Governance & Access Control

    Who sees what — and why it matters

    Governance lets you control exactly which users can access which parts of your data — without complex IT setups. If someone isn't allowed to see it, the AI literally cannot tell them about it.

    Without Governance
    • An intern could ask for salary data and get it
    • A customer could accidentally see another customer's records
    • Sensitive financial data is exposed to all employees
    With Stellar Governance
    • Each user only sees data for their team, role, or tenant
    • Restricted data is physically invisible to the AI
    • Set it once — all future queries are automatically filtered

    Types of Access Rules

    An "Audience" is a group of users defined by an attribute from their login session. You can create as many audiences as you need.

    Team-Based Access

    role = 'sales'

    Sales team only sees sales-related tables. Finance only sees finance data. Define it once, apply everywhere.

    Tenant Isolation

    tenant_id = 'acme_corp'

    Each customer only sees their own data. Perfect for SaaS products with multiple clients.

    Row-Level Security

    user_id = current_user()

    Individuals only see their own records. Great for self-service portals and customer dashboards.

    How It Works — Step by Step

    Here's exactly what happens behind the scenes every time a governed user asks a question.

    1
    Step 01

    Request Arrives

    A user submits a question through the chat widget. Their identity (JWT token) comes with the request.

    2
    Step 02

    Identity Validated

    Stellar reads the user's attributes (like tenant_id, role, department) and looks up their Audience group.

    3
    Step 03

    Dictionary Gets Filtered

    The full semantic dictionary is stripped down: only the tables and columns this user is allowed to see are kept.

    4
    Step 04

    AI Sees Only Allowed Data

    The AI never even knows the restricted tables exist. It builds its query using only the filtered context.

    5
    Step 05

    Safe Answer Returned

    The user gets their answer. No leaks, no hallucinations about data they can't see — by design.

    Configuration Guide

    Setting Up Governance in 2 Steps

    1

    Create an Audience

    Go to your Workspace → Governance → Add Audience. Define the audience by an identifier (e.g. tenant_id, role). Use the Discovery tool to automatically pull real values from your database.

    // Example audience definition
{ "filter": "tenant_id = '{{user.tenant_id}}'" }
    2

    Set Permissions

    Select your audience, then use the permission matrix to mark which semantic entries (tables, columns) are visible. Toggle on/off — changes apply instantly.

    // Allowed tables for 'sales_team' audience
["orders", "customers", "products"]
// Blocked: ["salaries", "internal_costs"]

    Security Guarantee: Absolute Isolation

    Stellar's governance doesn't just "hide" data from the UI — it physically removes restricted information from the AI's context window. The model is genuinely unaware those tables and columns exist. No hallucination, no accidental leaks — by design.

    API Keys & Row-Level Security
    Manage authentication tokens
    Enterprise Security Overview
    SOC2, GDPR, and encryption