Xybern
Trust · Access Controls

Role-Based Access.
API Key Scoping.

Enterprise grade RBAC, API key scoping, multi tenant separation, and granular permission controls, so every user, key, and integration touches only what it should.

Request Pilot Security Architecture
Access Controls Dashboard

Built-In Roles

Four distinct permission levels designed for enterprise team structures.

Owner

Full workspace control. Billing, security settings, and member management.

Admin

Manage projects, rules, and team members. Cannot modify billing or security.

Editor

Run verifications, create rules, and export reports. Cannot manage members.

Viewer

View verification results and reports. Read only access to all resources.

Capabilities

Enterprise-grade access control for your AI infrastructure.

RBAC

Mirror your existing organizational roles into Xybern with granular permission mapping.

  • Role Mirroring
  • Custom Roles
  • SSO Integration

API Key Scoping

Issue API keys with specific scope limits, workspace, project, or endpoint level.

  • Workspace Scoping
  • Project Scoping
  • Endpoint Restrictions

Multi-Tenant Separation

Complete logical separation between tenants with zero data leakage.

  • Tenant Isolation
  • Data Partitioning
  • Cross Tenant Prevention

How It Works

Every access request is authenticated, authorised, scoped, and logged. No exceptions.

01

Roles Configured

Map your organizational roles to Xybern permission levels. Owner, Admin, Editor, and Viewer align to your existing identity provider.

02

Keys Scoped

Issue API keys with precise scope limits for each integration. Restrict by workspace, project, or individual endpoint.

03

Access Logged

Every action logged with user, role, timestamp, and IP for full audit trail. Successful and denied requests alike.

User Request

API key or session token · Workspace · Operation

Role Check

Identity verified · Role permissions evaluated

Scope Validation

API key scope · Workspace boundary · Endpoint restriction

Action Logged

Event recorded · User, role, timestamp, IP · Full audit trail

Permission Matrix

Granular control over every action, mapped to each role level.

Action Owner Admin Editor Viewer
Manage Workspace Allow
Manage Members Allow Allow
Create Rules Allow Allow Allow
Run Verifications Allow Allow Allow
View Results Allow Allow Allow Allow
Export Reports Allow Allow Allow View-only
API Key Management Allow Allow
Allow — Full access to this action Request — Requires approval to execute View-only — Can view but not execute — No access

Access Log

Every action tracked with full context for compliance and audit review.

Recent Activity

Workspace: Production
J. Smith Created Rule
Admin 2 min ago 192.168.1.42
M. Chen Ran Verification
Editor 15 min ago 10.0.0.88
A. Johnson Exported Report
Viewer 1 hr ago 172.16.0.12
System API Key Rotated
System 3 hrs ago
API Reference

API Key Scoping

Use POST /api/v1/keys to issue scoped API keys programmatically. Define scope arrays, bind to workspaces, and set expiration windows.

  • Scope keys to specific operations like verify and reason
  • Bind to workspace IDs for tenant-level isolation
  • Set time-based expiration with automatic rotation
  • Prefixed keys for easy identification and revocation
POST /api/v1/keys 
POST /api/v1/keys
{
  "name": "production-verify",
  "scope": ["verify", "reason"],
  "workspace_id": "ws_prod",
  "expires_in": "90d"
}

// Response
{
  "key_id": "key_8a2f9c3b",
  "prefix": "xyb_prod_",
  "scope": ["verify", "reason"],
  "created_at": "2025-01-15T10:00:00Z",
  "expires_at": "2025-04-15T10:00:00Z"
}

Secure Every Access Point

Deploy granular access controls, scoped API keys, and full audit logging across your AI governance infrastructure.

Request Enterprise Pilot Security Architecture