ย Github
Authoring conversations
Monitoring & Analyzing
Configuring channels
On screen guidance
Proactive conversations
Users and RolesRoles and permissionsBuilt-in rolesCreating new rolesAssign roles to usersBuilt-in permissions

RBAC (Role based access control)

Botfront allows you to create multiple projects and users. Additionnally you can assign roles to users.

Roles and permissions

Botfront uses a hierarchical persmissions system. Internally there is no difference between a role and a persmission as the system is based on inheritance.

The difference resides in the naming convention. A permission has a [resource]:[action] syntax (e.g nlu-data:x), while the role has no constraint.

While you can create arbitrary roles and permissions in the UI, you can only assign roles to users.

Built-in roles

project-adminCan access and edit all resources of a project. Extends projects:w, users:w[projectId]
global-adminCan access and edit all resources of all projects and edit global settigs. Extends All permissions

Creating new roles

To create a new role, Go to Admin -> Roles, and click the Create role button.

The give your role a name, description, and select the child roles. Here, weโ€™re creating a role that has access to all project resources, but cannot edit project settings, name, etc.

Assign roles to users

In the user page: 1. Click the + to create an assignment. 2. Select the project (left dropdown) and role (right dropdown). Note that you can give one user access to several projects with different roles

To give someone the global-admin role, you must select GLOBAL in the projects dropdown:

Built-in permissions

nlu-data:rCan read NLU data.[projectId]
nlu-data:wCan write NLU data. Extends nlu-data:r.[projectId]
nlu-data:xCan train a model.[projectId]
responses:rCan read bot responses.[projectId]
responses:wCan create, delete and edit bot responses. Extends responses:r.[projectId]
stories:rCan read story content. Extends nlu-data:r, responses:r.[projectId]
stories:wCan create, delete and edit stories. Extends stories:r.[projectId]
triggers:rCan access story triggers. Extends stories:r.[projectId]
triggers:wCan add, edit, or delete story triggers. Extends triggers:r.[projectId]
incoming:rCan read incoming data. Extends stories:r.[projectId]
incoming:wCan process incoming data. Extends nlu-data:w, incoming:r.[projectId]
analytics:rCan view and download analytics data. Extends incoming:r.[projectId]
analytics:wCan edit analytics dashboards. Extends analytics:r.[projectId]
share:xCan enable and disable the share chatbot link[projectId]
export:xCan export project data.[projectId]
import:xCan import and overwrite project data.[projectId]
git-credentials:rCan view git credentials in project settings.[projectId]
git-credentials:wCan edit git credentials in project settings. Extends: git-credentials:r[projectId]
projects:rCan read everything in a project and access a project settings. Extends: incoming:r, triggers:r, stories:r, responses:r, nlu-data:r, analytics:r, export:x, git-credentials:r[projectId]
projects:wCan edit project meta information and settings. Extends projects:r, share:x, import:x, git-credentials:w. If no projectId constraint is specified this permission allows adding, editing, and removing projects.[projectId]
resources:rCan access project deployment environment, instance, and endpoint settings. Extends projects:r[projectId]
resources:wCan access and edit project deployment environment, instance, and endpoint settings. extends projects:w, resources:r[projectId]
users:rCan access user information. Extends roles:r[projectId]
users:wCan add, edit, or remove user details and roles. Extends users:r.[projectId]
global-settings:rCan access global settings.
global-settings:wCan edit global settings. Extends global-settings:r.
roles:rCan view roles.
roles:wCan add, edit, or remove roles.

If no projectId constraint is specified the permission applies to al projects.

๐Ÿ–Š๏ธ Edit this page on Github