Basicially, Pinecone implements access control through several key mechanisms:
1. API Keys and Permissions:
- Each project has one or more API keys for authentication
- API keys can be assigned different permission roles including ReadWrite, ReadOnly, or None for both control plane and data plane operations
2. Role-Based Access Control (RBAC):
- Pinecone uses RBAC to manage access to resources
- Access is determined by roles assigned to principals (service accounts, API keys, and users) for specific resources (projects or organizations)
3. Single Sign-On (SSO):
- [Enterprise dedicated tier organizations can set up SSO to manage team access through their identity management solution
- Organizations can require domain users to sign in through SSO and specify default roles
4. Audit Logging:
- Provides detailed records of user and API actions
- Events are captured every 30 minutes and saved as JSON blobs
- Logs track organization events, project events, index events, and security events
The system is designed to ensure:
- Data protection through proper authorization)
- Compliance with industry regulations
- Accountability through audit trails
- Scalability and flexibility as organizations grow