Skip to main content
Version: 1.10.0

Roles

This section will explain: how to define your roles in Laiye role-based access control.

Role Definition

A role definition lists the actions that can be performed, such as create, read, write, and delete. Roles can be high-level, like owner, or specific, like skill reader or intent reviewer. sketch-en-v1.7

Role

A role is a collection of permissions. It's typically just called a role.

Built-in Roles

Laiye RBAC includes several built-in roles that you can use. builtin-en-v1.7

  • The "Owner" role will be assigned to the first user who login to the platform that allows all the rights on the platfor by default. This role cannot be edited or deleted, and there must be one and only one user with the "Owner" role.

  • The "Admin" role also have all the rights for the platform, the "Owner" user can assign the "Admin" role to platform administrator or agent administrator. There is no limit number of users you can assign with this role.

Custom Roles

If the built-in roles don't meet the specific needs of your organization, you can create your own custom roles with a collection of rights.

A right item is made of "Operation", "Resource" and "Tag"(Optional). The rights are works for both users and service account by controlling the accesss to internal APIs.

For example, chatbot.intents.get means the right can read the detail of the resource of intents.

Operation

There are 5 type of the operations to each resource:

  • list: the role has the right to get the list of this type of resource.
  • get: the role has the right to read the detail of this type of resource.
  • create: the role has the right to create this type of resource.
  • update: the role has the right to update this type of resource.
  • delete: the role has the right to delete this type of resource.

Resource

See all the detail resource types you can control in Operation Log

Tag

Laiye role-based access control also support part of data permissions with tags. Tag is for further data filtering for specific resouces.

Supportted resource types are:

ResourceTagConfig Method
Agentscustom tagcreate tag when creating agents
Skillscategorytag = category
Tablescustom tagcreate tag when creating tables
Documentscustom tagcreate tag when creating documents

How to define your custom roles?

  1. If you want to create a role without tag, select the rights in the permission list. You can define your role by resource or by operation. create-en-v1.7

  2. Click "SAVE" to save your role. create-en-v1.7

How to define your custom roles with tags?

For example, if you want to define a role that have the permission to see serveral agents.

createhr-en-v1.7

At the same time, you should create the agents with the same tag. agenthr-en-v1.7

How to define your custom role who can only manage a specific scope of skills?

Skills are already tagged by the categories.
skill-en-v1.7

This function only works in agent level. Please open the "Role" page in agent menu to create the role with defining the skill data access.

If you want to define a role who can only manage the skills under the category of "Payroll", please create the role with the operations to skills and add the tags selected from the search bar:

searchcate-en-v1.7