Logo

Data Security and Access

Assistant Engine prioritizes the security and privacy of your data, offering granular access controls and robust features to ensure safe and efficient collaboration. This page summarizes the key aspects of our security architecture and provides best practices for managing data and privacy within the platform.

Project-Based Multi-Tenancy and GDPR Compliance

Assistant Engine is built on a project-based multi-tenancy model, ensuring that all data and configurations are securely separated by project.

Role-Based and Group-Based Access Control

Assistant Engine leverages a well structured Role-Based Access Control system paired with group-based permissions to ensure secure and tailored access for all users.

Role-Based Access

Roles define what users can do within the platform:

  • Admin: Full control over projects, configurations, data sources, and user management.

  • Builder: Focused on creating assistants, defining workflows, and setting up integrations.

  • User: Interacts with assistants and tasks as per permissions granted by the admin.

For detailed information see User Management

This role hierarchy ensures that sensitive features, like managing data sources or integrations, are only accessible to authorized personnel.

Group-Based Access

Groups allow you to grant and control access across teams or departments:

  • Create individual groups for teams or a subselection of individuals in your company (i.e. Directors)
  • Assign specific permissions to these groups (e.g., Marketing, Finance, Product).
  • Simplify management by defining permissions at the group level instead of individual users by Ensuring data and tools are only accessible to relevant teams, preventing accidental or unauthorized access.

For example:

  • The Finance team might have access to view and update financial dashboards but no permission to delete critical data.
  • The Marketing team can access shared campaign boards but won’t see confidential HR or finance documents.

By combining roles and groups, Assistant Engine enables flexible, granular control over who can see, modify, or execute tasks across the organization.

Data Source Access Control

Assistant Engine empowers (only!) admins to define and enforce strict access controls for each data source, ensuring that sensitive data is only accessible to the right people and in the appropriate context.

Admin-Defined Access

Admins are responsible for setting up data source connections, and they can limit access based on:

  • Company Level: Data accessible across the entire organization.
  • Group Level: Data restricted to specific teams or departments.
  • Individual Level: Data accessible only to specific users.

This hierarchy ensures that access is both flexible and secure, adapting to organizational needs without compromising data integrity.

Method-Level Access

The above mentioned access permissions can be defined for each method individually. This allows granular control over actions users or groups can perform:

Examples:

  • Get List: Retrieve a list of items (e.g., fetching all tasks or documents).
  • Get Details: Access specific details about an individual item (e.g., a task, a document, or an employee profile).
  • Create: Add new entries to the data source (e.g., creating a new task, document, or record).
  • Update: Modify existing items (e.g., editing task descriptions, document content, or record fields).
  • Delete: Remove items from the data source (e.g., deleting a task or document).

Example Use Case

Imagine a project management platform where:

  1. Team Members:
    • Can Get List to view all tasks.
    • Can Get Details to see individual task information.
  2. Project Managers:
    • Have access to Create new tasks.
    • Can Update task details like deadlines or assignments.
    • Can Delete tasks to prevent accidental data loss.

This setup ensures each user group has only the permissions they need to do their job while preventing unauthorized or accidental actions. For detailed information on how to set up these access rights, see the documentation of Standard Data Sources or Custom Integrations accordingly.

Assistant Access Control

As a consquence of the permissions defined by the Admin on Data Source level, Builders will only have a limited list of data sources available when setting up a new assistant.

Additionally, when defining an assistant and who the assistant is going to be made available to (Company, Group, Private), access to Data Sources will be further limited. This is to ensure that newly created assistant are not useless to other people from the getgo. For instance, if an assistant is being designed for a group it will not be possible to include a private data source such as a private Email Inbox. As other users would not have been granted access to this inbox in the first place, this assistant would be useless for them anyways.

The same logic applies to sharing assistants. You may choose to share any assistant via link with another person. However, if that individual does not have access to the underlying data sources they will not be able to use that assistant.

For more information on this see the Assistant Creation Documentation

Previous

Manage Integrations

Next

Retrieve task run information and messages GET

On this page