top of page

Role‑Based Access Control & Audit Logs: Designing for Chain‑of‑Evidence

  • Writer: david Pinto
    david Pinto
  • Nov 5, 2025
  • 3 min read

Updated: Nov 19, 2025

When your work ends up in court or before a regulator, the story matters—but the chain‑of‑evidence matters more. That chain is a set of provable facts about who accessed what, when, and why, plus controls that prevent the wrong person from seeing the wrong thing. Inteliate’s base platform bakes this into the foundation: role‑based access control (RBAC) and immutable audit logs, deployable on‑premises (and air‑gapped when needed) so data never leaves your environment.


What a defensible chain‑of‑evidence requires (in software)


  • Least‑privilege access: users only see what they need for their job role. The platform ships with role‑based access control, enforced at case, source, and function level.

  • Tamper‑evident logging: immutable event logs record uploads, queries, configuration/model changes, and exports—kept locally, encrypted, and tamper‑evident.

  • On‑prem, offline by default: on‑site processing, no external data transfer, optional air‑gapped operations.

  • Zero‑knowledge posture: Inteliate can’t see your data; support access (if ever required) is dual‑control, time‑boxed, and fully logged.


Role‑Based Access Control (RBAC): the practical design


Map roles to duties. Start with viewers, analysts, supervisors, and admins, then restrict by case, data source, or function (e.g., exports). Inteliate’s RBAC is designed exactly for this pattern and is included in the base platform.

Separate powers. Keep creation of users/keys with admins, while investigative edits stay with analysts. Policy requires admin changes to follow an approval workflow (good for CJIS/GDPR audits).

Operate offline. RBAC and permissions work the same with no internet access; the platform is built to function entirely offline, including reporting.

Audit Logs: what to capture (and why)

A proper audit trail should answer who, what, when, where, and why. Inteliate’s design covers the events auditors ask for most:

  • Ingestion events (files, databases, streams) with secure timestamping.

  • Queries & views (who searched what) to show how insights were derived.

  • Configuration & model changes (before/after, actor, rationale).

  • Exports & report generation (what left the system, under which role).

  • Access escalations/support windows (dual‑control, time‑boxed, revocable).

These logs are immutable and local—part of the platform’s default “Audit Trails” pack (RBAC + immutable logs + full case & chain‑of‑custody history).

Who sees the logs? Audit data is visible only to authorised administrators; ordinary users can’t tamper with or hide activity.

Why “offline by default” strengthens the chain

  • No external transmission: evidence never traverses a provider’s network; your team controls retention and access end‑to‑end.

  • Air‑gapped option: for high‑risk sites, run fully disconnected; updates are handled manually via signed, encrypted packages.

  • Zero‑knowledge: Inteliate personnel cannot view investigative data; if support is contracted, all actions are logged and revocable.


EU/UK (GDPR, public sector): Run investigations on‑prem, enforce RBAC, and retain immutable logs/approvals per policy. Supports GDPR‑aligned deployments and audit‑ready exports.

RFP/Architecture checklist (copy‑paste)

  1. RBAC scope — Case‑level, source‑level, and function‑level permissions included by default.

  2. Immutable audit logs — Log ingest, queries, config & model changes, exports; local, encrypted, tamper‑evident; admin‑only visibility.

  3. On‑prem & air‑gapped — Offline operation; no external data transfer by default; containerised or bare‑metal options.

  4. Support access — Dual‑control ephemeral credentials; fully logged; customer can revoke.

  5. Retention & disclosure — Keep logs/models/approvals for the duration required by contract/law; export for forensics on demand.

  6. Standards alignment — Configure for GDPR/CJIS/ISO 27001 needs; offline updates and approvals workflow for admin changes.

How teams use the logs during reviews

  • Build a case ledger: export the chain‑of‑custody history with the final report to show how each finding was produced.

  • Reconstruct events: use secure timestamps to replay actions during internal or external audits.

  • Prove separation of duties: show that the users who exported evidence did not also approve permissions.

US (CJIS / justice): Keep evidence local with tamper‑evident logs, role‑based access, and offline operation for secure facilities.

FAQs


Does RBAC work without internet?Yes. The platform functions entirely offline; every AI function and report is generated locally.

What exactly is logged?Uploads, queries, changes, exports, plus configuration and model changes—with secure timestamps and immutable storage.

Who can see the audit logs?Only authorised administrators; ordinary users cannot access or alter them.


on‑prem AI, air‑gapped AI, zero‑knowledge, GDPR, CJIS, tamper‑evident logging

Bottom line Role‑Based Access & Audit Logs for Chain‑of‑Evidence


A strong chain‑of‑evidence isn’t a document—it’s a system property. By combining RBAC with immutable, local audit logs on an on‑prem/air‑gapped platform, you preserve integrity from ingestion to export—and you can prove it.


GCC (air‑gapped sites): Operate fully disconnected; move updates via encrypted media; restrict and log every access request.

 
 

Find out more

bottom of page