Advanced access-control features are available on Enterprise plans. Reach out to support@adaline.ai to learn more.
What to govern
| Resource | Why it matters |
|---|---|
| Workspace settings | Provider credentials, API keys, billing, usage, and members affect every project. |
| Projects | Projects contain prompts, tools, datasets, traces, Behaviors, and deployments for one product workflow. |
| Prompts | Prompt changes can affect deployed application behavior. |
| Datasets | Datasets may contain production-derived examples or customer-provided test cases. |
| Traces | Traces can include user content, tool data, attributes, tags, and production metadata. |
| Improve cycles | Approving a candidate can deploy to a primary environment when configured. |
| Deployment environments | Deployments decide what runtime behavior applications receive. |
Permission patterns
- Keep workspace admin access limited to people who manage providers, billing, keys, or members.
- Give prompt authors access to the projects they work in.
- Give release owners deployment access for production environments.
- Give reviewers access to traces, datasets, evaluators, and Improve cycles.
- Give service integrations their own API keys instead of sharing user-owned secrets.
- Remove members quickly when access is no longer needed.
Review cadence
Review access:- Before production launch.
- After team changes.
- After creating new API keys.
- After adding sensitive datasets or trace ingestion.
- Before enabling Improve approval workflows for a production prompt.
- After incidents involving data, billing, or deployment behavior.