Functions to govern / restrict / report AI functions in Seatable?

Admin Talk Configuration
1

Hi there,

a general question. But first, the confirmation that our self-hosted Seatable Enterprise AI works very well with German hoster IONOS’s AI Hub (with vllm). They currently only support openAI’s deprecated “completion“ API - which API does Seatable use in vllms?

But that’s not my main question. I’d like to know whether you are planning to govern the use of AI. I have no idea on what level (user, base designer, group, base …), so I’ll just write something about our use case.

Being in the public sector, we are heavily regulated to begin with, and AI took it up yet another notch. As a result, we cannot allow each and any user to use AI in Seatable right from the start. There is always the possibility to regulate this on an organisational level, using a lot of paper, but because of … humans …, I’d rather have some technical mechanisms to steer the usage of AI.

Examples of what we have to regulate:

  • On a system level, we might have to restrict the use of AI (in their bases) to base designers who have have been trained and have committed to certain rules. They will be responsible for what happens with AI in their bases and apps, and will have to bear the consequences if something goes wrong.
  • The use of AI needs to be allowed by several internal bodies, like data protection and security bodies. I see this on a base / app level, because we will probably not get a global OK for AI use in the whole Seatable system.
  • The EU AI Act requires us to keep an internal register of Applications that use AI. I also see this on an App / Base level, because we need to describe the actual nature of AI-treated / generated data, and the actual purpose of AI use.

Things I can think of - maybe you are already planning more

  1. A permission in a role in ENABLED_ROLE_PERMISSIONS that restricts the use of automation steps to qualified / trained base creators
  2. Maybe a per-base switch (Admin-driven?) to allow AI automations in a specific base. I compare this to the “third party providers“ mail configuration - maybe that’s a way to go?
  3. Certainly some sort of method to determine which bases are using AI functions. We’ll have to keep the register, occasionally report the use, and sometimes even do compliance audits.

I’m looking forward to your comments on this.