Versions Compared

Version Old Version 9 New Version Current
Changes made by

Matt Birtch

Matt Birtch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Resources

With the addition of Multi-bot capabilities, we now propose access controls to be available for each bot. Providing access control at the bot level gives admins flexibility to restrict certain LLMs to certain groups of users or specified channels.

Bot

...

access

The way we’re thinking about access controls is that each bot can play different ‘roles’:

Channel -based assistanceaccess: Bots can use the context of a channel they’re allowed to access and provide expert assistance on that channel to end users. Admins can enable or disable this role for each bot.

Personal assistanceUser access: The bot can look across only messages the user has access to, in order to provide assistance or answers to questions from sources across the workspace. The bot will only share those answers personally with that user and no one else. Admins can enable or disable this role for each bot.

...

Defaults

By default, both of these ‘roles’ are enabled and ‘allow all’ is the default selection for access options.

Channel-based assistance: access options

...

...

Channel access options

Admins can decide which channels the bot (and its associated LLM) has access to. They can choose to allow for all channels, allow for selected channels, block selected channels, or block selected all channels.

Allow access to all channels (default)

Allow for all channels is the initial default when a bot is created.

...

Allowing for specific channels

When the Allow for specific selected channels radio button is selected, a text area is revealed below the radio group where admins can enter and select individual channels, or entire Teams.

...

When you click in the field and start typing, an autocomplete menu displays with options that narrow down as you type.

...

When an item is selected from the autocomplete list, a chip is added to the text area.

...

Chips can be removed by clicking the x icon on the right side of the chip.

Blocking access to content from selected channels

When the Block bot access to content in specific selected channels radio button is selected, a text area is revealed below where admins can enter and select individual channels or entire Teams.

...

This field behaves the same as the allow text area above with the autocomplete and chip interactions.

...

User access options

If ‘personal assistance’ is enabled for a bot, admins Admins can also decide which users can have access. They can choose to allow access to all users, allow selected users, or block selected users.

Allow for all users (default)

...

Allowing only selected users

When the Allow selected users radio button is selected, a textarea reveals below the radio group where admins can enter and select individual users, LDAP groups, or entire Teams.

NOTE: custom users groups are currently not allowed since there are not no permission controls on user groups right now.

...

Chips can be removed by clicking the x icon on the right side of the chip.

Blocking selected users

When the Block selected users radio button is selected, a text area is revealed below where admins can enter and select individual users, custom user groups, LDAP groups, or entire Teams.

...

This field behaves the same as the allow text area above with the autocomplete and chip interactions.

...

Channel assistance for end users

coming soon…

Users who have not been given access to a bot’s personal assitance

When users is blocked from accessing a specific bot’s personal assistance capability, it will not be available for them to select from the various dropdowns throughout the UI (e.g. RHS, thread summarization, channel summarization).

If there is only one bot left that they have access to, the bot dropdown is no longer visible at all and bots cannot be changed.

...

If a user has been restricted from using all bots, AI tools are not available to them anywhere. If they attempt to open the Copilot RHS, they will get a notice that access to Copilot has not been granted to them.

...

In addition, for users who have been restricted from using any bots, the sparkle menu button in the post menu and new message line are not visible.

Channels where channel-based assistance is not allowed

  • In channels where bots do not have access, that bot will not be selectable from the summarization menus

  • If a user has access to bots, but a channel has no bot access, then the sparkle button menus will appear empty with a notice that this channel doesn’t have access to use AI tools.

...

See UX Spec: Copilot Channel Assistance

  • When a channel only has one bot that can access it, the summarization menus do not show the dropdown for bot selection

  • When a channel has multiple bots that can access it, the summarization menus show the dropdown to select the bot - with the default bot preselected

  • When no bots have access to a channel, the sparkle button and ‘ask ai’ buttons do not show in the channel header or new message line respectively.

User access to bots in the Copilot RHS

  • When a user has been given access to one bot, the dropdown will not show to choose other bots. They will simple use the one configured bot always.

  • When a user has been given access to multiple bots, they will see the dropdown to select the active bots with the default bot preselected

  • When a user has no access to any bots, they cannot use any of the copilot features. The sparkle buttons should be hidden from them and the copilot RHS will not be interactive (see below), but will show a ‘you don’t have permission' screen.

...