Corteza can run CRM/support workflows with custom modules and automation. Security should prioritize RBAC boundaries, automation token scoping, and API exposure controls.\n\n## 1) Enforce module-level RBAC and namespace isolation\n\n- separate support teams by namespace or module roles\n- restrict admin privileges to platform operators only\n- review permission inheritance after workflow changes\n\n## 2) Secure automation and integration credentials\n\n- use dedicated machine users/tokens per integration\n- rotate API keys and webhook secrets regularly\n- limit flow/automation execution rights to required records only\n\n## 3) Harden deployment and data plane\n\n- keep database and message backends on private network segments\n- enforce HTTPS and strict CORS/origin policy for API endpoints\n- encrypt and test restore of module and record backups
Any questions?
Feel free to contact us. Find all contact information on our contact page.