Permissions
Permission-aware
retrieval.
ZentraOS is an organizational memory and operational intelligence runtime for SMBs. Permissions are not a filter applied to results — they are evaluated before retrieval, inside the runtime, against the asking identity.
Identity-first retrieval
Every query carries identity. Before context is assembled, ZentraOS resolves who is asking, what roles they hold, and which boundaries apply. Only the permitted slice of organizational memory is returned.
No agent bypass
AI agents inherit the identity of the calling user. There is no superuser path for an agent to read records the user is not allowed to see. Permissions are a property of the runtime, not the prompt.
Audit and observability
Every retrieval is logged: identity, query, returned records, timestamp. Permission decisions are reviewable end-to-end.
Common questions
How does permission-aware retrieval work?
- ZentraOS resolves the identity of the caller, evaluates access boundaries server-side, and returns only the slice of organizational memory that identity is permitted to see. Agents inherit user identity and have no bypass path.