Administration & Access Control

Squad enforces role-based access control at every level of the platform: from API endpoints to tool execution to knowledge management. This ensures that while the system learns from use, humans control who can approve that learning and what the system is permitted to do.

Identity & Authentication

Squad integrates with your organisation’s identity provider via OAuth2/OIDC, supporting single sign-on through SAML and OIDC federation. All API endpoints require authentication unless explicitly whitelisted (health checks, OAuth configuration).

Aspect	Implementation
Protocol	OAuth2 / OIDC
Identity Provider	Keycloak (bundled), or federated with your existing IdP
Token Format	JWT with configurable expiry
SSO	SAML and OIDC federation supported

Role-Based Access Control

Permissions are enforced at two levels: API endpoints and tool execution.

API-Level Permissions

Each endpoint declares its required permissions. The platform enforces these before any processing begins.

Permission	What It Grants
READ	Query the platform, view results, access session history
EXECUTE_WORKFLOW	Trigger stored workflow templates
MANAGE_QUERIES	Approve, reject, and amend pending queries on the Tune page
CREATE_WORKFLOW	Propose new tools and workflow templates
MANAGE_USERS	User administration and role assignment
SYSTEM_ADMIN	Full platform access including configuration and system operations

Tool-Level Access

Tools carry risk-based access controls. Read-only tools (graph queries, retrieval) are available to all authenticated users. Write operations (graph mutations, workflow creation) require elevated privileges.

Note

Even users with elevated privileges are subject to deterministic security review. RBAC controls what you’re allowed to do; security review controls what the system is allowed to execute. These are independent layers. See Guardrails & Safety.

Governing What the System Learns

Access control is particularly important for Squad’s learning mechanisms. The permissions model ensures that:

• Standard users can query the platform and benefit from its knowledge, but cannot change what it knows or how it behaves
• Reviewers (MANAGE_QUERIES) can approve or reject pending queries, controlling which responses become reusable templates
• Workflow creators (CREATE_WORKFLOW) can propose new workflows and tools, subject to review
• Administrators (SYSTEM_ADMIN) can revoke approved workflows, manage the tool registry, and configure system behaviour

This separation means the platform can be used broadly while governance is handled by a smaller set of authorised individuals. For the human gating model around reusable templates, see Accuracy & Disambiguation.

Session Management

User sessions are managed through a combination of Redis (active session state) and PostgreSQL (persistent session records).

• Session creation: Authenticated users can create chat sessions via the API or UI
• Session isolation: Each session maintains its own working memory and conversation context
• Session history: Full conversation history is persisted and accessible to the session owner
• Global history: Administrators can access session history across users for audit purposes

Rate Limiting

API rate limiting is enforced to protect platform stability. Limits are configurable per deployment and can be adjusted based on your organisation’s usage patterns.

Next Steps

• Accuracy & Disambiguation: confidence routing, disambiguation, and human gating
• Security & Governance: data protection, encryption, and compliance
• Guardrails & Safety: the full defence-in-depth model
• Transparency & Audit: traceability and audit trail