Security¶
AI Core enforces a multi-layered security model that combines role-based access groups, a model whitelist, field-level blacklists, operation-specific permissions, rate limiting, and a complete audit trail. Every AI interaction respects the logged-in user’s existing Progrid permissions.
User groups¶
AI Core defines a three-level group hierarchy. Each higher level inherits all permissions from the levels below it.
AI User¶
The AI User group (progrid_ai_core.group_ai_user) is the base access level for anyone who
needs to interact with the AI assistant.
Permissions:
Model |
Create |
Read |
Update |
Delete |
|---|---|---|---|---|
Conversations ( |
Yes |
Own only |
Yes (own) |
No |
Messages ( |
Yes |
Own only |
No |
No |
Knowledge Sources ( |
No |
Yes |
No |
No |
Record rules:
Users can only see and modify their own conversations
Users can read and create messages within their own conversations only
Knowledge sources are read-only
AI Manager¶
The AI Manager group (progrid_ai_core.group_ai_manager) adds administrative capabilities
for configuring AI model access, managing knowledge, and reviewing audit logs.
Additional permissions:
Model |
Create |
Read |
Update |
Delete |
|---|---|---|---|---|
Conversations ( |
No |
All |
No |
No |
Model Access ( |
Yes |
Yes |
Yes |
Yes |
Audit Logs ( |
No |
Yes |
No |
No |
Knowledge Sources ( |
Yes |
Yes |
Yes |
Yes |
AI Admin¶
The AI Admin group (progrid_ai_core.group_ai_admin) provides full access including LLM
provider configuration and API key management. This group automatically includes users with the
Progrid system administrator role.
Additional permissions:
Model |
Create |
Read |
Update |
Delete |
|---|---|---|---|---|
Provider Config ( |
Yes |
Yes |
Yes |
Yes |
All other AI models |
Yes |
Yes |
Yes |
Yes |
Important
API keys are only visible to AI Admins. The provider configuration form masks the API Key field for all other users.
Model whitelist¶
AI Core operates on a whitelist-only basis. The AI can only interact with models that have been explicitly added to the model access configuration. Each whitelisted model has independent permission toggles:
Read – AI can search and read records (enabled by default)
Write – AI can update existing records (disabled by default)
Create – AI can create new records (disabled by default)
Delete – AI can delete records (disabled by default)
To configure model access:
Navigate to .
Click New to add a model.
Select the Progrid model from the dropdown.
Enable the desired operation checkboxes.
Optionally add a Field Blacklist (comma-separated field names the AI cannot access).
Set Max Records Per Query to limit how many records the AI can return at once (default: 100).
Click Save.
Tip
Start with read-only access for most models. Only enable write, create, or delete permissions for models where AI-assisted data entry provides clear value and the risk of accidental changes is acceptable.
Field blacklist¶
Each whitelisted model can have a field blacklist – a comma-separated list of field names that the AI cannot read or write, regardless of other permissions. This prevents the AI from accessing sensitive data such as passwords, tokens, or financial credentials.
The module applies a default global blacklist to all models unless overridden:
password,password_cryptapi_key,api_key_idstotp_secret,oauth_access_tokensignup_tokencredit_card,bank_account
You can add model-specific entries (e.g., salary,bonus_amount for the HR employee model) in the
Field Blacklist field of the model access configuration.
Confirmation prompts¶
By default, all write operations (create, update, delete, bulk update, bulk delete) require explicit user confirmation before execution. When the AI determines it needs to write data, it presents the proposed action and waits for the user to click Confirm or Cancel.
This behavior is controlled by two settings:
Global setting in – Enables or disables confirmation for all models
Per-model setting in the model access configuration Require Confirmation checkbox – Overrides the global setting for a specific model
Warning
Disabling confirmation prompts allows the AI to execute write operations immediately. Only disable this for models where accidental modifications carry low risk.
Rate limiting¶
AI Core enforces rate limits to prevent excessive API usage and protect against abuse:
Setting |
Default |
Description |
|---|---|---|
Messages per minute |
10 |
Maximum messages a user can send per minute |
Messages per hour |
100 |
Maximum messages a user can send per hour |
Admin multiplier |
5x |
Rate limits are multiplied by this factor for administrators |
Configure rate limits in .
Audit logging¶
Every AI action is recorded in an immutable audit log. Log entries cannot be modified or deleted through normal operations (only via sudo access for automated cleanup).
Each audit entry records:
Timestamp – When the action occurred
User – Who triggered the action
Action type – Query, create, update, delete, or error
Model and records – Which model and record IDs were affected
Tool name – Which tool was executed
Parameters – Sanitized input parameters (sensitive values redacted)
Result – Success/failure, record count, execution time, tokens used
View audit logs at .
Logs are automatically cleaned up after the configured retention period (default: 90 days). Run manual cleanup from .
Assigning groups¶
To assign AI access to a user:
Navigate to .
Select the user to configure.
Scroll to the Other section.
In the AI Core field, select User, Manager, or Admin.
Click Save.
Note
Each group implies the groups below it. An AI Admin automatically has all AI Manager and AI User permissions.