Access Management
The Settings > Configuration > Access Management window allows you to set parameters for your Aisera tenant. These are settings that apply to any bot you create in your Aisera tenant.
Enable Access Management
When enabled, a filtering step is applied during content retrieval that checks whether each knowledge article meets access control criteria before serving it to the user. Articles that do not meet the criteria will be excluded from search and recommendation results. All articles remain indexed regardless of this setting; access decisions are made per-request based on the requesting user's profile.
The system supports three filtering methods, which can be configured per datasource: attribute-based filtering, workflow-based filtering, and API-based filtering. Attribute-based filtering compares user profile attributes against article attributes such as country, language, or role. Workflow-based and API-based filtering delegate the access decision to an external system.
This setting is the master switch for the Access Management configuration group. The companion settings, User should match all attributes and Access policy for optional attributes, are only evaluated when this setting is enabled.
This setting is Off by default.
If important knowledge articles are missing from your RAG results, there may be a configuration error or missing attributes in your source data. To troubleshoot, disable Enable Access Management and test the query again to determine if the articles are being filtered out by the access control specification.
User should match all attributes
This setting is On by default. It is only evaluated when Enable Access Management is enabled.
This setting controls how multiple required access attributes are combined when determining whether a user can access an article.
When enabled, a user must satisfy all required attributes on an article to access it. For example, if an article requires both a specific country and a specific department, the user must match both.
When disabled, a user can access an article by matching any one of its required attributes. Using the same example, a user who matches the country but not the department will still be granted access.
When a single attribute has multiple accepted values, matching any value will fullfill the requirement of the filter. For example, if an article accepts the roles "Admin" or "Editor," a user with either role will satisfy the roles attribute.This setting governs whether the user must also match additional attributes like region or department.
Access policy for optional attributes
This field is only evaluated when Enable Access Management is enabled.
Optional attributes are those marked as Not Required in the access attribute definitions. When this field is empty, optional attributes are not used during access filtering. Defining a policy in this field activates filtering based on optional attributes.
This field accepts a JEXL expression that defines how the system evaluates optional attributes. The expression must return a Boolean value. If the result is true, the knowledge article is displayed. If the result is false, the article is filtered from the results.
This policy is only evaluated after an article has passed the required attributes check. If an article fails the required attributes check, this policy is not applied.
Evaluation Syntax
The expression evaluates two objects:
user: Represents the user's access attributesentity: Represents the knowledge article's access attributes
You access specific attributes on these objects using dot notation, for example user.language or entity.country.
All attribute values are compared in lowercase. Expressions should use lowercase values for string comparisons to ensure correct matching.
Multi-Value Attributes
A built-in compareList() function is available for evaluating multi-value access attributes. This function compares two lists and returns true if there is any overlap between them. If the entity's list is empty or null, the function returns true. If the entity's list has values but the user's list is empty, the function returns false.
Example Expression
The following is an example of a policy applied to this field:
This expression grants access when the article's language is unset, empty, English, or matches the user's language, and the user's country overlaps with the article's country list.
If the expression contains a syntax error, articles that reach this stage of evaluation will be filtered out. Verify that the expression is valid before saving.
Last updated
Was this helpful?