Basedash Access Controls

Product Introduction

1. Definition: Basedash Access Controls is a security and governance feature set within the Basedash AI-native business intelligence (BI) platform. It is a technical framework for implementing role-based access control (RBAC) and context-aware AI interactions across an organization's entire analytics stack, including data sources, dashboards, and AI-generated outputs.
2. Core Value Proposition: Basedash Access Controls solves the critical governance challenge of scaling a BI tool across an entire organization and external stakeholders. It provides granular, group-based permissioning and customized AI response steering, ensuring the right people see the right data and receive appropriate, secure answers, thereby building trust and enabling governed, company-wide analytics adoption.

Main Features

1. Feature Name: Group-Based User Management
   • Detailed Technical Description: This feature allows administrators to create logical groupings of users (e.g., "Internal Data Team," "Marketing," "Client X," "Leadership"). Access permissions and AI context are configured at the group level, not per individual. Adding or removing a user from a group instantly inherits or revokes all associated permissions across the platform. This functions as the primary container for managing user access, simplifying administration compared to managing individual user rights.
2. Feature Name: Granular Resource Access Controls
   • Detailed Technical Description: Access is not limited to dashboards. Administrators can toggle precise permissions for a group across five core Basedash resource types: Data Sources (specific databases or warehouses), Dashboards (specific visual reports), Chats (specific conversation threads), Automations (specific scheduled workflows or reports), and MCP Servers (tool access for AI clients). This ensures a group can only query permitted databases, view authorized reports, and interact with relevant AI workflows. Access is enforced through technical backend checks for every resource request.
3. Feature Name: Per-Group AI Context Steering
   • Detailed Technical Description: Each group has a dedicated AI context field where administrators input natural language instructions that define the assistant's behavior for that group's members. This context is applied system-wide to every answer the AI generates for users in that group. For example, instructions can define tone ("non-technical"), scope ("only reference the user's own account data"), or persona ("act as a compliance officer"). This context is injected into the AI's prompt layer, acting as a system-level modifier. Critically, this operates in conjunction with, and on top of, existing row-level security (RLS) policies on the data, creating a dual layer of technical data filtering and AI behavioral guidance.

Problems Solved

1. Pain Point: Lack of Scalable Data Governance. Traditional BI tools often struggle with expanding access beyond a small core team without creating security risks or overwhelming administrators. The challenge is balancing broad accessibility with strict data governance, especially when integrating AI that can answer free-form questions.
2. Target Audience: Data Platform Engineers & IT Administrators responsible for security and access management; Data Analysts & BI Managers who need to democratize data access safely; Company Leadership requiring secure, high-level insights; External Client Stakeholders needing limited, curated access to specific dashboards or data.
3. Use Cases:
   • An analytics team connects all company data warehouses but creates a "Marketing" group with access only to the marketing_analytics data source and relevant dashboards, steering the AI to provide marketing-specific KPI explanations.
   • A SaaS company creates a group for "Client Acme Corp" with access solely to a dedicated dashboard and its underlying data source, with AI context instructing the assistant to only discuss Acme's own account data.
   • Executive leadership is placed in a group with access to high-level, aggregated dashboards and an AI context that ensures responses are concise, non-technical, and focused on strategic metrics only.

Unique Advantages

1. Differentiation: Unlike traditional BI tools where access control is often a bolt-on feature limited primarily to dashboards or static reports, Basedash integrates access controls at the core of its AI-native platform. Access is holistically applied across all interactive components—data queries, AI chats, automations, and embedded tools (MCP servers). Furthermore, the per-group AI context steering is a unique differentiator; it doesn't just control what data is seen, but how the AI interprets and presents that data, a layer of personalization and safety critical for AI-assisted analytics.
2. Key Innovation: The key innovation is the unified application of governance to the AI interaction layer via group-based context. This moves beyond static row-level security to dynamic, rule-based AI behavior modification. It allows a single BI instance to serve multiple, distinct audiences (e.g., internal teams vs. external clients) with different permissions and different conversational guardrails, all from one centralized configuration interface.

Frequently Asked Questions (FAQ)

1. How do Basedash Groups improve data security and compliance? Basedash Groups enforce the principle of least privilege by allowing you to assign precise permissions to user groups, not individuals. This ensures users can only access the specific data sources, dashboards, and automations their role requires. Combined with per-group AI context, it provides a dual layer of security: technical data filtering (like row-level security) and behavioral AI guardrails, which is essential for meeting compliance standards like SOC 2, GDPR, and CCPA.
2. Can I set up row-level security (RLS) within Basedash Access Controls? Yes. Basedash Access Controls complements row-level security. You configure RLS policies on your data sources to filter data at the row level for specific users. Then, using Groups and Access Controls, you assign users to groups that have access to those data sources. The AI responses and dashboards for users in that group will automatically respect the underlying RLS rules, ensuring they only ever see data they are authorized to view.
3. What is the technical difference between granting access to a Data Source and a Dashboard? Granting access to a Data Source allows users in the group to run AI queries, create new charts, and build new dashboards using that specific database or warehouse. Granting access to a Dashboard provides view-only or interactive access to a pre-built report. The Data Source permission is broader and enables data exploration, while Dashboard permission is more restrictive and focused on consumption.
4. How does the AI Context for a group affect responses in dashboards and automations? The AI Context instructions are applied as system-level modifiers to the Basedash AI engine. This means the steering applies universally wherever the AI generates text for users in that group. This includes answers in AI Chat, automatically generated insights within dashboards, natural language summaries of automation results, and responses via the MCP server for connected AI clients.
5. Is there a limit to the number of groups I can create or users I can add? Basedash Access Controls is designed for scalability. While specific limits may vary by subscription plan, the feature is architected to support numerous groups and a large number of users, allowing you to model groups precisely after your real-world organizational structure—teams, departments, external partners, and individual client accounts.