LaraDep Documentation
You are reading Self-hosted mode
Self-hosted workspace, access and security
How to set workspace isolation, role model, and security standards in self-hosted mode where you own control and responsibility.
Self-hosted workspace and security
Self-hosted means you own infrastructure and process responsibility. That includes access, roles, and enforcement of workspace boundaries with no compromises.
Purpose
- Separate clients/environments clearly,
- limit scope by role and approval,
- keep audits repeatable and meaningful.
Role structure
- Owner — decision authority and critical change approver.
- Operator — executes runs in assigned context.
- Auditor — read access to evidence and decision logs.
Operational steps
- Set role model minimal set by sensitivity of client and environment.
- Rotate privileged access on a defined schedule.
- Document change approval path for out-of-band scenarios.
- Link run history into incident and rollback process.
- Review memberships regularly against current team changes.
Integration
- Self-hosted day-to-day operations for routine consistency.
- Preflight as mandatory before meaningful changes.
- Self-hosted governance for formal role and scope controls.
Checklist
- Are workspace boundaries explicit?
- Do critical changes have a clear approval process?
- Is secret/token access controlled and auditable?
- Do you perform periodic access reviews?
Next step: Validate daily rhythm in self-hosted operations and align templates in self-hosted templates and workflow.