Core Concepts

RBAC and policies

RBAC, security policies, and redaction policies constrain who can create, invoke, approve, commit, read, and inspect agent workflows.

Overview

Operator access controls hosted control-plane administration.

Database permissions and capability policies constrain runtime actions.

Approval and commit should be separate roles for sensitive workflows.

Security policies bind row access to trusted session values, and redaction policies protect resource payloads from readers that should only receive handles or metadata.

Developer notes

Keep operator credentials out of client-side code.
Use separate roles for approve and commit where possible.
Use session-bound security policies for tenant, owner, region, and entitlement filters.
Use redaction policies when a reader can know that evidence exists but should not see the full payload.
Audit role and policy changes.
Require MFA/SSO before public production launch.

Policy pattern

SQL

-- Principal names are your authenticated users/service identities.
CREATE ROLE support_reviewers OWNER TO PRINCIPAL 'ops_admin'; -- role and owner principal
CREATE DEFAULT ROLE support_viewer FOR TENANT 'acme';          -- default role for tenant
ALTER ROLE support_reviewers SET DESCRIPTION 'Can inspect and approve support proposals'; -- human note

-- Capability privileges decide who can invoke reviewed agent actions.
GRANT INVOKE ON CAPABILITY support.answer_ticket
  TO ROLE support_reviewers;                         -- role allowed to invoke

-- Proposal privileges can separate preview, approval, and commit duties.
GRANT PREVIEW ON PROPOSAL 'wrp://1' TO ROLE support_reviewers; -- returned proposal lookup id
GRANT APPROVE ON PROPOSAL 'wrp://1' TO PRINCIPAL 'finance_reviewer'; -- reviewer principal
GRANT COMMIT ON PROPOSAL 'wrp://1' TO PRINCIPAL 'finance_admin';     -- committer principal

-- Security policies bind row access to trusted SESSION values.
CREATE SECURITY POLICY ticket_owner          -- policy name
ON tickets                                   -- protected table
FOR SELECT                                   -- operation being filtered
USING owner = SESSION principal;             -- row owner must match trusted actor

-- Redaction policies can expose handles/metadata without full payloads.
CREATE REDACTION POLICY redact_evidence_facts -- policy name
ON RESOURCE evidence_facts                    -- resource kind
FOR READ                                      -- operation being redacted
REDACT PAYLOAD;                               -- hide payload; keep metadata/handle visible

Examples

sql

-- Principal strings identify authenticated users/service identities in your app.
GRANT ROLE support_reviewers                  -- role granted
  TO PRINCIPAL 'billing_manager_02'           -- authenticated principal
  WITH ADMIN OPTION;                          -- can manage this role

REVOKE ROLE support_reviewers                 -- role revoked
  FROM PRINCIPAL 'former_reviewer';           -- principal losing access

-- Server admin grants should be restricted to operator/admin identities.
GRANT ADMIN ON SERVER TO PRINCIPAL 'ops_admin'; -- operator/admin principal
DROP ROLE support_reviewers;                    -- remove role after memberships are handled