Team Model (Tier 3)¶
The Tier 3 fusion team model is the most nuanced role boundary in BOLT. It requires both business team and Line of Business IT to understand their distinct contributions:
The business team brings: domain expertise, process knowledge, user proximity, and business requirement ownership.
Line of Business IT brings: architecture expertise, integration knowledge, enterprise security awareness, and delivery discipline.
The fusion team succeeds when both parties respect the boundary — when IT does not try to own the requirements, and when the business team does not try to own the architecture.
Role 6 — Security / Compliance Function¶
Primary Role: Cross-tier security governance and compliance oversight
What the Security / Compliance Function Owns¶
The security / compliance function (typically the information security team, CISO function, or equivalent) provides the security governance that makes BOLT's pre-approval model possible. It does not review individual Tier 1 and Tier 2 solutions — but it does define the boundaries within which they can be built without individual review.
Owns and is accountable for:
Tier 1 — Periodic review: Ongoing monitoring of platform telemetry and usage patterns to identify risks early. Periodic structured review with the Platform Team. Individual solution review not required — the platform-level pre-approval covers the Tier 1 risk profile.
Tier 2 — Informed + Periodic review: Informed of Tier 2 activity. Periodic reviews with the Platform Team to assess whether the pre-approval boundary remains appropriate. Monitors platform telemetry for anomalies. Individual solution review not required.
Tier 3 — Mandatory sign-off: Mandatory security assessment of solution architecture, data flows, and integration points. Solutions cannot proceed to production without security / compliance function sign-off. This includes assessment of data classification handling, integration security, and compliance with applicable regulatory requirements.
Tier 4 — Mandatory sign-off throughout: Involved at multiple stages of the SDLC — not just at go-live. Architecture review at design phase. Security assessment during development. Go-live sign-off. Post-deployment compliance monitoring.
All tiers — ongoing compliance monitoring: Monitors platform usage for policy violations, anomalous data access, and compliance drift. Works with the Platform Team to clear new platform capabilities before they are enabled for business teams.
Does not own: - Day-to-day platform operations or solution development - Approving individual Tier 1 and Tier 2 solutions — handled through pre-approvals and periodic review - Platform configuration or workspace management — Platform Team owns this
The Pre-Approval Model — How the Security / Compliance Function Enables Scale¶
The security / compliance function's most important contribution to BOLT is the pre-approval model. By working with the Platform Team to obtain platform-level security approvals — covering the platform itself, the approved connector library, and the data classification boundaries for each tier — the security / compliance function removes the need for individual solution review at Tier 1 and Tier 2.
This is the shift from gatekeeper (reviewing every solution) to standards-setter (defining the boundaries within which solutions can be built without review). It requires more upfront investment in thoughtful boundary design, but it scales in a way that per-solution review never can.
The pre-approval model must be maintained — reviewed annually and whenever the platform capabilities, the connector library, or the regulatory environment changes.
Ownership at Go-Live — The Documentation Requirement¶
Every solution that goes live within the BOLT model — at any tier — must have ownership documented before production deployment:
| Field | Required For |
|---|---|
| Solution name and purpose | All tiers |
| Primary owner (name and team) | All tiers |
| Tier assignment | All tiers |
| Data classification | All tiers |
| Connector usage | Tier 2+ |
| Business justification | Tier 2+ |
| Technical owner | Tier 3+ |
| Security / compliance sign-off reference | Tier 3+ |
| Support arrangement | All tiers |
This documentation is captured through the Platform Team's onboarding process for Tier 1 and Tier 2, and through the formal solution intake process for Tier 3 and Tier 4. It feeds directly into the CoE Starter Kit's solution inventory — providing the visibility that compliance reviews, audits, and operational oversight require.
Common Accountability Failures — and How BOLT Addresses Them¶
"Nobody knows who owns this solution." BOLT requires ownership documentation at creation. The CoE Starter Kit surfaces solutions without documented owners. Orphaned solutions are flagged for remediation.
"IT built it, so IT must support it." Under BOLT, IT does not inherit support for solutions it did not build. The business team that owns a Tier 2 solution supports it. IT's Platform Team provides platform support — not solution support for business-owned solutions.
"The security team approved the platform once — why do I need another review?" They do not, for Tier 1 and Tier 2. The pre-approval covers the risk profile. For Tier 3 and Tier 4, the solution complexity and data sensitivity exceed the pre-approval boundary — individual review is required.
"I built it for my team, but now the whole organisation wants to use it." A solution that grows beyond the tier it was built for must be reassessed. A Tier 1 solution deployed to 200 users is not a Tier 1 solution anymore. Tier transitions are a feature of BOLT, not an edge case.
Part of the BOLT Framework — powerplatform.wiki Last updated: March 2026 Last reviewed: March 2026