Roles and Access Control for Chat Users
You can configure AI DIAL to work with various identity service providers, where you can manage your users and user groups.
In the system configuration, you can then add rules and restrictions to manage access to your users to various system resources.
-
For chat users, you can define user groups/roles/pools (it depends on a specific IDP) in your identity service provider (IDP) which are then passed to AI DIAL in JWT. Refer to Auth to view supported IDPs and learn how to configure them.
-
You can then utilize user roles from the JWT claims to define roles in the AI DIAL configuration as a
userRoles
parameter value. In the following example, we grant access tochat-gpt-35-turbo
model for users with theoperator
user role. Using the same pattern, you can define user access to applications, addons, assistants.Important: you must always use roles from the JWT claims that you receive from your IDP.
Refer to settings to view parameters description and to configuration example to view the full example.
"models": {
"chat-gpt-35-turbo": {
"userRoles": [
"operator"
]
}
} -
In the
roles
section of the configuration file, you can configure limits for roles that apply to specific system resources.Effective role rule: If a user has a role A and B from the IDP which are not mentioned in the
roles
section, limits from thedefault
role apply. If thedefault
role is not defined in theroles
section or does not have limits configured for it - the access is unlimited."roles": {
"azure-group-name": {
"limits": {
"chat-gpt-35-turbo": {
"minute": "200000",
"day": "10000000"
}
}
}
}Refer to settings to view parameters description and to configuration example to view the full example.