Understand Access to Your Projects
The AI Innovation Platform has a strong focus on maintaining the security and privacy required. We implement strict access controls to ensure that access to your data is granted with utmost precision and only to authorized individuals.
User & Access Levels
Here's an overview of the user roles and their access levels within the platform:
Customer Access Tier
-
Tenant Users:
- Access is granted only to the users explicitly added to specific projects.
- By default, they receive "development access" to the services available in the platform's catalog within their assigned projects.
- Users can request elevated access using PAM Entitlements. Learn more about PAM ⧉.
Note
Development access includes the ability to edit, create, and delete resources within the assigned projects. This access is scoped to allow users to utilize and interact with the services for development and operational tasks, strictly within the boundaries of the project.
-
Customer Admins:
- Customer Admins have the same default development access to catalog services as Tenant Users.
- For administrative oversight, they are automatically included in all projects within their tenant. This broad view is intended for managing project configurations, user assignments, and overall platform settings, while still adhering to access controls within each project. Click here for more information about roles and responsibilities.
Platform Access Tier
- Support Engineers:
- Members of the AI Innovation Platform support team may require temporary access to assist with your technical issues or maintenance.
- Access for Support Engineers is strictly controlled using Privileged Access Management (PAM). This enables a Just-In-Time (JIT) access model, a key control for compliance.
- Support Engineers do not have standing access to your projects or data. They must request temporary access only when necessary, to perform a specific authorized support task.
- Any access granted through PAM is strictly limited by a defined time duration. Once the support task is completed or the time limit is reached, the elevated permissions are automatically revoked. This minimizes the window of potential access.
- Members of the AI Innovation Platform support team may require temporary access to assist with your technical issues or maintenance.
References:
Request temporary access using PAM ⧉
Approve or Deny Grants with PAM ⧉
Auditability
All access requests, grants, and revocations using PAM are comprehensively recorded in PAM Audit logs. These logs provide a detailed, immutable record of access activities, which is essential for HIPAA compliance and demonstrating accountability of our platform.