Access Control (RBAC)
Managing permissions
[!WARNING] Status: Coming soon. RBAC is part of the enterprise features under development. The design below describes the planned behavior.
Role-Based Access Control (RBAC) will govern who can do what within The Station and the ChooChoo platform.
Roles
ChooChoo supports fine-grained permissions for The Station.
| Role | Capabilities |
|---|---|
admin | Full access. Manage users, configure approval policies, and define compliance tags. |
approver | Can approve/reject requests from approval workflows. View audit logs. |
developer | View lineage graph and submit requests via choochoo governance submit. Cannot approve their own changes. |
auditor | Read-only access to Audit Trail and Compliance Reports. Ideal for external auditors. |
Role Assignment
Roles are assigned per-user or per-group through The Station admin panel. When SSO is configured, roles can be mapped from identity provider groups automatically.
Agent Permissions
AI Agents do not use RBAC roles directly. Instead, their permissions are governed by the boundaries defined in the Agent Registry and their System Cards. However, RBAC determines which humans can:
- Register new agents (
adminonly) - Modify agent boundaries (
adminonly) - Approve agent actions when approval workflows are triggered (
approver) - Audit agent activity via the Audit Trail (
auditor,approver,admin)
Configuration
RBAC is configured in The Station and enforced on both the UI and API layers. The governance.requireApproval setting in .choochoorc works in conjunction with RBAC — only users with the approver or admin role can satisfy approval requirements.
For authentication setup, see SSO to integrate with your identity provider.
Related
The Station
The enterprise Governance UI where RBAC roles are managed and enforced.
SSO
Integrate with Okta, Entra ID, or Google Workspace for single sign-on and role mapping.
Approval Workflows
Policy gates that require users with the approver role to sign off on changes.
Audit Trail
The immutable log accessible to auditor and approver roles.