Security Center
Enterprise security overview for tenant authentication, RBAC, API security, audit logs, device monitoring, document vault and async processing.
Tenant Auth
ON
RBAC
ON
API Security
ON
Payment
OFF
RBAC Permissions
| Ref | Tenant / Workspace | Type | Role | Permission | Status | Rate / Quota | Summary | |
|---|---|---|---|---|---|---|---|---|
| RBAC-007 | global global | rbac | government_reviewer | restricted.review | system@bookingparcel.com | controlled critical | 0/min 0/mo | Government reviewer can access controlled workflows after clearance. |
| RBAC-006 | global global | rbac | carrier_operator | carrier.feed | system@bookingparcel.com | active standard | 0/min 0/mo | Carrier operator can view assigned RFQs and submit quote responses. |
| RBAC-005 | global global | rbac | developer | api.manage | system@bookingparcel.com | active standard | 0/min 0/mo | Developer can manage API keys and webhooks. |
| RBAC-004 | global global | rbac | finance | billing.view | system@bookingparcel.com | active standard | 0/min 0/mo | Finance can view invoices and billing readiness, not activate payment. |
| RBAC-003 | global global | rbac | operations | rfq.manage | system@bookingparcel.com | active standard | 0/min 0/mo | Operations can manage RFQs and activity. |
| RBAC-002 | global global | rbac | admin | org.manage | system@bookingparcel.com | active high | 0/min 0/mo | Admin can manage workspace operations and users. |
| RBAC-001 | global global | rbac | owner | all | system@bookingparcel.com | active critical | 0/min 0/mo | Owner can manage tenant, users, billing, API, RFQs and settings. |
API Security
| Ref | Tenant / Workspace | Type | Role | Permission | Status | Rate / Quota | Summary | |
|---|---|---|---|---|---|---|---|---|
| APISEC-002 | tenant_demo_carrier WS-002 | api_key | carrier_admin | carrier_feed,quote_response | carrier@example.com | active high | 120/min 70000/mo | Rotatable carrier API key with carrier-feed scope. |
| APISEC-001 | tenant_demo_enterprise WS-001 | api_key | developer | rfq_api,tracking_api,webhooks | buyer@example.com | active high | 120/min 100000/mo | Rotatable enterprise API key with scoped access. |
Audit Logs
| Ref | Tenant / Workspace | Type | Role | Permission | Status | Rate / Quota | Summary | |
|---|---|---|---|---|---|---|---|---|
| AUD-004 | tenant_demo_gov WS-004 | audit | government_reviewer | restricted.review.opened | reviewer@example.gov | controlled critical | 0/min 0/mo | Controlled audit event: restricted review opened. |
| AUD-003 | tenant_demo_carrier WS-002 | audit | carrier_operator | carrier.feed.viewed | carrier-ops@example.com | signed standard | 0/min 0/mo | Immutable audit event: carrier feed viewed. |
| AUD-002 | tenant_demo_enterprise WS-001 | audit | finance | invitation.sent | finance@example.com | signed standard | 0/min 0/mo | Immutable audit event: finance invitation sent. |
| AUD-001 | tenant_demo_enterprise WS-001 | audit | owner | login.success | buyer@example.com | signed high | 0/min 0/mo | Immutable audit event: owner login success. |