Permissions

The entry point for permissions is as follows:

---

User Management

How to Add a New User?

The steps to add a new user are as follows:

1. Go to Management > Permissions > User Management page.
2. Click the Add User button on the right to enter the Add User page.
3. Fill in user information:
   • Username: Enter the new user's username (within 50 characters).
   • Real Name: Enter the user's real name (within 50 characters).
   • Is Azure Entra ID Account: Select whether this is an Azure Entra ID account.
   • Is Administrator: Choose whether to set this user as an administrator.
   • Other information (such as email, organization, role, etc.) is optional and can be filled in as needed.
4. After completing the information, click the Confirm button to create the new user.

💡 Tip: If you select Azure Entra ID for the new user, the email field is required.

How to Change a User's Password?

The system supports changing user passwords in the following two ways:

1. Method 1: Administrator Resets Password (for users who forgot their password or for initial setup)

The administrator can generate a temporary random password for the user. The user must change the password immediately after logging in for the first time.

• Navigate to Management > Permissions > User Management page.
• Find the user whose password needs to be reset, click the three dots next to the user, and select Reset Password.
• In the pop-up confirmation dialog, click Confirm. The system will generate a new random password.
• Copy the new password and provide it to the user to complete the password reset.

💡 Tip:

• After resetting the password, the user will be required to change the password upon first login, thus achieving the purpose of password modification.
• The password must be at least 10 characters and contain uppercase and lowercase letters, numbers, and special characters.

2. Method 2: User Self-Service Password Change

After logging in, users can change their own password at any time in the personal center.

• Click the user avatar at the bottom right corner of the system interface to enter the Personal Center.
• Click on password, enter the old password (the system usually auto-fills the current login account's password);
• According to the password rules above, enter and confirm the new password, then click Confirm to successfully change the password.

Personal Center

The Personal Center is the core page for users to view and manage their own account information and preferences. Here you can check your profile, view your permissions, and customize the system display language and theme.

Access Path: Click the user avatar at the bottom right corner of the system interface.

User Information

This area displays the basic identity information of the user account.

• Username: The account used to log into the system.
• Real Name: The real name registered in the system.
• Organization: The organization or department the user belongs to.
• Role: The system role assigned to the user (e.g., admin, administrator).
• Permissions: The list of specific operation permissions the user has (e.g., Skill Management, Agent, MCP, etc.), determined by the administrator.
• Phone Number and Email: Bound contact information, can be used for login or receiving notifications.
• Password: Displayed as asterisks (*******). To change it, usually click the button on the right to enter the password change process.

General Settings

Users can personalize the system interface here for a more customized experience.

• Multi-language: Switch the display language of the entire system interface. Available languages include: English, Simplified Chinese, Traditional Chinese, Japanese, German, Korean.
• Theme: Switch the overall visual theme color of the system. Currently, Purple and Blue themes are available.
• Logout: Click this button to safely log out of the current account.

💡 Tip: Most information in the Personal Center is read-only and is configured and maintained by the system administrator in the backend. To modify "Real Name", "Organization", etc., please contact the administrator.

---

Organization Management

Administrators can manage organizations in the system, including creating, editing, and deleting organizations, and associating users with organizations. Organization management helps efficiently manage various internal teams and external partners within the enterprise.

View Organization List

1. Enter the Organization Management Page: Select "Organization Management" in system settings to enter this page.
2. View Created Organizations: The system displays all existing organization information, including organization name, associated roles, and whether it is an external organization.
   • There is an "Edit" button on the right of each organization. Administrators can modify the organization or click the "Delete" button to remove it.

How to Create a New Organization?

1. Click the "Add" Button: On the organization management page, click the "New" button on the right to start creating a new organization.
2. Fill in Organization Information:
   • Organization Name: Assign a unique name to the organization.
   • Order: Assign a sorting number to the organization for easier management.
3. Click "Confirm": After filling in all necessary information, click the "Confirm" button to successfully create the new organization.

💡 Tip: It is recommended that the organization hierarchy does not exceed 7 levels.

How to Edit an Organization?

1. Select the Organization to Edit: In the organization list, select the organization you want to edit.
2. Click the "Edit" Button: Enter the edit page. The content is the same as when creating a new organization. Administrators can modify the organization's name, order, etc.
3. Save Changes: After editing, click the "Save" button to update the organization information.

How to Delete an Organization?

1. Select the Organization to Delete: In the organization list, select the organization you want to delete.
2. Click the "Delete" Button: After secondary confirmation, the organization can be deleted.

Associate Users

The steps to add or remove associated users are as follows:

1. Click "Associate Users": On the organization management page, select the organization to associate users with, and click the "Associate Users" button on the right.
2. View Associated Users: After entering the associate users page, administrators can see all users already associated with the organization.
3. Remove Associated Users: Administrators can select associated users and click the remove button to remove them from the organization.
4. Add Associated Users: Select the user to add from the dropdown, click the "Add" button to associate the new user with the organization.

---

Role Permissions

How to Create a Role Group?

In role permission management, administrators can create new role groups. After creating a role group, administrators can also create new roles within the group and grant permissions.

1. Navigate to Management > Permissions > Role Permissions page.
2. At the top of the role group list on the left, click the + button to create a new role group.
3. In the pop-up window, enter the role group name and order.
4. Click Confirm to complete the creation of the role group.

How to Add a New Role?

1. Navigate to Management > Permissions > Role Permissions page.
2. Select the role group to which you want to add a new role.
3. On the role group page, click the Add button on the right side of the role list.
4. Enter the new role name, select the group the role belongs to, and fill in the role description.
5. Click Confirm to complete the creation of the new role.

💡 Tip: The character limit for both role name and description is 200 characters. Please pay attention to the limit before proceeding.

How to Grant Functional Permissions to a Role?

Granting functional permissions to a role means specifying what functions the role has.

Steps to grant functional permissions to a role:

1. Navigate to Management > Permissions > Role Permissions page.
2. Select the role to which you want to grant permissions.
3. Click the Function Authorization button next to the role to enter the function authorization page.
4. On the authorization page, you can grant the following functions to the role:
   • Model Management
   • Model Channel Management
   • App Marketplace
   • Basic Modules
   • Data Analysis
   • Knowledge Base
   • Content Security Management
5. After selecting the required functions, click Confirm to complete the authorization.

How to Grant User Permissions to a Role?

Granting user permissions to a role means assigning a role to a user.

Steps to grant user permissions to a role:

1. Navigate to Management > Permissions > Role Permissions page.
2. Find the role to be authorized, and click the User Authorization button next to the role to enter the user authorization page.
3. On the user authorization page, find and select the users to be authorized according to their organization.
4. Successfully selected users will appear in the authorized objects column.
5. After completing the selection, click Confirm to complete the user authorization for the role.

Token Management

💡 Tip: This feature is only supported in V4.1 and above

Token management is an important new feature module, designed to optimize the original API Key generation and usage method. The new version upgrades the previously scattered, resource-bound API Key mechanism to a centralized, user-permission-centric Access Token management system, achieving higher security and controllability.

In the new system, Access Tokens are strongly associated with user permissions. The access scope, validity period, and management permissions of each token are uniformly controlled by the system, ensuring the security and controllability of system resources.

Access Token Supported Scope

Currently, Access Tokens can be used for the following API interfaces:

1. Agent Configuration Query OpenAPI — Supports secure access to Agent-related configurations via tokens.
2. FAQ List OpenAPI — Supports secure retrieval of FAQ data by external systems.
3. All MCP Server interfaces published by Agent — Ensures that all external services accessed by Agent are controlled by the token system.

Token Management Interface Description

On the "Token Management" page, the system displays all created access tokens in a table, including the following information:

• Token Name: Custom identifier for the token, used to distinguish different purposes.
• Managing User: The user bound to the token; the token's access permissions are inherited from this user.
• Token: System-generated Access Token string.
• Status: Includes Enabled, Disabled, and Expired statuses, clearly reflecting the current availability of the token.
• Usage Count: Counts the number of times the token has been called, helping administrators monitor usage frequency.
• Last Used Time: Shows the last time the token was used.
• Validity Period: Displays the token's validity duration (e.g., 7 days, 30 days, 90 days, or permanent).
• Creation Time: Records when the token was generated.
• Actions: Provides a "Regenerate" button to update the token value for security.

Generate New Token

1. Click the "Generate New Token" button at the top right of the page.
2. In the pop-up window, fill in the following information:
   • Token Name: Enter a meaningful name for the token for easy identification.
   • Inherit User Permissions: Select the system user whose permissions the token will inherit; the token will automatically have the user's access scope.
   • Validity Period: Choose from 7 days, 30 days, 90 days, or permanent.
3. Click the "Generate" button to generate a new Access Token.

The system-generated token will be displayed in the list immediately. Administrators can copy the token for subsequent API access.

Token Usage Instructions

The generated Access Token can be used to call controlled API interfaces (such as Agent, FAQ, MCP Server, etc.). When using, add the token as an authentication credential in the request header, for example:

Authorization: Bearer <Access Token> 

In this way, the system can verify the visitor's identity and check permissions to ensure secure and compliant API access.