Security

Understanding the Permissions Model

in Advanced

January 4, 2025

Blast Office includes a comprehensive permissions model that controls what the AI can access and do. This guide explains how policies work and how to configure them.

What Are Policies?

Policies are sets of rules that control:

  • Filesystem access: Whether the AI can read or write files on your system
  • Internet access: Whether the AI can make web requests
  • Tool usage: Which AI tools are available
  • Feature access: Which application features are enabled

Enforcement Modes

Policies can operate in different enforcement modes:

Continue reading

Enterprise Permissions Model

in Enterprise

January 3, 2025

The enterprise permissions model in Blast Office gives administrators fine-grained control over what users and teams can do within the organization.

Policy Rules

Enterprise administrators can define policy rules that control:

  • Filesystem access: Which directories users can read from and write to
  • Internet access: Which domains and services the AI can reach
  • Tool availability: Which AI tools (web search, Lua scripting, etc.) are enabled
  • Feature access: Which application features are available to different roles

Enforcement Modes

Each policy can use a different enforcement mode:

Continue reading

Enterprise File System Access Controls

in Enterprise

January 2, 2025

Blast Office allows enterprise administrators to control which files and directories the AI can access for each user and team.

Why Control Filesystem Access?

In enterprise environments, it’s important to ensure that the AI only accesses files that users are authorized to work with. Filesystem access controls help:

  • Prevent accidental exposure of sensitive documents
  • Comply with data classification policies
  • Enforce separation of duties between teams

Configuring Access

Organization-Wide Defaults

  1. Navigate to Organization Settings > Policies > Filesystem
  2. Set the default filesystem access policy (enabled or disabled)
  3. Define allowed and blocked directories

Team-Specific Policies

  1. Navigate to Teams > [Team Name] > Policies
  2. Override organization defaults for specific teams
  3. Define directory allowlists and blocklists

User-Specific Overrides

For cases where individual users need different access:

Continue reading

Enterprise Internet Access Controls

in Enterprise

January 1, 2025

Enterprise administrators can control whether and how the AI accesses the internet for features like web search and deep research.

Internet Access Settings

Internet access controls determine:

  • Whether the AI can perform web searches
  • Whether web-based research features are available
  • Which external services the AI can reach

Configuring Internet Access

Organization-Wide Settings

  1. Navigate to Organization Settings > Policies > Internet Access
  2. Enable or disable internet access for AI features
  3. Configure domain allowlists or blocklists if needed

Team-Level Overrides

Some teams may need different internet access policies. For example, a research team may need full web access while a team handling sensitive data should have it restricted.

Continue reading

Security Best Practices

in Security

December 28, 2024

This guide covers security best practices for individuals and organizations using Blast Office.

Permissions Configuration

Filesystem Access

  • Keep filesystem access disabled by default — enable it only when needed
  • When granting access, restrict it to specific directories rather than the entire filesystem
  • Review filesystem permissions regularly

Internet Access

  • Consider restricting internet access for users who work with sensitive data
  • Use domain allowlists to limit which sites the AI can access

Tool Access

  • Review which AI tools are enabled and disable any that aren’t needed
  • Lua scripting, while sandboxed, should be disabled if not required by your workflow

Logging

Individual Users

  • Logging is off by default for individual users
  • Consider enabling local logging for personal record-keeping

Organizations

  • Logging is on by default for organizations — review this setting
  • Server-side logging can be enabled for compliance and auditing
  • Ensure logging policies align with your data retention requirements

Content Safety

Blast Office includes built-in content safety filters:

Continue reading

Search

Categories

Tags