Split FAM_ACCESS_ADMIN role by environment

[gormless87]

As a Security-aware developer I want to segregate FAM access admin by environment So That the principle of least privilege is upheld*

Additional Context -FAM Administrators currently have access to grant admin access to all application in FAM (DEV, TEST & PROD), as per security requirements a change to this structure is required.

• A FAM access administrator can have access limited to just some environments (in downstream apps)

Acceptance Criteria

• [ ] Architectural design complete and documented
• [ ] Clarity on whether UI changes required

Definition of Done

• [ ] Ready to Demo in Sprint Review
• [ ] Does what I have made have appropriate test coverage?
• [ ] Documentation and/or scientific documentation exists and can be found
• [ ] Peer Reviewed by 2 people on the team
• [ ] Manual testing of all PRs in Dev and Prod
• [ ] Merged

**The Team needs an actual scenario AND a diagram to support this story!

[ArogeG]

Discussions with the team today points to the idea that this can be managed with the delegate access functionality.

[basilv]

Latest design has incorporated design for this - see https://apps.nrs.gov.bc.ca/int/confluence/display/FSAST1/Admin+Segregated+Schema+Design