Authentication & RBAC v2.0: Enterprise Security & Multi-Tenancy
Enterprise-grade role-based access control strategies and strict multi-tenant security boundaries.
CXMind introduces an enterprise-grade, deeply compliant Role-Based Access Control (RBAC) system. The architecture is built to support complex organizational hierarchies while maintaining strict data isolation across multi-tenant environments.
Token Lifecycle & Session Management
Security is enforced through a Dual-Token Architecture, balancing user convenience with high-velocity compromise mitigation.
- Access Token (Short-Lived):
- TTL: 2 Hours.
- Usage: Must be attached to every API request via the
Authorization: Bearerheader. - Security: Rapid expiry ensures that if a token is compromised, the window of vulnerability is minimal. The system supports Immediate Revocation (Circuit-Breaking) via a Redis-backed blacklist.
- Refresh Token (Long-Lived):
- TTL: 7 Days.
- Storage: Persisted in
HttpOnly,Secure, andSameSite=Strictcookies to prevent XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgery). - Silent Renewal: Under the hood, the frontend uses the Refresh Token to negotiate a new Access Token without interrupting the user's workflow, ensuring a seamless experience for long-shift agents.
Multi-Tenant Security Boundaries
In v2.0, CXMind implements Logical Tenant Isolation (LTI). Every database query and cache lookup is automatically scoped by a tenant_id.
- Namespace Isolation: Resources such as AI Models, Prompt Templates, and ASR Configurations are partitioned. A "Standard Agent" in Tenant A cannot even discover the existence of a "Standard Agent" in Tenant B.
- Encrypted Scoping: The
tenant_idis embedded within the JWT claims, signed by the Platform's private key, preventing "ID Spoofing" at the API layer.
System Identity Hierarchy
The RBAC v2.0 model follows the Principle of Least Privilege (PoLP). Each role is assigned specific granular permissions (e.g., call:read, call:barge, report:export).
| Control Label | System Role Alias | Scope Description |
|---|---|---|
| Platform Admin | platform_admin | Absolute control over IT infrastructure, models, integrations, and wildcard `*` cross-tenant override rights. |
| Operations Manager | ops_manager | Full macroscopic insight over contact center telemetry, active queues, and dashboard indices. |
| QA & Compliance Lead | qa_manager | Dictates quality assurance rubric schemas, manages evaluation reports, and arbitrates appeal decisions. |
| Team Supervisor | supervisor | Manages assigned subordinate teams, possessing unilateral rights to monitor, whisper, or barge into active calls. |
| Senior Agent | senior_agent | Empowered to modify local flows and contribute directly to shared corporate knowledgebases. |
| Standard Agent | agent | Core end-user role. Restricted to self-data analytics, utilizing AI Copilot interactions, and handling primary routing workflows. |
Security Auditing & Compliance
Every action performed by an identity is logged in the Immutable Audit Trail:
The user_id and role extracted directly from the authenticated JWT.
The specific API endpoint and method (e.g., POST /v2/calls/barge).
Source IP, precise Timestamp, and the injected Tenant Context.
Success/Failure status, providing a clear path for SOC2 or GDPR compliance audits.
Need more help or have a specific architecture question?
Contact Engineering Support