Controls who sees what. To the field level
Access decisions in classical software stop at the record. In AI, they have to go further: a retrieved chunk, a cached embedding, a summary by another user. Each can leak if you treat "the AI" as a single actor. The Platform treats every read as a scoped access event.
Every read is scoped
The Platform never asks "can this user see records". It asks "can this user see this field, this chunk, this summary, in this Space, right now".
Identity scope
whoResolved through SSO: role, department, clearance, Space membership.
Row & field ACLs
dataClassical record-level controls. With AI-specific field visibility on top.
Retrieval filter
retrievalRetrieved chunks are filtered the same way as direct queries. No AI backdoor.
Output inspection
outputFinal response is re-checked. A model cannot leak something the user could never have read.
The AI is not a superuser
No retrieval backdoors
The embedding index respects the same ACL as your CRM. A junior cannot retrieve what they can't query.
Granular, not generic
Same record, different visibility. A salary appears in HR's view and doesn't in IT's, automatically.
Break-glass with audit
When you need escalated access, the trail records who, when, why, and what they saw.
How teams scope by default
HR vs. manager view
Same employee record. Only HR sees comp, only the manager sees performance notes, and the agent mirrors the rule.
Client file segregation
Lawyers on matter A cannot retrieve summaries written by colleagues on matter B.
Finance data masking
Production finance data never returns unredacted to non-finance roles, even through an agent.
Anonymous research mode
Discovery queries on a dataset are allowed, but the agent returns stats. Never raw rows.
See per-field access working end-to-end.
Bring a scoped dataset. We'll run identical agent prompts from two roles and show you the different outputs. And the audit entries behind each.