Governance console
Access review · policy enforcement · run history
Rules built into the platform
“Account isolation isn’t an afterthought—it’s how every API call, workflow step, and AI action starts.”
Platform
Governance and Security — built into the automation platform
When automation and AI must run inside policy—not on trust alone—governance covers account isolation, scoped API keys, sandbox limits, and human approval before risky runs on one platform.
Adoption context
- You need this when
- Custom automation, AI tool calls, or connection runs must follow policy—secrets store, sandbox, and human approval—not trust in prompts alone.
- Often bundled with
- Integrations for live workflows on one platform.
- Not required if
- You are exploring read-only connections first—but production runs should plan for safety rules from day one.
Related workflow: Ops exception handling with human approval · Adoption path
Rules apply by default—not prompts, not hope, and not a bolt-on compliance suite.
Custom automation code, AI runs, and too many uncontrolled connections are security risks when safety rules live in informal knowledge. Tealfabric embeds governance into sign-in, API keys, workflow sandboxes, execution logs, and Datapool change logs from day one.
See who did what across security events, workflow runs, connection executions, and operational data writes—with human approval where judgment matters.
- Safety rules built into the automation platform—not added as a separate compliance product
- Account isolation, scoped API access, security event logging, and run history by default
- Automations run in a controlled sandbox with capability profiles and workflow safety limits
- Minimum-access API keys with scopes and per-key rate limits
- Control what AI can touch—query validation, connection opt-in, log redaction
- Data lifecycle rules on Datapools—change log, quality, lineage, retention
- Operations-ready monitoring across security, workflow, connection, Datapool, and AI events
Example scenarios
How teams show governance in sales and security reviews.
From security ops triage to compliance exports and AI opt-in controls—governance shows up in real workflows, not slide decks.
Policy in action
Review access, block abuse, route judgment to humans, log everything.
A live-style governance console: scoped API access is allowed, cross-account and brute-force attempts are blocked, connection runs go to human approval, and the full chain lands in security logs, execution logs, and Datapool change log.
Governance console
Access review · policy enforcement · run history
03 · Platform governance
Built-in controls—not a compliance sticker.
Account isolation, security logging, abuse prevention, run traceability, sandbox limits, time-limited tokens, and AI safety controls—built in, not bolted on.
Login tokens and API keys bind requests to an account. Role-based access on users plus granular API key scopes—for Datapool reads and writes, user management, workflow secrets, health checks—with per-key rate limits.
account context
scoped API keys
per-key rate limits
Every API call is tied to an account; cross-account access is rejected.
04 · Data governance
Governance follows the data your automations create.
Datapool change log, access rules, quality scoring, lineage, and retention—strong via API today. No unified account compliance center UI yet; operations console and APIs are the operator surfaces.
- 01
Datapool change log
Every schema and data change logged with user, workflow, step, and IP.
Safety rules follow the data your automations create—not a separate master-data product.
- 02
Access rules
Per-role schema permissions and field-level read restrictions.
Strong via API today; a full compliance UI for rules is not the headline.
- 03
Quality and lineage
Validation rules, quality scores, and source metadata on writes.
Lineage graph and path APIs for records your workflows and AI touch.
- 04
Retention policies
Time-, size-, and event-based policies with a run endpoint.
Data lifecycle built into the platform layer your workflows already use.
Data governance trail
change log · access · lineage · retention
Datapool change log
schema: supplier_evidence · last 7d
[INSERT] 12 rows · workflow nightly_sync
user: ops@acme.fi · step-4
[SCHEMA] field tax_id required
auto_merge_schema · IP 10.0.1.42
Simulated — governance follows the data your automations create
05 · Platform connections
Fits the platform
Governance is not a separate product—it is how workflows, connections, Datapools, AI, and operations logging work together. Security events, run history, and data change logs are searchable in the same operational layer.
Security pack for prospects
Evaluation checklist for security, compliance, and platform owners—aligned to how we run design partner pilots. Request a PDF summary for your procurement or InfoSec review.
Account isolation and operator access
Production workloads run in isolated accounts with role-based access and MFA for operators.
Demo proof: Separate sandbox and production accounts; scoped operator permissions per environment.
AI tool rules and account overrides
AI tools are allow-listed via safety config—with account-level overrides, not prompt hope.
Demo proof: Deny a tool in config and show the AI cannot call it; log the policy change.
Human approval
AI proposes actions; humans approve before controlled connection runs in production.
Demo proof: Trace AI skill → describe action → request human input → run connection.
ProcessFlow secrets store
Connection credentials live in the secrets store—referenced from workflow steps, not hard-coded in scripts.
Demo proof: Workflow step references a stored credential instead of a hard-coded API key.
API keys with scopes
Programmatic access uses scoped API keys tied to account boundaries and approved surfaces.
Demo proof: Issue a scoped key for a single connection or workflow trigger—not blanket admin access.
Sandbox capability profiles
Step code runs under capability profiles that block risky operations in production paths.
Demo proof: Contrast integration-bridge profile vs blocked operations in a JavaScript step.
Run history and operations console
Connection runs, workflow steps, and AI tool calls leave execution history in the operations console.
Demo proof: Failed sync visible in operations → controlled retry under policy instead of silent scripts.
Pilots include a security pack review: safety rules, MFA, API key scopes, account isolation, and human approval paths—not platform login alone.
Request security pack (PDF)See human approval workflowWho it is for
Security, compliance, and platform owners who must approve production connection and AI run changes—and need reviewable history across security events, workflow runs, and operational data writes.
Related workflow: Ops exception handling with human approval. Platform depth: AI agents, Datapools, Integrations, Process Automation.
Operations and admin logs exist today; there is no single unified account compliance center. GDPR, SOC2, and ISO27001 certifications are not claimed—the platform has controls, not badges.
Review-ready operations
Walk through safety rules, human approval, and run history with your security team.
We demo account isolation, scoped API keys, security logs, workflow traceability, sandbox profiles, and Datapool change log—on the same platform as your connections and AI.