Security Architecture Solutions for Multi-Tenant Data Segregation
ACI.dev uses a layered security system to address multi-tenant data isolation:
- Identity Management System: Each intelligence and user has a unique linked_account_owner_id, based on which all operations are authenticated.
- fine-grained access control: Force the owner ID to be specified when the tool is executed.
linked_account_owner_id="user123"Ensure that data access is limited to authorized access - three-tier hierarchy of isolation mechanisms::
- Project-level isolation: complete segregation of tool permissions for different developers
- User-level segregation: data from different users in the same project are not visible to each other
- Intelligence-level isolation: independent boundaries can be set for each AI instance
Specific configuration methods:
- Create a tenant project in the platform portal and the system automatically generates an isolated environment
- Use the SDK to set permission boundaries:
client.permissions.set(
agent_id="sales_bot",
boundaries={"gmail":["read"], "calendar":["read","create"]}
) - via the environment variable
SERVER_ISOLATION_LEVEL=STRICTEnable forced isolation mode
For special cases where data needs to be shared, use theclient.access.grant()method for cross-tenant temporary authorization, it is recommended to monitor all access behaviors in conjunction with the audit logging feature.
This answer comes from the articleACI.DEV: Integration of 600+ tools for AI intelligences via MCP serverThe
May not be reproduced without permission:AI productivity tools " How to solve the problem of data isolation for AI intelligences in multi-tenant environments?
