Permission Control

Permission Control

Permission control is implemented across identity, team, API key, kernel management, and service-specific modules.

Practical Rules

• Use team scope as the default boundary for user-facing resources.
• Use API keys for service and integration access.
• Use kernel or admin management surfaces for platform-level operations.
• Keep provider secrets in service config, environment variables, or credential stores, not in workflow definitions.
• Prefer least privilege when creating credentials for tools or external systems.

Permission behavior may vary by deployment edition and enabled modules.