Roles and Access Control for Chat Users
You can configure AI DIAL to work with various identity service providers, where you can manage your users and user groups.
In the system configuration, you can then add rules and restrictions to manage access to your users to various system resources.
-
For chat users, you can define user groups/roles/pools (it depends on a specific IDP) in your identity service provider (IDP) which are then passed to AI DIAL in JWT. Refer to Auth to view supported IDPs and learn how to configure them.
-
You can then utilize user roles from the JWT claims to define roles in the AI DIAL configuration as a
userRolesparameter value. In the following example, we grant access tochat-gpt-35-turbomodel for users with theoperatoruser role. Using the same pattern, you can define user access to applications, addons, assistants.Important: you must always use roles from the JWT claims that you receive from your IDP.
Refer to settings to view parameters description and to configuration example to view the full example.
"models": {
"chat-gpt-35-turbo": {
"userRoles": [
"operator"
]
}
} -
In the
rolessection of the configuration file, you can configure limits for roles that apply to specific system resources.Effective role rule: If a user has a role A and B from the IDP which are not mentioned in the
rolessection, limits from thedefaultrole apply. If thedefaultrole is not defined in therolessection or does not have limits configured for it - the access is unlimited."roles": {
"azure-group-name": {
"limits": {
"chat-gpt-35-turbo": {
"minute": "200000",
"day": "10000000",
"week": "10000000",
"month": "10000000",
}
}
}
}Refer to settings to view parameters description and to configuration example to view the full example.