Skip to main content

Authorization and Segregation of Duties

Merlon authenticates interactive users with JWT sessions and non-interactive clients with API keys. Both paths apply the same role model. Deployments must map these roles to their own access-control and change-management policy.

PermissionAdminAnalystViewer
Request a whitelist entry (whitelist:request)YesYesNo
Approve a whitelist entry (whitelist:approve)YesNoNo
Read audit records (audit:read)YesNoNo
Create, update, import, activate, or deactivate rules (rule:write)YesNoNo

The whitelist workflow enforces that a requester cannot approve their own request. This provides a separate first-line request and second-line approval control for whitelist decisions.

Rule activation currently has no in-application creator-versus-activator separation. Organizations must enforce that separation with IAM and their change-management process until a product control is introduced. See ADR-0012.

For authentication design and credential guidance, see Configuration Reference.