feat: add multi-BU tenancy with per-user team scoping (Option B)

- Add bu_teams column to users table (migration + fresh schema)
- Create shared KNOWN_TEAMS constant and validateTeams helper
- Expose user teams in auth middleware, login, and /me responses
- Add bu_teams CRUD to user management routes with audit logging
- Make Ivanti FINDINGS_FILTERS configurable via IVANTI_BU_FILTER env var
- Add query-time team filtering to GET /findings and /findings/counts
- Update AuthContext with teams helpers and admin scope toggle
- Create AdminScopeToggle component (My Teams / All BUs)
- Scope ReportingPage findings fetch by user teams
- Scope CompliancePage team selector by user teams
- Scope ExportsPage findings exports by user teams
- Add BU teams multi-select to UserManagement create/edit forms
- Display team badges in user list table

frontend/src/components/pages/CompliancePage.js

@@ -9,7 +9,6 @@ import metricDefinitionsRaw from '../../data/metricDefinitions.json';
 
 const API_BASE = process.env.REACT_APP_API_BASE || 'http://localhost:3001/api';
 const TEAL = '#14B8A6';
-const TEAMS = ['STEAM', 'ACCESS-ENG'];
 
 // Build definitions lookup map once at module level
 const METRIC_DEFINITIONS = {};
@@ -246,9 +245,10 @@ function SeenBadge({ count }) {
 // Main Page
 // ---------------------------------------------------------------------------
 export default function CompliancePage({ onNavigate }) {
-    const { canWrite, isAdmin } = useAuth();
+    const { canWrite, isAdmin, getAvailableTeams, adminScope } = useAuth();
 
-    const [activeTeam,      setActiveTeam]      = useState('STEAM');
+    const availableTeams = getAvailableTeams();
+    const [activeTeam,      setActiveTeam]      = useState(() => availableTeams[0] || 'STEAM');
     const [activeTab,       setActiveTab]        = useState('active');
     const [metricFilter,    setMetricFilter]     = useState(null);
     const [hostSearch,      setHostSearch]       = useState('');
@@ -298,6 +298,14 @@ export default function CompliancePage({ onNavigate }) {
         fetchDevices(activeTeam, activeTab);
     }, [activeTeam]); // eslint-disable-line react-hooks/exhaustive-deps
 
+    // When admin scope changes, reset to first available team
+    useEffect(() => {
+        const teams = getAvailableTeams();
+        if (teams.length > 0 && !teams.includes(activeTeam)) {
+            setActiveTeam(teams[0]);
+        }
+    }, [adminScope]); // eslint-disable-line react-hooks/exhaustive-deps
+
     useEffect(() => {
         setMetricFilter(null);
         fetchDevices(activeTeam, activeTab);
@@ -419,8 +427,19 @@ export default function CompliancePage({ onNavigate }) {
             </div>
 
             {/* ── Team tabs ────────────────────────────────────────────── */}
+            {availableTeams.length === 0 && !isAdmin() ? (
+                <div style={{
+                    padding: '1.5rem', marginBottom: '1.5rem',
+                    borderRadius: '0.5rem', border: '1px solid rgba(245, 158, 11, 0.3)',
+                    background: 'rgba(245, 158, 11, 0.05)',
+                    fontFamily: 'monospace', fontSize: '0.8rem', color: '#F59E0B',
+                    textAlign: 'center'
+                }}>
+                    No BU teams assigned to your account. Contact an admin to configure your team access.
+                </div>
+            ) : (
             <div style={{ display: 'flex', gap: '0.375rem', marginBottom: '1.5rem' }}>
-                {TEAMS.map(team => {
+                {availableTeams.map(team => {
                     const isActive = activeTeam === team;
                     return (
                         <button key={team} onClick={() => setActiveTeam(team)}
@@ -441,6 +460,7 @@ export default function CompliancePage({ onNavigate }) {
                     );
                 })}
             </div>
+            )}
 
             {/* ── Metric health cards ──────────────────────────────────── */}
             {families.length > 0 ? (