Group/Domain-Based Permission

In organizations with multiple departments, it's crucial to segregate access to conversation logs to maintain privacy and ensure that sensitive information is only accessible to authorized personnel. This feature prevents unauthorized access to conversation logs, thereby protecting sensitive data and ensuring compliance with data privacy regulations.

The Groups or Domain-Based Permission restricts access to conversation logs based on the domain or intent associated with the conversation. This ensures that administrators can only access conversations pertinent to their specific business domains, enhancing data security and confidentiality.

Here are a few benefits you of implementing Group/Domain based permissions

Restricted access to conversation logs, ensuring that only authorized users can view sensitive information provided by user.
Minimizes the risk of data breaches by limiting exposure of sensitive conversations to unauthorized personnel. Helps maintain the privacy of conversations by segregating access based on departments or business units, such as HR, IT, Finance, etc.
Ensures that sensitive information is only accessible to those with a legitimate need, reducing the likelihood of accidental or intentional data leaks.
Assists in adhering to various data protection regulations (e.g., GDPR, HIPAA) by ensuring that access to confidential information is appropriately restricted.

Enabling Group-Based Permission

As a Tenant administrator, you can enable Group/Domain based permission for your tenant. To do so, follow the below steps:

Navigate to tenant settings and enable the group-based permission option.
Next step is to setup Default Admin Group. It is recommended to minimum number to administrators in the Default Admin groups. This is because the DEfault admin has access to all the conversations. Retain only required number of users in the Default Admin Group.
1. Navigate to User administration → groups.
2. Open Default Admin group
3. Scroll to Users section. Select the users and click on Remove.
Next Create and Associate Groups to Domain:
- Create new a group. This group should manage the conversations in a specific domain
- Add the group name and select Permission. Click create.
- Now Associate the groups with the relevant domains.
User Association:
- Next scroll down to Users section and add the require administrators to the group.

Administrators can toggle the group-based permissions for conversations
Once Group based permission is enabled, new administrator are added to the Public Group instead of the Default Admin Group. These admin users will only have execution permissions to skills available to Public group. Ensure that the admins are added to appropriate groups to ensure they can execute the required skills
Only Default Admin can add or remove users from the Groups that are associated to any Domains.
Administrators will have access to conversation logs from the domains they are part of. Default admin can access all conversations.
Conversations identified with unclassified or Greylisted Domains will be visible only to Default Admin users.

Domain Classification in a Conversation

There are three ways in which a domain is classified in a conversation:

Skill Execution: The first non-startup skill executed in the conversation is used to identify the domain in the conversation.
Domain identified using the Intent Categorization Step executed as part of the conversation
If the domain is not identified using the skill or conversation, using LLM (Large Language Model) to determine at the send of the conversation.

You can view the identified domain in the conversation logs.

Click on Business Domain to view the list.

Dashboard Reports honor the domain permissions, i.e. the reports only contain the conversions from the admin’s permited domain.
Export/Import Group Permissions: Group permissions will be exported along with business domains and imported into the target tenant if the groups are already available.