Back to Documentation
team-management.mdRaw

Team Management and Collaboration

Coordinate security, platform, and application teams inside AISentinel using structured roles, approval workflows, and audit trails. This guide expands on the Roles & Privileges matrix with actionable operating procedures.

Role Design

RoleResponsibilitiesRecommended Scopes
Organization AdministratorTenant provisioning, billing, SSO configuration, BYOK managementadmin:*, billing:*
Security AnalystRulepack authoring, audit exports, compliance reportingpolicies:*, audit:read
DeveloperSDK integration, policy evaluation, incident response automationpolicies:read, policies:write
ObserverRead-only dashboards for leadershipreports:read, usage:read

Reference roles-privileges.md for the exhaustive permission matrix.

Onboarding Workflow

  1. Invite Members: Use the available team management interfaces to add new members. Assign appropriate roles based on their responsibilities.
  2. Role Assignment: Assign roles according to the role design matrix. Limit access based on organizational needs.
  3. Access Control: Implement appropriate access controls and monitoring for team activities.

Managing Service Accounts

  • Use dedicated service accounts for CI/CD pipelines and automation jobs.
  • Limit each account to specific permissions based on operational needs.
  • Store credentials securely and rotate regularly with Key Rotation.
  • Associate automation accounts with technical owners for accountability.

Audit Trails and Reporting

  • Every membership change emits an audit record (team.member.invited, team.role.updated).
  • Export logs to your SIEM or store in an immutable bucket for SOC 2 evidence. See Auditing & Compliance.
  • Schedule weekly email digests summarizing role changes for leadership oversight.

Delegated Administration

Large enterprises can delegate administration across business units while keeping a global view:

  1. Create Sub-Tenants: Use configuration namespaces (for example acme-retail, acme-research).
  2. Assign Delegated Admins: Grant admin:config scopes to local leads without exposing billing or BYOK controls.
  3. Share Governance Templates: Publish shared rulepacks in a central repository—see Configuration Management for distribution patterns.
  4. Monitor Activity: Central security reviews consolidated audit logs and metrics via the Dashboard.

Collaboration Playbooks

  • Policy Development: Use draft rulepacks with review workflows. Integrate GitOps by storing YAML rulepacks in Git and syncing via CI/CD.
  • Incident Response: When a violation is detected, analysts create a task in the incident tracker, attach the AISentinel audit ID, and collaborate with developers to remediate. Automation guidance is available in Remediation Automation.
  • Research Initiatives: Grant temporary access to research teams with guardrails defined in Research Automation.

Periodic Access Reviews

  1. Export the current team roster via GET /v1/team/members.
  2. Compare access to HR data and remove inactive users.
  3. Document approvals in your compliance ticketing system.
  4. Archive evidence for SOC 2, HIPAA, and GDPR audits.

Adopting structured collaboration ensures every team can safely extend AI agents while maintaining compliance boundaries.