Access Controls

Access Controls & Least Privilege

Humans control access. AI operates within it.

Humans control access. AI operates within it.

Role-based access control ensures every person, and every AI workflow, only touches what they're explicitly permitted to. Access is scoped, audited, and revocable at any time.

→ Role-based access control (RBAC) for all users
→ Multi-factor authentication (MFA) enforced
→ SSO support (SAML 2.0 / OIDC)
→ Strict permission scoping for every AI workflow
→ Credential vault with encrypted secret storage
→ Instant access revocation at any level

Access model overview

Owner

Full access to all settings, billing, user management, and workflow configuration.

Member

Access to assigned projects and workflows only. Cannot modify org settings or billing.

AI Workflows

Scoped strictly to the data and actions needed for their assigned task. Cannot self-escalate permissions.

Custom Roles

Define precisely scoped roles for your org structure. Permissions follow the role and take effect immediately.

🔑

Secure Credential Vault

Every API key, password, and token your AI workflows need is stored in AI-Harness's encrypted credential vault. Secrets are never exposed in plaintext, not in logs, not in the UI, not to AI workflows themselves. They are injected at runtime under strict access controls.

Learn more about Secure Credentials & Access →

Ready to run a security review?

Our team will walk you through the platform's access model and provide the documentation your procurement process requires.

Request Security Questionnaire → Talk to Our Team