Deny by default
Without an explicit access rule, access is denied. Permissions live in the ORM, not the API.
Security
Secured by construction, not optional.
An ERP's security shouldn't depend on the discipline of module developers. In Kewos, it's enforced by the kernel.
The foundations
Multi-level
RBAC, record rules and field rules combined: group, record and field.
Encrypted secrets
No plaintext secret in the database; dedicated encrypted storage and typed references.
Immutable audit
Sensitive operations are logged insert-only, traceable end to end.
Data isolation
One database per customer in SaaS, connections always tenant-resolved.
Resilience
Circuit-breakers and timeouts on outbound calls; visible degraded modes, never silent.
Ready to see Kewos on your use cases?
Book a demo, or estimate your SaaS and on-premise cost in two minutes.