Swiftgum leverages to ensure users only interact with data and configurations they’re allowed to see.
Overview
Developers & Admins: Configure OAuth apps and manage workspaces.
End Users: Connect personal accounts or retrieve documents.
Admins (or workspace owners) have full control to add integrations, revoke tokens, and view logs of ingestion events.
Permission Layers
Workspace Ownership
Workspace Ownership
Each workspace is typically owned by a single admin user with top-level privileges. Owners can add or remove other admin-level users or invite standard users.
Integration Ownership
Integration Ownership
Creating or configuring integrations requires admin rights. End Users may connect personal accounts under these integrations, which generate individual tokens.
Token-Level Access
Token-Level Access
End users can view only their own tokens, while admins can revoke any token as needed. Note that raw OAuth credentials remain encrypted and are not directly exposed.
Compliance & Logging
Audit Trails: Every change to roles, tokens, or integrations is logged with a timestamp, actor (admin or system), and a record of the modifications. These audit logs support compliance with standards such as SOC 2 and GDPR.
Data Minimization
Swiftgum only stores file contents when ingestion is explicitly enabled. Otherwise, it retains only references or metadata about files unless a local ingestion pipeline is used for transformation.
Best Practices
- Least Privilege: Grant only the minimum permissions necessary.
- Regular Reviews: Monitor logs for changes or suspicious revocations.
- Segmentation: Use separate workspaces for different teams to minimize cross-access.