Feature: RBAC 2026

Tighter permissions.

Overview

The Nova RBAC 2026 release gives customers fine-grained permissions across the product. Admin-only access is the easy first step; tighter per-resource permissions match enterprise expectations and reduce blast radius from compromised credentials.

• Tighter permissions. Per-resource, per-action permissions; matches enterprise; the security review passes.
• Custom roles. Customers compose role permissions; matches diverse organisational needs.
• Per-team scoping. Teams own their resources; supports multi-team customers without per-account separation.
• Audit logging plus SSO group sync. Every privileged action logged for compliance; SSO groups drive Nova roles for lifecycle.

The approach

The practical approach: per-resource permissions, custom-role-friendly composition, SSO group sync for lifecycle, audit logging for compliance. The team’s discipline produces enterprise-ready RBAC that survives security review.

• Per-resource permissions. Read, write, delete per resource type; matches the granularity enterprise procurement asks for.
• Custom roles. Customers compose roles from permissions; the customer’s organisational shape is honoured.
• SSO group sync. AD/Okta groups drive Nova roles; lifecycle (joiner, mover, leaver) flows from the IdP.
• Audit logging. Every privileged action logged; SOC 2 evidence collection becomes mechanical.
• Document the model. Per-permission meaning published in the docs; supports operational reviews.

Why this compounds

RBAC discipline compounds across customers. Each tightened permission reduces breach risk; the team’s enterprise readiness grows; the procurement story improves with every adoption.

• Better security. Tight permissions reduce blast radius; one compromised credential affects fewer resources.
• Better enterprise adoption. RBAC matches procurement requirements; the security review passes on the first try.
• Better team autonomy. Per-team scoping supports multi-team customers; the buyer can roll Nova out to multiple teams without conflict.
• Institutional knowledge. Audit logs reveal access patterns; the team’s identity engineering muscle grows.

RBAC discipline is a product investment that pays off across years. Nova AI Ops invests in enterprise-readiness as a first-class surface.