SQAI Suite is designed for complex enterprise environments, achieving granular control by nesting permissions within a structural hierarchy. This ensures that while the organization maintains a central source of truth, day-to-day operations remain decentralized, secure, and organized.
Hierarchy of Control
SQAI Suite operates on a three-tier model to keep data in the right "lanes."
Company Level: The high-level "Command Center." This is where global settings, and the creation of individual Workspaces occur.
Workspace (Space) Level: Segregated environments tailored to specific teams or projects. Permissions are managed here to ensure team-specific focus.
Integration Level: The "Last Mile" of security. At this layer, data access is dictated by the source application (e.g., Jira, GitHub, ADO, SharePoint...).
Defined User Roles
To prevent "permission creep" and simplify administration, SQAI Suite utilizes three distinct roles:
Role | Scope of Power | Key Responsibilities |
Company Admin | Global | Manages all users, creates/deletes spaces, and oversees global integrations. |
Space Admin | Workspace-specific | Manages access rights for users within their space; configures space-level app integrations. |
User | Consumption-only | Views and interacts with content. Cannot modify spaces, the company, or underlying configurations. |
Integration & Data Security
SQAI Suite is built to respect—not override—the security protocols of the tools you already use.
Inherited Permissions: Access rights are generally managed at the source. If a user does not have permission to view a ticket in Jira or a repository in GitHub, you can isolate this users in a seperate workspace so that SQAI Suite will not display that data to them (read more below).
Scoped Tokens: Admins can use environment-specific or user-scoped tokens to ensure the "bridge" between SQAI and your tools only carries authorized data.
The "Clone & Isolate" Strategy
For enterprise teams requiring strict context isolation (e.g., separating Finance data from Engineering data), SQAI Suite offers a powerful workflow to guarantee data walls:
Clone the Space: Create an exact replica of an existing working environment.
Adjust Integration Specs: Change the API tokens or environment settings in the cloned space to point to restricted datasets.
Isolate Users: Assign specific users only to the new, restricted space.
This ensures that even within the same company, sensitive datasets are physically separated by workspace boundaries.
It is important to note that for certain application integrations, the initial authentication may require a high level of permissions to establish a secure handshake between the platforms. However, once the connection is successfully made, you retain full control. SQAI Suite provides dedicated settings to refine this access, allowing you to make a fine-grained selection of exactly which data points (such as specific projects, repositories, or documentation folders) sync to the suite. Additionally, you can manually sync, giving you total oversight over both what is shared and when the synchronization occurs, ensuring your data remains synchronized only on your terms.
In case you need specific information on app permissions for your applications, please consult our Integrations section
Troubleshooting & Best Practices
Tip | Description |
Audit Regularly | Review Space Admin assignments quarterly to ensure users haven't retained access to projects they've left. |
Source-First Security | If a user can see data they shouldn't, check their permissions in the native application (Jira, GitHub, etc.) first. |
Minimalism | Start users with the "User" role and only promote to "Space Admin" if they need to manage integration settings. |