n8n Workflow Builder

RBAC_SECURITY.md•12 KiB

# RBAC & Multi-Tenant Security System The n8n Workflow Builder includes an **Enterprise-Ready RBAC (Role-Based Access Control) and Multi-Tenant Security System** for secure workflow management in organizations. ## 🎯 Enterprise Security Requirements ### Problems Solved: - ❌ **No Access Control** - Everyone can modify/delete all workflows - 🔓 **No Audit Trail** - Can't track who did what and when - 👥 **No Multi-Tenancy** - All users see all workflows - ⚠️ **No Approval Process** - Critical changes deployed without review - 📊 **No Compliance** - Can't prove security for audits (SOC2, ISO27001) ### Solution: Enterprise RBAC System ``` 🔒 Role-Based Permissions 🏢 Multi-Tenant Isolation ✅ Approval Workflows 📋 Comprehensive Audit Logging ``` --- ## 🔐 Role-Based Access Control (RBAC) ### 5 Built-in Roles | Role | Permissions | Use Case | |------|-------------|----------| | **👑 Administrator** | Full access to everything | IT Admins, DevOps leads | | **💻 Developer** | Create, modify, test workflows. Needs approval for critical ops | Dev team members | | **⚙️ Operator** | Execute workflows, view results | Operations team, support | | **👀 Viewer** | Read-only access | Stakeholders, managers | | **📊 Auditor** | View workflows, executions, audit logs | Compliance, security team | ### Permission Matrix ``` Permission | Admin | Dev | Operator | Viewer | Auditor ---------------------------|-------|-----|----------|--------|-------- workflow.create | ✅ | ✅ | ❌ | ❌ | ❌ workflow.read | ✅ | ✅ | ✅ | ✅ | ✅ workflow.update | ✅ | ✅ | ❌ | ❌ | ❌ workflow.delete | ✅ | 🔶* | ❌ | ❌ | ❌ workflow.execute | ✅ | ✅ | ✅ | ❌ | ❌ workflow.validate | ✅ | ✅ | ❌ | ❌ | ❌ execution.read | ✅ | ✅ | ✅ | ✅ | ✅ execution.analyze | ✅ | ✅ | ❌ | ❌ | ❌ state.read | ✅ | ✅ | ✅ | ✅ | ❌ state.write | ✅ | ✅ | ❌ | ❌ | ❌ approval.create | ✅ | ✅ | ❌ | ❌ | ❌ approval.approve | ✅ | ❌ | ❌ | ❌ | ❌ audit.read | ✅ | ❌ | ❌ | ❌ | ✅ user.manage | ✅ | ❌ | ❌ | ❌ | ❌ 🔶* = Requires approval from Admin ``` --- ## 🏢 Multi-Tenant Architecture ### Tenant Isolation Each tenant has: - **Separate Workflows**: Tenant A cannot see Tenant B's workflows - **Separate Users**: User isolation per tenant - **Separate Audit Logs**: Filtered by tenant - **Separate Approvals**: Approval workflows per tenant ### Example Setup: ``` Tenant: "acme-corp" ├── Users: │ ├── alice (admin) │ ├── bob (developer) │ └── charlie (operator) └── Workflows: ├── workflow-1: "Customer Onboarding" ├── workflow-2: "Data Sync" └── workflow-3: "Report Generation" Tenant: "techstart-io" ├── Users: │ ├── david (admin) │ └── eve (developer) └── Workflows: ├── workflow-4: "API Integration" └── workflow-5: "Email Automation" ``` **Isolation:** Bob (acme-corp) cannot see or access workflow-4 (techstart-io) --- ## ✅ Approval Workflow System ### Critical Operations Requiring Approval: 1. **workflow.delete** - Deleting a workflow 2. **workflow.deploy_production** - Deploying to production 3. **workflow.modify_active** - Modifying active/running workflows 4. **state.clear** - Clearing system state ### Approval Process: ``` 1. Developer creates deletion request → Status: Pending → Notification sent to approvers 2. Admin reviews request → Can approve or reject → Cannot approve own requests → Requires approval.approve permission 3. Decision: → ✅ Approved: Operation proceeds → ❌ Rejected: Operation blocked, reason logged 4. Audit Log → All steps logged with timestamps → Who requested, who approved/rejected, when ``` ### Example Flow: ```python # Developer wants to delete workflow developer: "Delete workflow abc-123" → System: "This requires approval. Request created: approval-456" → Developer sees: "Waiting for approval from admin" # Admin reviews admin: "Show pending approvals" → System shows: "approval-456: Delete workflow abc-123 (by bob)" admin: "Approve approval-456" → System: "Approved! Workflow will be deleted." # Workflow deleted → Audit log: "bob requested delete, alice approved, workflow deleted" ``` --- ## 📋 Comprehensive Audit Logging ### What's Logged: | Event | Details | Compliance | |-------|---------|------------| | User created | Username, role, tenant | SOC2, ISO27001 | | Workflow created | ID, creator, tenant | SOC2 | | Workflow modified | Changes, modifier | SOC2 | | Workflow deleted | ID, approver | SOC2, GDPR | | Workflow executed | ID, executor, result | ISO27001 | | Approval requested | Operation, requester | SOC2 | | Approval decision | Approver, decision, reason | SOC2 | | Permission denied | User, permission, resource | ISO27001 | | Login/Access | Username, timestamp | All | ### Audit Log Format: ```json { "timestamp": "2025-12-16T10:30:00Z", "username": "bob", "action": "workflow_deleted", "details": { "workflow_id": "abc-123", "workflow_name": "Customer Sync", "tenant_id": "acme-corp", "approved_by": "alice", "approval_id": "approval-456" } } ``` ### Retention: - **Last 500 events** stored locally - **Exportable** to SIEM systems (Splunk, ELK, etc.) - **Tamper-proof** timestamps --- ## 🔧 Implementation ### RBACManager Class **Location:** `src/n8n_workflow_builder/server.py` **Features:** ```python class RBACManager: # Core Methods check_permission(username, permission) → bool require_approval(operation) → bool # User Management add_user(username, role, tenant_id) → Dict get_user_info(username) → Dict # Tenant Management create_tenant(tenant_id, name) → Dict check_tenant_access(username, workflow_id) → bool register_workflow(workflow_id, tenant_id) # Approval Workflows create_approval_request(username, operation, details) → str approve_request(approval_id, approver) → Dict reject_request(approval_id, rejector, reason) → Dict get_pending_approvals(username) → List[Dict] # Audit Logging get_audit_log(limit, username, action) → List[Dict] generate_rbac_report() → str ``` ### State Storage: **File:** `~/.n8n_rbac_state.json` ```json { "users": { "alice": { "username": "alice", "role": "admin", "tenant_id": "acme-corp", "created_at": "2025-12-16T08:00:00Z" } }, "tenants": { "acme-corp": { "tenant_id": "acme-corp", "name": "ACME Corporation", "workflows": ["wf-1", "wf-2"], "users": ["alice", "bob"], "created_at": "2025-12-15T10:00:00Z" } }, "pending_approvals": [...], "audit_log": [...] } ``` --- ## 🚀 Usage Examples ### 1. User Management ```python # Add developer rbac.add_user("bob", "developer", "acme-corp") # Check permission if rbac.check_permission("bob", "workflow.create"): create_workflow() else: print("Permission denied") # Get user info info = rbac.get_user_info("bob") # → {username, role, permissions[], tenant_id, ...} ``` ### 2. Multi-Tenant Access Control ```python # Register workflow to tenant rbac.register_workflow("wf-123", "acme-corp") # Check access if rbac.check_tenant_access("bob", "wf-123"): # Bob (acme-corp) can access wf-123 show_workflow() else: print("Access denied: Workflow belongs to different tenant") ``` ### 3. Approval Workflow ```python # Developer requests deletion if rbac.require_approval("workflow.delete"): approval_id = rbac.create_approval_request( username="bob", operation="workflow.delete", details={"workflow_id": "wf-123", "workflow_name": "Old Sync"} ) print(f"Approval required. Request ID: {approval_id}") return # Admin approves result = rbac.approve_request(approval_id, approver="alice") if result["success"]: # Proceed with deletion delete_workflow("wf-123") ``` ### 4. Audit Logging ```python # Get audit log for compliance logs = rbac.get_audit_log( limit=100, action="workflow_deleted" ) # Export for SIEM for log in logs: export_to_splunk(log) # Generate report report = rbac.generate_rbac_report() # → Users, tenants, pending approvals, recent logs ``` --- ## 📊 Compliance & Security ### SOC2 Compliance ✅ **Access Control** - Role-based permissions - Least privilege principle - Separation of duties ✅ **Audit Logging** - All actions logged - Tamper-proof timestamps - Retention policies ✅ **Change Management** - Approval workflows for critical changes - Documented decision trails ### ISO 27001 Compliance ✅ **A.9 Access Control** - User access management - User access provisioning - Removal of access rights ✅ **A.12 Operations Security** - Logging and monitoring - Protection of log information ### GDPR Compliance ✅ **Accountability** - Audit trail of data processing - Who accessed what and when ✅ **Data Protection by Design** - Tenant isolation - Access controls --- ## 🎯 Best Practices ### 1. Principle of Least Privilege ``` ❌ Bad: Everyone has admin role ✅ Good: Users have minimal required permissions ``` ### 2. Separation of Duties ``` ✅ Developer creates workflows ✅ Admin approves deployments ✅ Auditor reviews logs ``` ### 3. Regular Access Reviews ``` Monthly: Review user roles Quarterly: Review tenant access Annually: Full RBAC audit ``` ### 4. Audit Log Monitoring ``` Alert on: - Failed permission checks - Approval rejections - Unusual access patterns - Bulk operations ``` ### 5. Tenant Isolation ``` ✅ Each customer = separate tenant ✅ No cross-tenant access ✅ Clear tenant boundaries ``` --- ## 🔄 Integration with Existing Features ### With State Management: - Audit logs track state changes - User context preserved in state - Tenant-specific state isolation ### With Validation: - Permissions checked before validation - Validation logs to audit trail ### With AI Feedback: - Error analysis respects tenant boundaries - Feedback includes security recommendations --- ## 📝 Configuration Examples ### Development Environment: ```json { "default_role": "developer", "approval_required": false, "audit_level": "basic" } ``` ### Production Environment: ```json { "default_role": "viewer", "approval_required": true, "audit_level": "detailed", "multi_tenant_enabled": true } ``` --- ## 🛡️ Security Features 1. **Permission Checks**: Every operation validates permissions 2. **Tenant Isolation**: Data segregation between tenants 3. **Approval Workflows**: Critical ops require approval 4. **Audit Logging**: Complete trail of all actions 5. **Role Definitions**: Clear, documented permission sets 6. **No Self-Approval**: Users cannot approve own requests 7. **Immutable Logs**: Audit logs cannot be modified 8. **Time-based Access**: All events timestamped (ISO 8601) --- ## 📈 Scalability - **Users**: Thousands per tenant - **Tenants**: Unlimited - **Workflows**: Per-tenant isolation - **Audit Logs**: Configurable retention (500 default) - **Performance**: O(1) permission checks --- ## 🎓 Summary The RBAC & Multi-Tenant Security System provides: ✅ **5 Role Types** (Admin, Developer, Operator, Viewer, Auditor) ✅ **20+ Permissions** (Granular access control) ✅ **Multi-Tenant Isolation** (Complete data segregation) ✅ **Approval Workflows** (4 critical operations) ✅ **Audit Logging** (500 events, SOC2/ISO27001 ready) ✅ **Tenant Management** (Users, workflows, access control) ✅ **Security by Design** (Least privilege, separation of duties) ✅ **Compliance Ready** (SOC2, ISO27001, GDPR) **Enterprise-Ready Security for n8n Workflows!** 🔒🏢✅

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/schimmmi/n8n-workflow-builder'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

RBAC_SECURITY.md•12 KiB