Overview
RBAC forms the foundation of enterprise security by controlling what users can see and do across observability, API keys, analytics, logs, and all platform features. This ensures data isolation, security compliance, and appropriate access levels for different organizational roles.What RBAC Controls
Data Visibility
Control which logs, analytics, and observability data users can access
API Key Management
Manage who can create, modify, and view different API keys
Platform Features
Control access to admin panels, settings, and enterprise features
User Isolation
Ensure users only see their own data unless granted broader permissions
Core RBAC Principles
Access Control Scope
Platform-Wide Coverage:- Observability dashboards and metrics
- API key creation and management
- Log viewing and analytics
- User and group management
- Billing and usage data
- Administrative functions
- Individual users see only their own data by default
- Admins have organization-wide visibility
- Role-based expansion of access permissions
- Secure multi-tenant data separation
Current Role Types
Standard User Role
Default Access Level:- Personal Data Only: Users see logs, analytics, and metrics for their own API usage
- Own API Keys: Can create, modify, and view their personal API keys
- Limited Observability: Access to personal performance metrics and usage data
- Basic Settings: Manage personal account settings and preferences
- Personal API request logs
- Individual usage analytics
- Own spending and limit information
- Personal session data and context
Administrator Role
Organization-Wide Access:- All User Data: Complete visibility into organization logs, analytics, and metrics
- Full API Key Management: Create, modify, and view all organization API keys
- Complete Observability: Access to organization-wide performance and usage data
- Administrative Functions: User management, group configuration, enterprise features
- All organization API request logs
- Organization-wide analytics and trends
- All user spending and usage patterns
- Complete audit trails and system metrics
- Enterprise feature configuration panels
RBAC Implementation Across Features
Observability & Analytics
Personal Dashboard: - Individual API usage metrics - Personal request/response logs - Own performance analytics - Personal cost
tracking - Individual error rates and patterns
API Key Management
Data Access Patterns
Standard User Data Flow:- User authenticates with platform
- RBAC filters show only personal data
- API keys display user’s own keys only
- Analytics show individual usage patterns
- Logs contain only user’s API requests
- Admin authenticates with elevated permissions
- RBAC grants organization-wide visibility
- All API keys and users visible
- Complete analytics and metrics access
- Full audit trail and system logs available
Security & Compliance Benefits
Data Protection
User Privacy:- Automatic data isolation between users
- Personal information protected from other users
- Individual usage patterns kept private
- Secure separation of user contexts
- Administrative oversight with complete visibility
- Audit trails for compliance requirements
- Centralized security policy enforcement
- Role-appropriate access controls
Compliance Advantages
Data Governance
Data Governance
Regulatory Compliance:
- Clear data access boundaries for audits
- Role-based data handling procedures
- Documented access control policies
- Compliance with privacy regulations
Security Standards
Security Standards
Enterprise Security:
- Principle of least privilege implementation
- Regular access review capabilities
- Secure multi-tenant architecture
- SOC 2 and enterprise compliance support
Audit & Monitoring
Audit & Monitoring
Operational Oversight:
- Complete audit trails for all access
- Role-based activity monitoring
- Security incident detection and response
- Compliance reporting capabilities
Integration with Enterprise Features
Works with Other Systems
User Management Integration:- User roles determine platform access levels
- Individual users automatically isolated
- Admin users get organization-wide visibility
- Role assignments control feature access
- Groups can have shared visibility permissions
- Group admins may see group-specific data
- Flexible role assignment within groups
- Enhanced collaboration with controlled access
- RBAC controls who can create and modify API keys
- Role-based API key sharing and management
- Permission levels for different key types
- Administrative oversight of all organization keys
Enterprise Feature Access
Feature Visibility Matrix:| Feature | Standard User | Administrator |
|---|---|---|
| Personal Analytics | ✅ Own Data | ✅ All Data |
| API Key Creation | ✅ Personal | ✅ Organization |
| User Management | ❌ | ✅ |
| Group Configuration | ❌ | ✅ |
| Approved Models | ❌ | ✅ |
| Guardrails Config | ❌ | ✅ |
| Billing Overview | ✅ Personal | ✅ Organization |
| System Settings | ❌ | ✅ |
Future Role Expansion
Custom Roles (Coming Soon)
Planned Role Types:- Group Administrators: Manage specific groups with limited admin access
- Read-Only Analysts: View organization data without modification permissions
- API Key Managers: Specialized role for API key creation and management
- Billing Administrators: Financial oversight without technical admin access
- Granular permission assignment
- Mix-and-match capability access
- Department-specific role creation
- Project-based access controls
Advanced RBAC Features
Enhanced Capabilities:- Time-based role assignments
- Conditional access based on usage patterns
- Integration with external identity providers
- Advanced audit and compliance reporting
Best Practices
Role Assignment Strategy
Start Minimal
Begin with standard user roles and promote to admin only when necessary
Regular Review
Periodically review role assignments and adjust based on organizational changes
Audit Access
Monitor admin access patterns and maintain audit trails for compliance
Document Roles
Maintain clear documentation of who has admin access and why
Security Implementation
Access Management:- Limit admin roles to essential personnel only
- Regular access reviews and role updates
- Clear escalation procedures for access requests
- Integration with existing identity management systems
- Log all administrative actions
- Monitor for unusual access patterns
- Regular compliance assessments
- Incident response procedures for access violations
User Experience
For Standard Users
Simplified Interface:- Clean, focused view of personal data
- No overwhelming organization-wide information
- Intuitive access to personal features
- Clear visibility into own usage and costs
For Administrators
Comprehensive Control:- Complete organization visibility
- Administrative tools and configuration panels
- User management and oversight capabilities
- Enterprise feature configuration access
RBAC ensures that every user has the right level of access for their role while maintaining security and compliance across your
organization’s AI infrastructure.
Administrator roles have significant access to organization data and settings. Carefully manage admin role assignments and regularly
review access permissions to maintain security.