MATIH Platform is in active MVP development. Documentation reflects current implementation status.
14. Context Graph & Ontology
Security & RBAC
Security Overview

Security Overview

The Context Graph security subsystem provides fine-grained access control through tool-level permissions, role-based access control (RBAC) with visibility levels, and semantic feature flags for per-tenant rollout control. All API endpoints are protected by the authorization middleware, and data visibility is dynamically filtered based on user permissions.

Subsections

PageDescription
Tool PermissionsFine-grained tool access control for MCP tools
Role-Based Access ControlRBAC with permission-based visibility levels
Semantic Feature FlagsPer-tenant feature rollout with canary support

Security Layers

Request --> JWT Authentication --> Tenant Context --> RBAC Check --> Visibility Filter --> Response
  1. JWT Authentication -- Validates the JWT token and extracts user identity
  2. Tenant Context -- Resolves the tenant scope from the token claims
  3. RBAC Check -- Verifies the user has the required permissions
  4. Visibility Filter -- Filters response data based on the permission-derived visibility level
  5. Response -- Returns data at the appropriate detail level
Metrics BridgeTool Permissions