Skip to main content

Multi-tenancy Support Product Requirements

In order to support multi-tenancy, we need to add Role-based Access Control (RBAC)

Account Service Schema

Brainstorming gRPC spec for the Accounts and Access Control services

Assumptions:

  1. An account is identified by an Email address
  2. An account is an owner (aka OWNER) of a project that it creates
  3. A project owner can invite collaborators (aka EDITOR or READER) to a project.
  4. Only owners can change permissions on a project (i.e. invite EDITORs or READERs)
  5. READER can access all artifacts within a project, but cannot create persisted artifacts whose generation requires LLM token consumption (e.g. applicability reports or compliance reports).

  6. Reserved for future: PROMPTER has permission of a READER but in addition can interrogate the system about the plan and available LLM artifacts via side-chat

  7. EDITOR has permissions of a PROMPTER but can invoke actions that require token consumption (e.g. generate applicability report, generate compliance report) and can ask the system to revise / regenerate some of these persisted artifacts based on interrogation in side-chat.
  8. An account can list Projects that they have access to, in any capacity (OWNER, EDITOR, PROMPTER, READER).

  9. Reserved for future: the OWNER can add permissions to a batch of accounts identified by a Group or an Organization.

  10. Reserved for future: the OWNER can opt to share the projects they create by default with a batch of users in their group/organization.