Model Access Management
Access Tiers
| Tier | Access Level | Who | Controls |
|---|---|---|---|
| Consumer | Query the model via API or UI | End users, applications | Rate limits, input/output filtering |
| Operator | Configure system prompts, tools, RAG sources | Application developers | Change management, review process |
| Administrator | Deploy models, modify infrastructure | ML engineers, platform team | MFA, privileged access management |
| Owner | Fine-tune, retrain, access weights | ML research team | Highest privilege, audit everything |
Principle of Least Privilege for AI
- Users should only access AI capabilities required for their role
- Models should only access data required for their function
- Tools should be scoped to minimum necessary permissions
- System prompts should be modifiable only through change management
Model Weight Security
Model weights are the most valuable AI asset. Treat them like source code:
- Store in encrypted, access-controlled repositories
- Track all access with audit logs
- Use signed model artifacts to detect tampering
- Separate development, staging, and production model stores
- Implement break-glass procedures for emergency weight access