Aisera Platform Roles, Permissions, and Bot Access
There are several levels of Aisera permissions. Before you can begin setting up roles, it is important to understand the different versions of the Aisera Admin UI that affect how permissions are granted.
Each User Role has a permission value, so you can assign roles to users with out-of-the-box functionality.
In addition, you can control Aisera platform user permissions at the tenant level or at the application/bot level, using the Access Control feature.
These permissions are discussed in the following sections:
When you create roles and permissions, it is a best practice to document the reasons with examples of each role and permission you created. Although you can see the permissions in the UI, it may be difficult for you to determine where a specific restriction is coming from.
Understanding Aisera Admin UI Versions
If you have Administrator privileges, you can manage Roles and Permissions using the Aisera Admin UI.
Permissions for each Role in the Aisera platform are based on the type of Aisera Administration application you’re using, and the Entity Types that your application has access to.
Entity Types refer to Aisera objects. These are items like Intents, Fulfillments, Tickets, and Data Sources that you interact with in either the embedded application (bot) you’re creating, or within the Aisera Administration application.
The User Role, the Entity Types available to that role, and the permissions on each of the Entity Types, determine the entities that you will see on windows within the application. Privilege levels for the entities are: Read, Write (Read and Write), or None..
For instance, if your User Role is excluded from accessing the Intents Entity Type (object), then you will not see any Intents values or information when you look at windows within the Aisera Administration application. If your role only has Read privileges for the Intent entity, then you will be able to see (but not change) Intent data within a window.
Variations of the Aisera Administration Application
The three main variations of the Aisera Administration application are:
AI Service Desk
AI Customer Service Desk
AI Ops
All of the Administration Application configurations have access to the following Common Entity Types (objects):
User
Ticket
Datasource
Channel
Integration
Flow
System Trigger
JobExecution
Settings
Audit
Email Template
Model
ModelJob
TenantUser
Each of the Administration configurations has access to specific additional entity types:
AI Service Desk
Request
Application
EzType
EzEntiity
Knowledge
AccessAttribute
Intent
Conversation Message
IntentUtteranceRevision
DirectEscalation
AI Customer Service Desk
Request
Application
EzType
EzEntity
Knowledge
AccessAttribute
Intent
Conversation Message
IntentUtteranceRevision
AI Ops
MajorIncident
AiseraAlert
CmdbCi
Using the Default Roles
The Aisera application (out-of-the-box) roles are designed to operate with the correct permission levels for most of the Aisera Administration and embedded applications. You can create custom roles, as described below, but this is not a common use case.
Each of the Administration configurations has the following default roles.
Default Role Descriptions
The table below illustrates the permission levels assigned to each role across different entity types and application variations.
AI Service Desk
or
AI Customer Service Desk
Administrator
Manages everything within the Aisera platform, including apps, content, configuration, and permissions.
Analytics Viewer
Gathers Analytics data from Settings > Platform > Analytics pages to create reports and analyze results.
Annotator
Adds utterances to Intents and enhances Intent Identification.
Help Desk Agent
Customer Support Agent for IT
Developer
Creates and updates the virtual assistant. Tasks may include:
Adding data sources
Updating integrations
LLM operations
Setting up workflows, workflow generation, and content generation.
Their tasks often include commands in the Settings > Platform area of the Admin UI or customizing the virtual assistant using REST APIs.
Moderator
Responds to comments and feedback about the virtual assistant. May use the Settings > AI Workbench, Settings > AI Learning and Audit Trail sections of the Admin UI.
AI Ops
IT Specialist
Monitors information collected by the virtual assistant, and acts as the Live Agent to work with IT customers on advanced or unanticipated issues. Monitors information collected by the virtual assistant, and acts as the Live Agent to work with IT customers on advanced or unanticipated issues.
Operations Manager
Uses the AI Observability and AI Observability CMDB commands in the Admin UI to review Ticket Incidents and the overall system setup.
VP/Director IT Ops
Reviews Analytics and statistics at a high level, to determine future needs.
IT User
Interacts with the virtual assistant.
Read and Write for Entity Types
The following table describes how the Read and Write privileges work within the Entity Types.
Read
Gives Read access to Entity
Type
Entity Type option on left navigation or under setting is not available when the user has only read access to the Entity Type.
With a Read privilege, you can view an entity by navigating to it through a related entity. For example, a Read privilege on Integration will not show option Settings > Integration. But if you have Write privilege on Data Source, then you can access the Integration Entity associated with the Data Source Entity on the Data Source Detail page.
Write
Gives Write/Run/Execute
privileges on Entity Types,
Jobs, Modes.
With Write access, Entity
Types will be available on
left navigation and under
Settings.
None
Select None if you don't
want user to have access to
an Entity Type
Aisera Entities and Related Windows
This section describes the usable Aisera Entities and the views you see related to them in the Aisera Administration Application (Admin UI).
Access Attribute
This object stores access attributes for content and Admin UI access control.
Select Settings > Access Controls to see who can view specific documents. You can create Attributes and then create your own viewing restrictions.
Application
This object stores the data for your Aisera applications (bots).
Select Settings > AiseraGPT to see and manage your existing applications
Audit
Changes you make to objects in the Aisera platform are logged as audit logs. Users who have access to the Audit entity can view audit log history.
Select Settings > Audit Trail in the Admin UI to view the log history
Channel
Channels are a medium through which end users engage with Aisera Application. Channel configurations are available for users who have access to this object.
Select Settings > Channels in the Admin UI to add or manage channels.
Conversation Message
Systems messages that are provided by default for Message Keys (scenarios) listed. Messages can be customized.
Select Settings > AiseraGPT and then open or create a new application. Choose View App Conversation Messages to see the default messages associated with Aisera platform. Hover over the right-side of a line item and click the pencil icon to edit/customize a message.
Datasource
This object stores the configuration information for the data source that you are integrating with your application. This is the 'pass-through' information that allows the Aisera platform to access your data source.
Select Settings > AiseraGPT and then open or create a new data source. To view or edit details for an existing data source, choose Settings > Data Source and then click the pencil icon near the top of the window to enable editing.
Email Template
This object stores the email templates that are used with Campaigns & Approvals.
Select Settings > Email Templates to view existing templates that are available for your application. You can select the list or document view in the upper-right corner of the window. Choose the pencil icon to edit a template.
EzEntity
This object allows you to manage Ontology entities.
Select LLMs > Ontology to see the Entities, Enumerations, and Regular Expressions associated with your application domain (EDP). Hover over the right-side of a line item and click the pencil icon to edit/customize an Entity, Enumeration, or Regular Expression.
EzType
This object allows you to manage Ontology classes.
See ExEntity above.
Flow
This object stores the data for Workflows (task automation and approvals) and the Workflow Library.
Select AI Automation > AI Workflow Studio to see a list of the workflows that are associated with your application.You can use an existing workflow from the library or create a new workflow from this Window.
Integration
This object stores the authentication and authorization data for data sources that you connect to Aisera Application.
Choose Settings > Integrations to see a list of your applications and the integrations associated with each. You can view the integrations as a list or as boxes with icons that show the logo for each integration. From either view, you can click the pencil icon to edit your integration data. You can also create a new integration when you create a new application, as part of the Add Data Source command.
Intent
This object stores the data for the Intents (topics that the bot can serve) and the associated mapping to Fulfillments.
You can select new Intents from the Intents Library, edit existing Intents, or create your own. You can see other objects that are associated with an Intent from the Intents window.
Job Execution
This object stores the information about system and user jobs that have been run from your application, like Knowledge Generation, Ticket Learning, and Knowledge Learning. The data stored includes the name of the job, the pipeline status, user who ran the job, the start time, and the job duration. Jobs are triggered automatically and provide a view only access to the jobs.
Select Settings > Jobs to see the list of jobs that have been run from your application. To run a job, you need to go to the related windows (Content Generation > Knowledge Generation, Gen AI Learning > Ticket Learning, or Gen AI Learning > Knowledge Learning.)
Knowledge
This object stores the information from Knowledge Articles that are ingested into your application. Ingested content is also referred to as the Source of Record (SOR) in the Aisera platform.
Select SOR > Knowledge to see a list of the Knowledge Base articles that have been ingested into your application. You can edit the data or apply templates to the data, if you have write privileges to this object.
Request
This object holds the request history.
Select Requests to see a list of the Requests that customers have entered into your application. If you have Write permission to the Requests object, you can choose from different visualizations for the Requests Over Time metric in the Requests window. The lower part of the Requests window contains a list of your requests that you can customize by adding or removing columns. You can also export the list to a CSV file.
Settings
This object stores the information for the high-level menu that lets you choose options related to the tenant-level configurations.
Select Settings to access configuration options for your tenant, such as: Applications, Channels, Data Sources, Integrations, System Triggers, Email Templates, Jobs, Tags, and other advanced settings.
System Trigger
This object stores the data for System Triggers, which are triggers used within Workflows.
Select Settings > System Triggers to add or modify a schedule-based or event-based System Trigger to kick off a Workflow. This involves creating a Trigger in the System Triggers window, applying it to a Workflow, and then setting Scheduled or Event to start the trigger.
TenantUser
This object stores the information about your Aisera Admin UI users and their roles.
If you have an Aisera Administrator role, select Settings > User Accounts to add or change information for users of your Aisera platform.
Ticket
This object holds the data for the tickets that have been ingested into your application.
Select SOR > Tickets to see a list of the Tickets that have been ingested into your application. If you have Write permission to the Ticket object, you can choose from different visualization charts for the Tickets Over Time metric in the Tickets window. The lower part of the Tickets window contains the list of your tickets that you can customize by adding or removing columns. You can also export the list to a CSV file.
User
This object stores the user data ingested to the application from your System of Record (SOR). This data must be ingested, and therefore, it is not editable.
Select Users to see the list of users that have been ingested into your application. You can add or remove columns from the list, or export the list as a CSV file, but you cannot edit the user list, since it must be ingested.
Role Permissions Tables
This determines the views you can see and the fields you can interact with while acting within a specific role.
User Level Permissions
If you have been assigned to an Administrator role in the Aisera Administration application, you can assign any of the default application roles to new users.
Assigning Roles to Users
Open Settings > User Accounts from the left navigation menu of the Aisera Administration application.
Choose the + New User Account button.
Enter the email address and the name of the New User.
Select the checkbox next to the role that you want this user to have, based on the actions that this user will perform within your organization or within the Aisera Admin UI
Changing a User’s Role
To change the Role for an Existing User:
Select Settings > User Accounts from the left navigation menu of the Aisera Administration application.
The User Account window contains a list of current users.
Hover over the existing user account to reveal a pencil icon on the right side of the row.
Click on the pencil icon to see the Edit User Account window.
Edit User Window Select a new role for the user by choosing a check box next to the role you
want to give this user.
Deselect any roles you do not want assigned to the user.
Click the OK button.
Tenant-Level Permissions
Permissions for users of your Aisera instance are known as tenant-level permissions.
Adding a Tenant-Level Account
You can use the + Add New Account feature to create a tenant-level account for your Aisera Gen AI Platform. This is also known as a Service Account. This account is only used by people who may need to log onto the account server to perform API calls, or other tenant-level tasks.
To create a tenant-level account:
1. Select Settings > User Account in the Aisera Admin UI.
2. Click the + Add New Account button.
3. Choose the Service Account role for your new user.
Creating a Custom Role
NOTE: If you are creating a custom role, make sure your role has at least the following permissions, which are required to view conversations with AI Lens:
intent– Readchannels– ReadAiseraGPT– Read
To create a custom role:
Open Settings > User Accounts in the left navigation menu of the Aisera Administration application.
Select the Roles tab.
User Accounts Window - for Aisera Users Choose + Create Role.
Role Creation Window Enter a Name and Description for the role.
Select an appropriate level of privilege
Options for a New Role
To Edit a Custom Role (Edit)
Open Settings > User Accounts from the left navigation menu of the Aisera Administration application.
Select the Roles tab.
user Accounts Window Select a role that you want to modify. Note that system and default roles are not editable. You can only modify custom roles.
From the Role Detail page, click the row that contains the role you want to modify.
Choose the edit/pencil icon in the upper-right section of the window.
Change the Name, Description or Privileges for the role.
Assigning Your Custom Roles to Users
If you have been assigned to an Administrator role in the Aisera Administration application, you can select specific users and assign custom roles to them.
Open Settings > User Accounts from the left navigation menu of the Aisera Administration application.
Stay on the New Accounts tab of the User Accounts window.
Choose the name of the User who you are assigning your custom role to.
Choose your new role(s) by selecting the checkboxes next to the new role names. You don’t have to uncheck existing roles, just select the new ones that you want to assign to this user.
Setting Application/Bot Viewing Control
Application-level access control is based on the user access attributes. You can read these attributes from the User Profile. This additional access filter works in conjunction with a user’s Aisera roles.
Applications that have no restrictions are available for all users with Read/Write access to the Entity Type called Aisera Applications.
If an access restriction is applied to an embedded application (bot) you are building, then all of the Entities under that application (such as Intents, Flows, Data Sources, Integrations, and Channels) inherit the restriction.
For example, if you want to restrict an application based on a user's department, such as restricting the application to HR Stage so that it is only accessible to users who work in the HR department.
To restrict an application:
Open Settings > Access Control in the left navigation menu of the Aisera Administration application.
Use one of the default attributes or create a new one.
Make sure you select the appropriate user profile property for each attribute.
Value of this user profile property will be extracted from the user profile and set to attribute for the user.
If this is a custom user profile property that is not visible in the dropdown, select "Custom" as the value for the user profile property, and then use the name of the custom field as the name of the Access Attribute.
Access Control Window
Run an Access Attribute Extraction job from Settings > System Jobs > Generic.
a. Select the Data Source you used for your user ingestion.
b. Leave the Start/End time blank.
c. Select Entity User as the entity-type.
d. This job will extract the attributes value from the user profile and persist this data in the user’s access attributes.
Create user accounts for the users who are going to access the Aisera Administration application and assign roles with the. Settings > User Accounts command.
To Create Application/Bot Viewing Restrictions:
Application entity level restrictions are configured at application level.
Select an embedded application (bot you’re building).
Scroll to the bottom of the Details window.
Application Restrictions Click the + Assign Access Attributes button.
Click + Add Access Attribute.
Enter the value. Currently, you need to set the value manually.
Last updated
Was this helpful?