The OWASP Top 10 for CI/CD Security Risks highlights Pipeline-Based Access Controls (PBAC) as a critical vulnerability, which refers to fine-grained permissions tied to the context in which pipelines execute. Insufficient PBAC can lead to lateral movement, data exfiltration, or malicious artifact injection, causing severe consequences such as exposing sensitive data or deploying compromised software directly into production. To mitigate these risks, modern access control tools like Open Policy Agent (OPA) and Rego are leveraged to enforce granular, well-scoped PBAC policies, which extend beyond user-level RBAC to encompass the entire execution environment, including secrets, network boundaries, and software artifacts. Policy-as-Code (PaC) approaches using Rego enable teams to define and enforce detailed access policies programmatically, ensuring consistency, auditability, automation, versioning, and scalability, with tools like OPA providing a scalable and auditable way to enforce access controls across infrastructure and CI/CD pipelines.