Access Management

The Settings > Configuration > Access Management window allows you to set parameters for your Aisera tenant. These are settings that apply to any bot you create in your Aisera tenant.

Enable Access Management

The Enable Access Management setting activates a filtering step in the Retrieval-Augmented Generation (RAG) pipeline that filters knowledge articles that do not meet the access control specifications. This process ensures the knowledge articles are only served if their attributes, such as language or country, match the required criteria.

Access controls are managed under Settings > Access Controls. For more information see Content Access Controls.

This setting is Off by default.

If important knowledge articles are missing from your RAG results, there may be a configuration error or missing attributes in your source data. To troubleshoot, disable Enable Access Management and test the query again to determine if the articles are being filtered out by the access control specification.

User should match all attributes

This setting is On by default.

The User should match all attributes setting enforces a strict access policy, requiring users to satisfy all necessary built-in attributes for article access. When enabled, knowledge articles are inaccessible unless all access criteria are met. For example, if an article has country and department attributes, users must meet both to access it.

When this setting is disabled, access to documents is granted if users match any of the specified groups. This switches the access logic from AND to OR. For instance, if a document necessitates belonging to a specific department or security group, users can access it by meeting either requirement.

Access policy for optional attributes

Optional attributes are those which are marked as Not Required. These attributes will only be used if this policy is defined.

The Access Policy for Optional Attributes field accepts a Java Expression Language (JEXL) expression that defines how the system evaluates optional attributes during the filtering process.

The expression must return a Boolean value. If the result is true, the attributes are considered a match and the knowledge article is displayed.

Evaluation Syntax

The policy evaluates two primary objects:

User: Represents the User
Entity: Represents the Knowledge Article

You access specific attributes on these objects using the .accessattribute syntax

Multi Value Attributes

There is a built in compareList() function used for evaluating multi-value access attributes. This function compares two lists and returns true if there is any overlap between them.

Example Expression

The following is an example of a policy applied to this field:

(entity.language == null || entity.language == '' || entity.language == 'en' || entity.language == user.language) && compareList(entity.country, user.country)

PreviousTenant Configuration Settings NextAisera Alert

Last updated 10 days ago

Was this helpful?