Departments, roles and the audit trail
Scoping who can see and ask what — and evidencing it afterwards.
The access model
Marella’s access model mirrors how organisations already work:
- Departments group people and documents — legal, operations, clinical governance, a client team. A department’s members query that department’s corpus.
- Roles decide capability: who chats, who curates the knowledge network, who configures agents, who administers the organisation.
- Agent scope narrows further: each agent answers only from the document sets it was given.
Together these make information barriers structural. Someone outside the scope doesn’t get a “no results” — the material simply isn’t part of their world.
Decision traces and the audit log
Two records keep AI use evidenceable. Decision traces capture what the AI system did and why — which agents were selected, what was retrieved and cited, which tools ran, and how answers were checked. The audit log immutably records security-relevant events: invitations, role changes, ownership transfers. Together they turn “what happened here?” into a lookup rather than an investigation.
Setting it up well
- Mirror your org chart first; refine later. Familiar boundaries beat clever ones.
- Scope agents tighter than departments where work is sensitive — a contracts agent doesn’t need HR policies.
- Give compliance read access early. The fastest route to trust is letting the people whose job is doubt look at the trail themselves.