Departments, roles and the audit trail

Scoping who can see and ask what — and evidencing it afterwards.

The access model

Marella’s access model mirrors how organisations already work:

  • Departments group people and documents — legal, operations, clinical governance, a client team. A department’s members query that department’s corpus.
  • Roles decide capability: who chats, who curates the knowledge network, who configures agents, who administers the organisation.
  • Agent scope narrows further: each agent answers only from the document sets it was given.

Together these make information barriers structural. Someone outside the scope doesn’t get a “no results” — the material simply isn’t part of their world.

Decision traces and the audit log

Two records keep AI use evidenceable. Decision traces capture what the AI system did and why — which agents were selected, what was retrieved and cited, which tools ran, and how answers were checked. The audit log immutably records security-relevant events: invitations, role changes, ownership transfers. Together they turn “what happened here?” into a lookup rather than an investigation.

Setting it up well

  1. Mirror your org chart first; refine later. Familiar boundaries beat clever ones.
  2. Scope agents tighter than departments where work is sensitive — a contracts agent doesn’t need HR policies.
  3. Give compliance read access early. The fastest route to trust is letting the people whose job is doubt look at the trail themselves.