autobotAI
Bot Library
Pricing
Documentation
Resources
Partner Central

Role-Based Access Control (RBAC) for autobotAI

Role-Based Access Control (RBAC) in autobotAI ensures secure and efficient management of user permissions across resources. This guide outlines roles, policies, actions, and steps to manage them effectively.

Overview

RBAC assigns specific actions on resources based on user roles. Each role is governed by ALLOW and DENY policies, ensuring precise control over user permissions.

Note:
By default, new users are assigned the Admin role upon their first sign-in. This default role can be changed by an administrator via the autobotAI API by specifying the ID of a different role. Once the default role is updated, the newly assigned role will automatically apply to all new users created thereafter.

Key Components

Roles

Roles define the permissions a user has to perform actions on specific resources. autobotAI provides the following default roles:

  1. Admin: Unrestricted access to all resources and actions.
  2. ReadOnly: View-only access to resources.
  3. Bot-Builder: Access to create, update, and delete bot configurations.
  4. Approver: Access to view and approve requests.
  5. Service-Portal-User: Access to the service portal.

Policies

Policies govern role permissions and are categorized into:

  1. ALLOW: Grants access to specific actions or resources.
  2. DENY: Explicitly restricts access to actions or resources.

Important:
DENY policies take precedence over ALLOW, enforcing restrictions even if the action is otherwise allowed.

Wildcard Actions

To simplify policy definitions, wildcards can be used:

  1. *: All actions.
  2. read_one_*: Read access to a single resource.
  3. read_all_*: Read access to all resources.
  4. create_*: Allows creation of resources.
  5. update_*: Allows updates to resources.
  6. delete_*: Allows deletion of resources.

Resources

Resources refer to the entities users can interact with. Common resources include:

  1. Bots
  2. Integrations
  3. Approvals
  4. Users

Creating a New Role

Custom roles can be created with specific permissions. Here's an example in JSON:

{
    "name": "custom-role",
    "description": "Custom role for managing specific resources.",
    "policies": {
        "ALLOW": {
            "resource_name": {
                "create_*": {},
                "read_*": {}
            }
        },
        "DENY": {
            "*": {
                "delete_*": {}
            }
        }
    }
}

Access Controls API Calls

The Access Controls API provides a streamlined way to manage user roles, permissions, and access policies in autobotAI. Administrators can use these endpoints to define, assign, and modify roles, ensuring secure and efficient access control across resources.

1. Available Actions

  1. Method: GET
  2. Endpoint: {{base_url}}/access_controls/available_actions
  3. Description: Retrieves a list of available actions for configuring access control.

2. List Roles

  1. Method: GET
  2. Endpoint: {{base_url}}/access_controls/roles
  3. Description: Retrieves all roles defined in the system.

3. Add Role to User

  1. Method: PATCH

  2. Endpoint: {{base_url}}/access_controls/users/{userId}/roles

  3. Request Body:
    Provide the role ID you want to assign to the user:

    {
    "role_id": "676018578ae6ae36056001e3"
}

  4. Description: Assigns a specified role to a user.

4. Set Default Role

  1. Method: PATCH
  2. Endpoint: {{base_url}}/access_controls/default_role
  3. Request Body: 
    {
    "role_id": "676018578ae6ae36056001e3"
}
  4. Description: Sets the default role assigned to new users.

5. Create Role

  1. Method: POST
  2. Endpoint: {{base_url}}/access_controls/roles
  3. Request Body: 
    {
    "name": "Role Name",
    "description": "Role Description",
    "policies": {
        "ALLOW": {
            "resource_name": {
                "action_name": {}
            }
        },
        "DENY": {
            "resource_name": {
                "action_name": {}
            }
        }
    }
}
  4. Example: For creating an approval role, use the following JSON: 
    {
    "name": "approver",
    "description": "This role grants permission to see and approve the approvals",
    "policies": {
        "ALLOW": {
            "approvals": {
                "read_all_approvals": {},
                "read_one_approval": {},
                "read_all_approval_resources": {},
                "update_approval": {}
            }
        },
        "DENY": {}
    }
}
  5. Description: Creates a new custom role with specified permissions.

6. Delete Role

  1. Method: DELETE
  2. Endpoint: {{base_url}}/access_controls/roles/{role_id}
  3. Description: Deletes a role by its ID.

7. Get Role by ID

  1. Method: GET
  2. Endpoint: {{base_url}}/access_controls/roles/{role_id}
  3. Description: Retrieves details of a specific role.

By leveraging these API calls, administrators can maintain precise control over user access and implement a secure, role-based access structure within autobotAI. These endpoints simplify user management while enhancing security across the platform.

Back
listener
Next
workspace