e0ce91ddb9
- SyncSettingsRepository + DatasetPermissionRepository with RBAC - Script deploy/run/undeploy API with import sandboxing - User sync settings API with permission checks - 4 CLI skills (connectors, security, notifications, corporate-memory) - Kamal production + staging configs - GitHub Actions CI + deploy workflows - 91 total tests passing
37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
# Security — RBAC, permissions, and audit
|
|
|
|
## Roles
|
|
| Role | Permissions |
|
|
|------|-------------|
|
|
| `viewer` | Read catalog, view profiles, browse corporate memory |
|
|
| `analyst` | + sync data, run queries, vote, run/deploy scripts |
|
|
| `admin` | + manage users, approve knowledge, trigger sync |
|
|
| `km_admin` | + corporate memory governance |
|
|
|
|
## Managing Users
|
|
```bash
|
|
da admin add-user user@company.com --role analyst
|
|
da admin list-users
|
|
da admin remove-user <user-id>
|
|
```
|
|
|
|
## Dataset Permissions
|
|
Admins grant dataset access per user. Users can only sync datasets they have access to.
|
|
|
|
## Audit Trail
|
|
Every API call is logged. Query with:
|
|
```bash
|
|
da query "SELECT * FROM system.audit_log ORDER BY timestamp DESC LIMIT 20" --remote
|
|
```
|
|
|
|
## Script Sandboxing
|
|
User scripts run in isolated subprocess with:
|
|
- Limited environment (no access to secrets)
|
|
- Timeout (default 5 min)
|
|
- Blocked imports (subprocess, shutil, ctypes)
|
|
- Stdout/stderr size cap (64KB)
|
|
|
|
## JWT Tokens
|
|
- Issued on login, valid 30 days
|
|
- Contains: user_id, email, role
|
|
- Set JWT_SECRET_KEY in .env (min 32 chars)
|