January 3, 2025 Enterprise enterprise permissions security
The enterprise permissions model in Blast Office gives administrators fine-grained control over what users and teams can do within the organization.
Policy Rules
Enterprise administrators can define policy rules that control:
- Filesystem access: Which directories users can read from and write to
- Internet access: Which domains and services the AI can reach
- Tool availability: Which AI tools (web search, Lua scripting, etc.) are enabled
- Feature access: Which application features are available to different roles
Enforcement Modes
Each policy can use a different enforcement mode:
- Permissive: Actions are allowed but violations are logged for auditing
- Advisory: Users are warned about violations but can proceed
- Strict: Violations are blocked — the AI cannot perform restricted actions
Choose the mode that matches your organization’s security posture and compliance requirements.
Role-Based Access Controls
Assign permissions based on roles:
- Administrator: Full access to all features and settings, including policy management
- Manager: Can manage team settings and view team activity
- Member: Standard access governed by organization policies
- Restricted: Limited access for users who need minimal functionality
Configuring Enterprise Policies
- Sign in as an organization administrator
- Navigate to Organization Settings > Policies
- Create or edit policy rules
- Assign policies to users, teams, or the entire organization
- Select the enforcement mode for each policy
Auditing and Compliance
Enterprise policies support auditing through:
- Policy violation logging
- Activity reports
- Configurable server-side logging for compliance