RBAC & Permissions
How Swiftgum handles role-based access control and compliance.
Overview
Developers & Admins: Configure OAuth apps and manage workspaces.
End Users: Connect personal accounts or retrieve documents.
Admins (or workspace owners) have full control to add integrations, revoke tokens, and view logs of ingestion events.
Admins (or workspace owners) have full control to add integrations, revoke tokens, and view logs of ingestion events.
End Users can manage only their own tokens and files, ensuring privacy and minimal exposure.
Permission Layers
Compliance & Logging
Audit Trails: Every change to roles, tokens, or integrations is logged with a timestamp, actor (admin or system), and a record of the modifications. These audit logs support compliance with standards such as SOC 2 and GDPR.
Data Minimization
Swiftgum only stores file contents when ingestion is explicitly enabled. Otherwise, it retains only references or metadata about files unless a local ingestion pipeline is used for transformation.
Best Practices
- Least Privilege: Grant only the minimum permissions necessary.
- Regular Reviews: Monitor logs for changes or suspicious revocations.
- Segmentation: Use separate workspaces for different teams to minimize cross-access.