Governance & access

Every layer of the RebelCore™ Medallion architecture is gated by governance. You decide who can do what at each stage — and that’s how analysts (the “worker bees”) get to do real work on production data without ever touching the raw, sensitive sources behind it.

The principle

Each tier in the data flow is its own access boundary:

            ┌──── governance ────┐  ┌──── governance ────┐  ┌──── governance ────┐
            │                    │  │                    │  │                    │
Bronze  ────┴── Silver  ─────────┴──┴── Gold  ───────────┴──┴── Inference  ──────┘
Import files   Create your dataset    The Tree                 RebelCore™ Agent

Between every pair of stages there’s a gate. A user can be granted access to one tier without seeing the others — for example, an analyst can prompt the Agent against a Gold vector set without ever being able to download the Raw CSV that originally created it.

What you can govern

Resource	What access controls	Typical “worker bee” scope
Customers	Which customer’s data a user can ever see	Usually just their own
Projects	Which projects within a customer they can open	Sometimes a single project
Datasets	Which silver datasets they can build / view	Read-only for analysts
The Tree	Whether they can apply suggestions / modify gold curation	Often read-only
RebelCore™ Agent	Whether they can prompt the agent and see results	The main thing analysts get

Roles assigned by your administrator bundle these into reusable permission sets aligned with the tiers — typically an operator role with full bronze/silver access, an analyst role with gold + agent access, and a read-only / audit role.

For the concrete list of permission flags and what each one gates, see Roles & permissions.

Why this matters: sensitive data + RAG

The most common use case is sensitive raw data. You receive customer files containing PII, financial records, or anything you’d rather not splash across analyst desks. With RebelCore™‘s governance:

1. Operators import the raw files (bronze) into a project and curate them into a silver dataset.
2. Senior analysts review and refine the gold vectors in the Tree.
3. Worker-bee analysts prompt the Agent. The Agent acts as a RAG pipe over the gold layer — answering their questions from curated context — without exposing the raw files or even the silver tables underneath.
4. Every prompt is audited — who asked, what they asked, what gold context was used, what the Agent returned.

The result: a small group of trusted operators handles raw data, while a much larger team of analysts gets useful answers — and you have an audit trail that proves which question hit which sanctioned slice of data.

What audit captures

The audit trail covers the full lifecycle of activity across the medallion stages:

• Sign-in events (who, when, from where)
• Project / dataset access events
• Agent prompts and their gold context
• Curation actions (which suggestions were applied, by whom)
• Customer / user / role administration changes

This trail is what you reach for during a security review, an incident, or a compliance audit.

Worker-bee model in practice

A typical role split:

• Data steward / operator — full access. Imports files, builds silver datasets, curates the gold Tree.
• Senior analyst — read access to silver, write access to gold (Tree curation), full Agent.
• Junior analyst / worker bee — Agent only. Prompts against the gold layer, never sees raw or silver.
• Auditor — read-only access to audit logs, no operational permissions.

Your administrator assigns these via the role management tools.

Where it shows up in the docs

• Roles & permissions — the full reference for every permission flag.
• Managing users — adding users, assigning roles, resetting passwords.
• Import files — who can create import batches.
• Create your dataset — who can build silver modules.
• The Tree — who can apply gold curation.
• RebelCore™ Agent — who can prompt against the gold vectors.