Edit

Aisera Platform Roles, Permissions, and Bot Access

There are several levels of Aisera permissions. Before you can begin setting up roles, it is important to understand the different versions of the Aisera Admin UI that affect how permissions are granted.

Each User Role has a permission value, so you can assign roles to users with out-of-the-box functionality.

In addition, you can control Aisera platform user permissions at the tenant level or at the application/bot level, using the Access Control feature.

These permissions are discussed in the following sections:

When you create roles and permissions, it is a best practice to document the reasons with examples of each role and permission you created. Although you can see the permissions in the UI, it may be difficult for you to determine where a specific restriction is coming from.

Understanding Aisera Admin UI Versions

If you have Administrator privileges, you can manage Roles and Permissions using the Aisera Admin UI.

Permissions for each Role in the Aisera platform are based on the type of Aisera Administration application you’re using, and the Entity Types that your application has access to.

Entity Types refer to Aisera objects. These are items like Intents, Fulfillments, Tickets, and Data Sources that you interact with in either the embedded application (bot) you’re creating, or within the Aisera Administration application.

The User Role, the Entity Types available to that role, and the permissions on each of the Entity Types, determine the entities that you will see on windows within the application. Privilege levels for the entities are: Read, Write (Read and Write), or None..

For instance, if your User Role is excluded from accessing the Intents Entity Type (object), then you will not see any Intents values or information when you look at windows within the Aisera Administration application. If your role only has Read privileges for the Intent entity, then you will be able to see (but not change) Intent data within a window.

Variations of the Aisera Administration Application

The three main variations of the Aisera Administration application are:

  • AI Service Desk

  • AI Customer Service Desk

  • AI Ops

All of the Administration Application configurations have access to the following Common Entity Types (objects):

  • User

  • Ticket

  • Datasource

  • Channel

  • Integration

  • Flow

  • System Trigger

  • JobExecution

  • Settings

  • Audit

  • Email Template

  • Model

  • ModelJob

  • TenantUser

Each of the Administration configurations has access to specific additional entity types:

  • AI Service Desk

    • Request

    • Application

    • EzType

    • EzEntiity

    • Knowledge

    • AccessAttribute

    • Intent

    • Conversation Message

    • IntentUtteranceRevision

    • DirectEscalation

  • AI Customer Service Desk

    • Request

    • Application

    • EzType

    • EzEntity

    • Knowledge

    • AccessAttribute

    • Intent

    • Conversation Message

    • IntentUtteranceRevision

  • AI Ops

    • MajorIncident

    • AiseraAlert

    • CmdbCi

Setting Application/Bot Viewing Control

Application-level access control is based on the user access attributes. You can read these attributes from the User Profile. This additional access filter works in conjunction with a user’s Aisera roles.

Applications that have no restrictions are available for all users with Read/Write access to the Entity Type called Aisera Applications.

If an access restriction is applied to an embedded application (bot) you are building, then all of the Entities under that application (such as Intents, Flows, Data Sources, Integrations, and Channels) inherit the restriction.

For example, if you want to restrict an application based on a user's department, such as restricting the application to HR Stage so that it is only accessible to users who work in the HR department.

To restrict an application:

  1. Open Settings > Access Control in the left navigation menu of the Aisera Administration application.

    1. Use one of the default attributes or create a new one.

    2. Make sure you select the appropriate user profile property for each attribute.

      1. Value of this user profile property will be extracted from the user profile and set to attribute for the user.

      2. If this is a custom user profile property that is not visible in the dropdown, select "Custom" as the value for the user profile property, and then use the name of the custom field as the name of the Access Attribute.

        Access Control Window

  2. Run an Access Attribute Extraction job from Settings > System Jobs > Generic.

    a. Select the Data Source you used for your user ingestion.

    b. Leave the Start/End time blank.

    c. Select Entity User as the entity-type.

    d. This job will extract the attributes value from the user profile and persist this data in the user’s access attributes.

  3. Create user accounts for the users who are going to access the Aisera Administration application and assign roles with the. Settings > User Accounts command.

PreviousUser EngagementNextRole Based Access Controls Overview

Last updated

Was this helpful?