Access Control

Control who can access your organization's data.

Access Control is an Enterprise-only feature. Please contact us to learn more about our Enterprise offering.

tldr: Users with AccountAdmin role has full access to everything in your organization. Users with AccountUser role has read-only access to collections. By default, all new users are assigned AccountUser role.

Role-Based Access Control (RBAC)

ChatBees implements Role-Based Access Control to help administrators control who has access to their organization's data. In simple terms, you can assign Roles to Users. These Roles contain Privileges that allow Users to access resources.

Privileges

Read: Able to retrieve a resource (e.g. Get, List, Describe)
Write: Able to modify a resource (e.g. Create, Update, Delete)
Admin: Able to retrieve or modify resources of other users (e.g. delete or invite user)

Roles

AccountAdmin: Grants Read, Write and Admin privileges to all resources in the account
AccountUser: Grants Read privilege to all resources in the account

By default, new users are assigned AccountUser role (except for the first user of the account). AccountAdmin can modify roles assigned to other users

Table below shows all API endpoints and the required privilege.

API

Description

Req. Priv.

/account/create_registration_token

Creates registration token to onboard new users

Admin

/account/get_user

Returns user's information

Admin

/account/update_user

Updates a user's role

Admin

/account/delete_user

Deletes a user

Admin

/account/list_users

Lists all existing users

Admin

/apikey/create

Create a personal API key

/apikey/delete

Deletes a personal API key

/apikey/list

Lists personal API keys

/collections/create

Creates a Collection

Write

/collections/configure

Updates a Collection's configuration

Write

/collections/delete

Deletes a Collection

Write

/collections/list

Lists all Collections

Read

/collections/describe

Describes a Collection

Read

/connectors/list

Lists connected connectors

Admin

/connectors/delete

Delete a connector

Admin

/accesslogs/list

Lists account access logs

Admin

/accountusage/get

Get account usage summary

Admin

/docs/add

Adds a local or hosted document from an online source to a collection

Write

/docs/delete

Deletes a document from a collection

Write

/docs/list

Lists documents in the collection

Read

/docs/ask

Asks a question in a collection

Read

/docs/search

Semantic search in a collection

Read

/docs/summary

Summarize a document in a collection

Read

/docs/list_access

Lists Q/A history of a collection

Admin

/docs/configure_chat

Configures persona etc of a collection. Affects future ask requests

Write

/docs/create_ingestion

Create a task to ingest from a data source

Write

/docs/get_ingestion

Gets the current ingest task progress

Write

/docs/index_ingestion

Indexes (trains) ingested data into collection

Write

/docs/delete_ingestion

Deletes indexed (trained), ingested data from collection

Write

PreviousNamespace and Collection NextTicket AI Agent

Last updated 8 months ago

Role-Based Access Control (RBAC)

Privileges

Read: Able to retrieve a resource (e.g. Get, List, Describe)

Write: Able to modify a resource (e.g. Create, Update, Delete)

Admin: Able to retrieve or modify resources of other users (e.g. delete or invite user)

Roles

AccountAdmin: Grants Read, Write and Admin privileges to all resources in the account

AccountUser: Grants Read privilege to all resources in the account

By default, new users are assigned AccountUser role (except for the first user of the account). AccountAdmin can modify roles assigned to other users

Table below shows all API endpoints and the required privilege.

API

Description

Req. Priv.

/account/create_registration_token

Creates registration token to onboard new users

Admin

/account/get_user

Returns user's information

Admin

/account/update_user

Updates a user's role

Admin

/account/delete_user

Deletes a user

Admin

/account/list_users

Lists all existing users

Admin

/apikey/create

Create a personal API key

/apikey/delete

Deletes a personal API key

/apikey/list

Lists personal API keys

/collections/create

Creates a Collection

Write

/collections/configure

Updates a Collection's configuration

Write

/collections/delete

Deletes a Collection

Write

/collections/list

Lists all Collections

Read

/collections/describe

Describes a Collection

Read

/connectors/list

Lists connected connectors

Admin

/connectors/delete

Delete a connector

Admin

/accesslogs/list

Lists account access logs

Admin

/accountusage/get

Get account usage summary

Admin

/docs/add

Adds a local or hosted document from an online source to a collection

Write

/docs/delete

Deletes a document from a collection

Write

/docs/list

Lists documents in the collection

Read

/docs/ask

Asks a question in a collection

Read

/docs/search

Semantic search in a collection

Read

/docs/summary

Summarize a document in a collection

Read

/docs/list_access

Lists Q/A history of a collection

Admin

/docs/configure_chat

Configures persona etc of a collection. Affects future ask requests

Write

/docs/create_ingestion

Create a task to ingest from a data source

Write

/docs/get_ingestion

Gets the current ingest task progress

Write

/docs/index_ingestion

Indexes (trains) ingested data into collection

Write

/docs/delete_ingestion

Deletes indexed (trained), ingested data from collection

Write