Skip to content

Security Model

Security is a foundational principle of the Champa Intelligence architecture, designed to provide robust protection, granular control, and comprehensive auditing for enterprise environments. The security model is built on industry-standard practices, including JWT-based authentication and a powerful Role-Based Access Control (RBAC) system.

Authentication

Authentication is handled via JSON Web Tokens (JWT), ensuring a secure and stateless mechanism for verifying user identity.

  • JWT-Based Sessions: Upon successful login, the server generates a signed JWT containing the user's ID, username, role, and an expiration timestamp. This token is required for all subsequent API requests.
  • Secure Password Storage: User passwords are never stored in plaintext. They are protected using a strong, salted hashing algorithm (PBKDF2-SHA256).
  • Brute-Force Protection: The system automatically tracks failed login attempts. After a configurable number of failures (e.g., 5), the account is temporarily locked to prevent brute-force attacks.

Authorization: Role-Based Access Control (RBAC)

Champa Intelligence implements a granular, feature-based RBAC system that gives administrators precise control over what users can see and do.

Core Concepts

  • Users: Individual accounts with credentials.
  • Roles: Collections of permissions that define a job function (e.g., "Process Analyst," "Operator"). Users are assigned to a single role.
  • Permissions: Granular rights to access a specific feature or perform a specific action (e.g., ai_analysis_data, manage_users).

System Roles

The platform ships with four pre-configured system roles that cannot be deleted:

  1. Administrator: Has the full_access permission, granting unrestricted access to all features, including user and role management.
  2. Process Analyst: Can access all analytical and intelligence features (Portfolio, Dashboard, AI Analysis, Journey Monitoring) but cannot manage users or roles.
  3. Process Operator: Has access to operational and technical tools (Health Monitor, Diff Tool, Linter) but not strategic or business-focused dashboards.
  4. Viewer: A read-only role with access to basic monitoring and validation tools.

Custom Roles

Administrators can create custom roles to meet specific organizational needs by combining any of the available permissions.

Granular Permissions

The platform includes over a dozen distinct permissions for precise access control, including:

  • portfolio_data: Access the Portfolio Health Dashboard.
  • extended_dashboard_data: Access the Process Intelligence Dashboard.
  • ai_analysis_data: Use the AI-Powered Analysis feature.
  • health_monitor_data: View the Engine Health Monitor.
  • manage_users: Create, edit, and delete users.
  • manage_roles: Create and manage custom roles and their permissions.
  • api_access: Required for programmatic access via API tokens.

API Security

For programmatic and automated access, the system supports dedicated API users and tokens.

  • API User Designation: Administrators can flag a user account as an "API user."
  • Token Lifecycle Management: A separate, long-lived JWT can be generated for API users. Administrators can configure a Time-To-Live (TTL) for these tokens (e.g., 30 days, 1 year, or non-expiring).
  • Token Regeneration: API tokens can be securely regenerated on demand from the user management interface.

Comprehensive Auditing

A detailed audit trail is maintained for all critical security and user management events, providing accountability and supporting forensic analysis.

  • Filterable Audit Log: The UI provides a searchable and filterable view of all audit events.
  • Tracked Events:
    • User Logins (success and failure)
    • Logouts
    • User and Role creation, updates, and deletions.
    • Password changes and resets.
    • Permission changes.
  • Captured Data: Each audit event records the timestamp, the user responsible, the action performed, the affected resource, the user's IP address, and their User-Agent string.

AI Security

For a detailed breakdown of how we protect data sent to the AI model, including PII scrubbing, smart masking, and secret detection, please refer to the Zero Trust Security Report.