RBAC (Role based access control)
Botfront allows you to create multiple projects and users. Additionnally you can assign roles to users.
Roles and permissions
Botfront uses a hierarchical persmissions system. Internally there is no difference between a role and a persmission as the system is based on inheritance.
The difference resides in the naming convention. A permission has a
[resource]:[action] syntax (e.g
nlu-data:x), while the role has no constraint.
While you can create arbitrary roles and permissions in the UI, you can only assign roles to users.
|Can access and edit all resources of a project. Extends |
|Can access and edit all resources of all projects and edit global settigs. Extends All permissions|
Creating new roles
To create a new role, Go to Admin -> Roles, and click the Create role button.
The give your role a name, description, and select the child roles. Here, we’re creating a role that has access to all project resources, but cannot edit project settings, name, etc.
Assign roles to users
In the user page: 1. Click the + to create an assignment. 2. Select the project (left dropdown) and role (right dropdown). Note that you can give one user access to several projects with different roles
To give someone the global-admin role, you must select GLOBAL in the projects dropdown:
|Can read NLU data.|
|Can write NLU data. Extends |
|Can train a model.|
|Can read bot responses.|
|Can create, delete and edit bot responses. Extends |
|Can read story content. Extends |
|Can create, delete and edit stories. Extends |
|Can access story triggers. Extends |
|Can add, edit, or delete story triggers. Extends |
|Can read incoming data. Extends |
|Can process incoming data. Extends |
|Can view and download analytics data. Extends |
|Can edit analytics dashboards. Extends |
|Can enable and disable the share chatbot link|
|Can export project data.|
|Can import and overwrite project data.|
|Can view git credentials in project settings.|
|Can edit git credentials in project settings. Extends: |
|Can read everything in a project and access a project settings. Extends: |
|Can edit project meta information and settings. Extends |
|Can access project deployment environment, instance, and endpoint settings. Extends |
|Can access and edit project deployment environment, instance, and endpoint settings. extends |
|Can access user information. Extends |
|Can add, edit, or remove user details and roles. Extends |
|Can access global settings.|
|Can edit global settings. Extends |
|Can view roles.|
|Can add, edit, or remove roles.|
projectIdconstraint is specified the permission applies to al projects.