Version: 1.4.x

Role-Based Access Control

When setting up Rasa Enterprise, you can create users in the UI, or you can create users from within the Rasa Enterprise pod as follows:

kubectl -n <your-namespace> exec <rasa-x-pod-name> -- python scripts/manage_users.py create <username> <password> <role>

You can use the manage_users.py script to create as many users as you want. These users will sign in with the username and password you created for them, and they can change their password any time they log in.

New users are automatically created when they first sign in via single sign-on (SSO).

Permission Management

By default, there are three user roles defined: admin, annotator and tester. Admin users can customize these roles and assign users to them.

Use the User menu to navigate to the Manage Roles page. Here you can customize the permissions associated with each role, and also create new roles. Roles are defined by the set of permissions they grant. Here’s an overview of all permissions that can be assigned in Rasa Enterprise:

Category“view” permissions“modify” permissions
Test conversationhave a conversation with the assistant and see the user’s own conversation history-
Conversationsview all users’ conversation history and apply filters; view conversation evaluationsflag conversations
NLU training Dataview and download NLU training data and suggestionscreate, delete, replace, update NLU training data; create, delete, update temporary intents and user goals
Storiesview and download storiescreate, delete, replace, update stories
Responsesview response templatescreate, delete, update response templates
Modelsview and pull modelstrain models; update model training config; create, delete, update model tags; create, delete Rasa NLU evaluations
Analytics dashboardview analytics dashboard-
Deployment environmentview deployment environments configmodify deployment environments config
Share botview share bot modal

Default Roles

Use the User menu to navigate to the Manage Users page to assign users to roles.

These are the permissions granted to the three default roles:

Default rolePermissions
adminall
annotatorTest conversation: “view”; NLU training data: “view” and “modify”; Responses: “view” and “modify”; Stories: “view” and “modify”
testerTest conversation: “view”