Security and Governance

How authentication, tenant scoping, roles, automation controls, and auditability are handled

Page-aware AI

Ask AI about this page

Get answers grounded in the live Obelisk docs set, with source links, selected-text explainers, and prompts for the next document to read.

This is not a formal security whitepaper. It is a practical guide to the security and governance posture that already exists in the product.

Identity And Session Security

The platform protects product surfaces with authenticated sessions.

Important behaviors:

  • signed-in state is required for protected workflows
  • the current organization is stored as active session context
  • account-level and organization-level access are separated in the product model
  • optional 2FA flows exist in the authentication layer

This reduces ambiguity about who is acting and in which tenant context they are acting.

Tenant Isolation

Organization data is intended to be accessed in an organization-scoped way.

In practice, the product enforces this through:

  • active organization checks
  • membership validation before organization-scoped data is returned
  • organization-aware server procedures
  • organization filters in database-backed product workflows

This is one of the most important architectural guarantees in the product.

Role Model

Obelisk uses two layers of authorization:

Platform Roles

  • user
  • admin

Platform roles control access to platform-wide administration.

Organization Roles

  • owner
  • admin
  • member

Organization roles control tenant-local operations such as:

  • team management
  • billing actions
  • invitation flows
  • API and webhook controls
  • destructive organization changes

Automation Security

The product exposes automation, but not as an ungoverned free-for-all.

Key controls include:

  • scoped API keys
  • hashed API key storage
  • revocation support
  • optional expiration timestamps
  • public API access through bearer credentials
  • outbound webhooks with delivery metadata and optional signing secret

This is the right tradeoff for teams that need machine access without abandoning governance.

Webhook Trust Model

Outbound webhook delivery includes identifying metadata such as:

  • event type
  • delivery ID
  • timestamp
  • signature

If a signing secret is configured, receivers can validate payload authenticity and freshness before accepting a delivery.

Auditability

Security is stronger when actions are inspectable.

The platform supports that through:

  • provisioning audit logs
  • activity feeds
  • recent API key visibility
  • alert delivery history
  • platform alert audit trails
  • request-aware logging context in server procedures

This makes incident review and ownership handoff materially easier.

Governance Model

The product is designed around a clear division:

  • organization workspaces for tenant operations
  • admin surfaces for platform governance

That split matters because it keeps tenant work, platform intervention, and operational escalation from collapsing into one ambiguous interface.

What Good Governance Looks Like

In a healthy deployment, teams typically:

  • keep platform admin access limited
  • assign organization admin roles intentionally
  • rotate automation credentials instead of reusing them indefinitely
  • separate production and non-production workflows
  • use alerts and audit logs instead of relying on memory or chat history

Production Readiness

The practical checklist for roles, billing, automation, alerts, logging, and go-live operations

Reference Overview

The technical reference layer for APIs, webhooks, routes, permissions, and production operations

On this page

Identity And Session Security
Tenant Isolation
Role Model
Platform Roles
Organization Roles
Automation Security
Webhook Trust Model
Auditability
Governance Model
What Good Governance Looks Like
Read Next