Group/Domain-Based Permission

In organizations with multiple departments, it's crucial to segregate access to conversation logs to maintain privacy and ensure that sensitive information is only accessible to authorized personnel. This feature prevents unauthorized access to conversation logs, thereby protecting sensitive data and ensuring compliance with data privacy regulations.

The Groups or Domain-Based Permission restricts access to conversation logs based on the domain or intent associated with the conversation. This ensures that administrators can only access conversations pertinent to their specific business domains, enhancing data security and confidentiality.

Here are a few benefits you of implementing Group/Domain based permissions

  • Restricted access to conversation logs, ensuring that only authorized users can view sensitive information provided by user.

  • Minimizes the risk of data breaches by limiting exposure of sensitive conversations to unauthorized personnel. Helps maintain the privacy of conversations by segregating access based on departments or business units, such as HR, IT, Finance, etc.

  • Ensures that sensitive information is only accessible to those with a legitimate need, reducing the likelihood of accidental or intentional data leaks.

  • Assists in adhering to various data protection regulations (e.g., GDPR, HIPAA) by ensuring that access to confidential information is appropriately restricted.

Enabling Group-Based Permission

As a Tenant administrator, you can enable Group/Domain based permission for your tenant. To do so, follow the below steps:

  1. Navigate to tenant settings and enable the ‘Group-based permission’ option.

  2. Next step is to setup Default Admin Group. It is recommended to have a minimum number to administrators in the Default Admin groups. This is because the default admin has access to all the conversations that are not categorized under any domain. Retain only required number of users in the Default Admin Group.

    1. Navigate to User administration → groups.

    2. Open Default Administrator Group

    3. Scroll to the Users section. Select the users and click on Remove.

  3. Next, create a new custom group specifically for Default Admin:

    1. Create a group for the default admin.

    2. Add the default administrators to the group.

    3. Next associate all the domains Whitelisted and blacklisted domains to the group

    4. Now the default admin can view the conversations that are categorized under a domain that a specific group does not manage.

  4. Now Create and Associate Groups to Domain:

    • Create new a group. This group should manage the conversations in a specific domain

    • Add the group name and select Permission. Click create.

    • Now Associate the groups with the relevant domains.

  5. User Association:

    • Next scroll down to Users section and add the require administrators to the group.

  • Administrators can toggle the group-based permissions for conversations

  • Once Group-based permission is enabled, new administrators are added to the Public Group instead of the Default Admin Group. These admin users will only have execution permissions to skills available to the Public group. Ensure that the admins are added to appropriate groups to ensure they can execute the required skills

  • Only the Default Admin can add or remove users from the Groups that are associated to any Domains.

  • Administrators will have access to conversation logs from the domains they are part of.

  • Ensure the Default admin group is added to all the domains (blacklisted or whitelisted), so they can access all conversations. If you do not wish the default admins to access conversations from a group, remove the group from the domain.

  • Conversations identified with unclassified or Greylisted Domains will be visible only to Default Admin users.

Domain Classification in a Conversation

There are three ways in which a domain is classified in a conversation:

  1. Skill Execution: The first non-startup skill executed in the conversation is used to identify the domain in the conversation.

  2. Domain identified using the Intent Categorization Step executed as part of the conversation

  3. If the domain is not identified using the skill or conversation, using LLM (Large Language Model) to determine at the send of the conversation.

You can view the identified domain in the conversation logs.

image-20240808-085300.png

Click on Business Domain to view the list.

image-20240808-085419.png
  • Dashboard Reports honor the domain permissions, i.e. the reports only contain the conversions from the admin’s permited domain.

  • Export/Import Group Permissions: Group permissions will be exported along with business domains and imported into the target tenant if the groups are already available.

© 2019 Serviceaide 1-650-206-8988 http://www.serviceaide.com info@serviceaide.com