ARCHITECTURE • RBAC & AUDIT LEDGER
Govern access. Prove actions. Defend decisions.
TraceFlux enforces granular role-based permissions and maintains an immutable audit ledger across incidents, replay executions, automation approvals, suppression rules, and API access.
SAMPLE ROLE MATRIX
| Role | Incidents | Replay | Approvals | Suppression |
|---|---|---|---|---|
| Viewer | Read | — | — | — |
| Operator | Read/Write | Execute | Approve | Create |
| Admin | Full | Full | Full | Full |
Flexible role model across tenants and environments
Predefined Roles
Viewer, Operator, Security, Approver, and Platform Admin roles to accelerate onboarding.
Custom Roles
Define granular permission sets for specialized operational or compliance needs.
Scoped Policies
Roles can be limited by tenant, environment, or specific resource type.
Permission scoping model
Every action in TraceFlux is evaluated against scoped policies — ensuring that production automation cannot be executed from staging, and cross-tenant access is impossible without explicit assignment.
Immutable audit ledger
TraceFlux maintains an append-only audit ledger that captures every sensitive action across the platform — incidents, replay, approvals, suppression edits, drift updates, and API key lifecycle changes.
| Time | Actor | Role | Action | Resource | Status |
|---|---|---|---|---|---|
| 2026-02-22 14:02 | noc-operator | Operator | Approved automation | Incident-438 | Success |
| 2026-02-22 13:55 | service-replay | Service | Executed replay | Replay-922 | Success |
| 2026-02-22 13:10 | platform-admin | Admin | Modified suppression rule | Rule-17 | Updated |
Separation of duties
- Creator ≠ Approver for automation workflows
- Operator ≠ Auditor in regulated environments
- Replay executor ≠ Policy editor
This model aligns with enterprise governance and compliance frameworks requiring clear separation between execution and approval.
Security controls that stand up to audit.
See how RBAC and the audit ledger integrate with incident workflows, automation governance, and replay validation.