Clearly document how to "lock-down" access in a cloud org

it would be cool to more clearly document how to "lock down" access in a cloud org

e.g.,
- set stack permissions to none in org access management settings
- create teams
- add people to teams
- assign stacks to teams
- prolly mention teams is only supported on enterprise+