Skip to main content

Access & Cost Control

About Roles

Roles in AI DIAL are used to enable a roles-based access to resources (applications, models, files, conversations and prompts) and also for cost control.

  • Resource Access Control: Roles determine who can use specific resources like AI models or applications. For instance, you can grant "operator" users access to the "chat-gpt-35-turbo" model.
  • Usage Limits: Roles can enforce limits on resource usage, preventing overuse and abuse. You can set daily, weekly, or monthly token limits for specific roles using a model.
  • Custom Application Logic: Developers can leverage roles within their applications to create custom behaviors. By accessing role information from user tokens, applications can tailor responses or restrict access to internal assets.
  • System Feature Access: Roles manage access to system-level features, ensuring only authorized users have access. For example, only users with the "admin" role might be able to access the administration console.

In essence, roles in AI DIAL provide a flexible and granular mechanism for managing access, controlling resource utilization, and customizing application behavior.

Refer to AI DIAL Core repository to see how to add roles to the AI DIAL Core configuration.

API Keys

API keys, combined with roles and configuration settings, provide a robust mechanism for managing how external applications and services interact with your resources, ensuring security and controlled usage.

Here's how it works:

Configuration and Management: The aidial.config.json file in AI DIAL Core is where you define API keys, their roles, and the associated access limitations. This centralized configuration allows for granular management of API access and resource utilization.

Refer to DIAL Core to view configuration examples.

Role-Based Access: API keys are assigned specific roles, which dictate the resources they can access. These roles are linked to system resources like like models, applications, conversations, prompts and files.

Defining Access and Restrictions: You create an API key and assign it a role (e.g., "user"). Then, you define the permissions and limitations associated with that role. For example, the "user" role might grant access to the "chat-gpt-35-turbo" model but with specific usage limits (tokens per minute, day, etc.).

Refer to Roles and Access Control for API Keys to learn how to configure roles and limits for API keys.

JWT

AI DIAL allows you to control how chat users access system resources like models, applications, conversations, prompts and files. This is achieved by integrating with your existing identity service provider (IDP) and using roles for granular access management.

IDP Integration: AI DIAL connects with your IDP (e.g., Azure Active Directory) to manage users and groups. You define user roles and groups within your IDP, which are then passed to AI DIAL through JWT (JSON Web Token). Refer to Configure IDPs Tutorials to learn what IDPs are supported and how to configure this integration.

Role-Based Access Control: In the AI DIAL Core configuration, you specify which user roles from your IDP have access to specific resources (models, applications, conversations, prompts and files). For example, you can grant the "operator" role access to the "chat-gpt-35-turbo" model. Refer to JWT Roles & Limits to learn how to configure roles.

Usage Limits by Role: You can define usage limits for each role to prevent resource overuse. This could involve setting limits on tokens per minute, day, or month for a specific model. Refer to JWT Roles & Limits to learn how to configure limits for roles.