Skip to content

Latest commit

 

History

History
45 lines (34 loc) · 2.81 KB

2.chat-users-roles.md

File metadata and controls

45 lines (34 loc) · 2.81 KB

Roles and Access Control for JWT

You can configure AI DIAL to work with various identity service providers, where you can manage your users and user groups.

In the system configuration, you can then add rules and restrictions to manage access to your users to various system resources.

  1. For chat users, you can define user groups/roles/pools (it depends on a specific IDP) in your identity service provider (IDP) which are then passed to AI DIAL in JWT. Refer to Configure IDPs to view supported IDPs and learn how to configure them.

  2. You can then utilize user roles from the JWT claims to define roles in the AI DIAL configuration as a userRoles parameter value. In the following example, we grant access to chat-gpt-35-turbo model for users with the operator user role. Using the same pattern, you can define user access to applications, addons, assistants.

    • Important: you must always use roles from the JWT claims that you receive from your IDP.
    • Default Role and Unrestricted Access: If a user's IDP roles aren't explicitly mentioned in the AI DIAL configuration, a "default" role is applied. If the "default" role is not defined or has no limits set, access to the resource is unrestricted.

    Refer to AI DIAL Core Dynamic Settings to view parameters description and to configuration example to view the full example.

    "models": {
    "chat-gpt-35-turbo": {
        "userRoles": [
            "operator"
            ]
        }
}

  3. In the roles section of the configuration file, you can configure limits for roles that apply to specific system resources.

    Effective role rule: If a user has a role A and B from the IDP which are not mentioned in the roles section, limits from the default role apply. If the default role is not defined in the roles section or does not have limits configured for it - the access is unlimited.

     ```json
 "roles": {
     "azure-group-name": {
         "limits": {
             "chat-gpt-35-turbo": {
                 "minute": "200000",
                 "day": "10000000",
                 "week": "10000000",
                 "month": "10000000",
             }
         }
     }
 }
 ```

 > Refer to [AI DIAL Core Dynamic Settings](https://github.com/epam/ai-dial-core?tab=readme-ov-file#dynamic-settings) to view parameters description and to [configuration example](https://github.com/epam/ai-dial-core/blob/development/sample/aidial.config.json) to view the full example.