RBAC (Role-Based Access Control)
定义
Role-Based Access Control (RBAC) is a security model that assigns permissions to predefined roles (like Owner, Admin, Manager, Editor, Viewer) rather than individual users. Each role has a specific set of capabilities — who can create recipes, run workflows, approve actions, manage API keys, or view audit logs. RBAC ensures the principle of least privilege: users get exactly the access they need, nothing more.
JieGou's Role Hierarchy
JieGou implements a 5-role hierarchy: Owner (full control), Admin (manage users and settings), Manager (approve workflows and manage department), Editor (create and run recipes), and Viewer (read-only access). The hierarchy is strict — a Manager cannot grant Admin permissions, and an Editor cannot approve workflows requiring Manager approval.
Department-Scoped RBAC
Roles are scoped per department. A user can be a Manager in Sales and a Viewer in Finance. This enables cross-functional teams while maintaining departmental boundaries — the Sales team can't modify Finance workflows, and vice versa.
相关术语
Department Packs
Department packs are curated bundles of AI recipes, workflows, and governance rules designed for specific business functions like Sales, Marketing, HR, and IT.
AI Governance
AI governance is the set of policies, controls, and oversight mechanisms that ensure AI systems operate safely, ethically, and in compliance with regulations.