FoundationaLLM Permissions Reference
This document provides a comprehensive reference for the Role-Based Access Control (RBAC) permissions model in FoundationaLLM. It describes what operations can be performed on each resource type by various roles.
Last Updated: 2026-01-30
Source Files:
/src/dotnet/Common/Constants/Data/AuthorizableActions.json/src/dotnet/Common/Constants/Data/RoleDefinitions.json/src/dotnet/Common/Constants/ResourceProviders/*ResourceProviderMetadata.cs/src/dotnet/Authorization/ResourceProviders/AuthorizationResourceProviderService.cs/src/dotnet/Common/Services/ResourceProviders/ResourceProviderServiceBase.cs
Table of Contents
- Overview
- Role Definitions
- Detailed Permission Matrices by Resource Provider
- Special Authorization Handling
- Permission Summary Tables
Overview
FoundationaLLM uses a comprehensive RBAC model to control access to resources. The model consists of:
- Actions: Operations that can be performed (read, write, delete)
- Roles: Collections of actions that can be assigned to security principals (users, groups, service principals)
- Resource Providers: Domain-specific providers that manage different resource types
- Resource Types: Specific entities managed by resource providers (agents, prompts, data sources, etc.), including the special
managementresource type available on all providers
Core Operations
- read: View/retrieve resource information (HTTP GET)
- write: Create or update resources (HTTP POST)
- delete: Remove resources (HTTP DELETE)
Special Resource Types
All resource providers include a special shared resource type called management that supports administrative operations:
- management: A special resource type available on all resource providers
- Supports
writeaction via thetriggerCommandaction - Used to execute management commands on resource providers
- Requires
writepermission ORResource_Providers_Administratorrole (mandatory evaluation)
- Supports
Permission Evaluation
Most resource types use standard authorization where permissions are checked against the resource being accessed. However, the FoundationaLLM.Authorization resource provider uses special handling:
- For roleAssignments: Authorization is checked against the scope of the role assignment, not the role assignment itself
- For roleDefinitions: No authorization required (publicly readable)
- For securityPrincipals: Standard authorization applies
Permission Notation
Role permissions use pattern matching notation:
*: Matches all actions on all resource providers (e.g., Owner role)*/read: Matches all read actions on all resource providers (e.g., Reader role)*/management/write: Matches write actions on themanagementresource type across all resource providers (e.g., Resource Providers Administrator role)FoundationaLLM.Authorization/*: Matches all actions within the Authorization resource providerFoundationaLLM.Agent/agents/read: Matches specific read action on specific resource type
Important: The pattern */management/write does NOT represent a fourth operation type. It means "write permission on the management resource type" where management is a special shared resource type available on all resource providers.
Role Definitions
The following table lists all built-in roles in FoundationaLLM:
| Role Name | Role ID | Description | Scope |
|---|---|---|---|
| Owner | 1301f8d4-3bea-4880-945f-315dbd2ddb46 | Full access to manage all resources, including the ability to assign roles in FoundationaLLM RBAC. | / |
| Contributor | a9f0020f-6e3a-49bf-8d1d-35fd53058edf | Full access to manage all resources without the possibility of assigning roles in FoundationaLLM RBAC. | / |
| Reader | 00a53e72-f66e-4c03-8f81-7e885fd2eb35 | View all resources without the possibility of making any changes. | / |
| User Access Administrator | fb8e0fd0-f7e2-4957-89d6-19f44f7d6618 | Manage access to FoundationaLLM resources. | / |
| Role Based Access Control Administrator | 17ca4b59-3aee-497d-b43b-95dd7d916f99 | Manage access to FoundationaLLM resources by assigning roles using FoundationaLLM RBAC. | / |
| Resource Providers Administrator | 63b6cc4d-9e1c-4891-8201-cf58286ebfe6 | Execute management actions on resource providers. | / |
| Agents Contributor | 3f28aa77-a854-4aa7-ae11-ffda238275c9 | Create new agents. | / |
| Agent Access Tokens Contributor | 8c5ea0d3-f5a1-4be5-90a7-a12921c45542 | Create new agent access tokens. | / |
| Prompts Contributor | 479e7b36-5965-4a7f-baf7-84e57be854aa | Create new prompts. | / |
| Data Sources Contributor | 78ee11d9-6e6a-4adc-8c16-3613e7445113 | Create new data sources. | / |
| Knowledge Sources Contributor | 8eec6664-9abf-4beb-84f7-18d9c2917c7f | Create new knowledge sources. | / |
| Knowledge Units Contributor | 5f38b653-e3b7-47a8-8fde-e70ea9e4fa91 | Create new knowledge units. | / |
| Vector Databases Contributor | c026f070-abc2-4419-aed9-ec0676f81519 | Create new vector databases. | / |
| Data Pipelines Contributor | 2da16a58-ed63-431a-b90e-9df32c2cae4a | Create new data pipelines. | / |
| Data Pipelines Execution Manager | e959eecb-8edf-4442-b532-4990f9a1df2b | Manage all aspects related to data pipeline runs. | / |
| Attachments Contributor | 8e77fb6a-7a78-43e1-b628-d9e2285fe25a | Upload attachments including uploading to Azure OpenAI file store. | / |
| Conversations Contributor | d0d21b90-5317-499a-9208-3a6cb71b84f9 | Create and update conversations, including Azure OpenAI Assistants threads. | / |
Detailed Permission Matrices by Resource Provider
This section provides detailed permission matrices for each resource type showing exactly which roles can perform which operations (read, write, delete).
Legend:
- ✓ = Permission granted
- ✗ = Permission denied
- ⚠ = Conditional permission (see notes)
FoundationaLLM.Agent - agents
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No agent permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✓ | ✗ | Write via write\|Agents_Contributor OR condition |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | Only agent access tokens |
| Prompts Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No agent permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No agent permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No agent permissions |
Special Actions: checkName, purge, setDefault, setOwner
FoundationaLLM.Agent - agents/agentAccessTokens
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No token permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No token permissions |
| Agent Access Tokens Contributor | ✗ | ✓ | ✗ | Write via write\|Agent_Access_Tokens_Contributor! (mandatory) |
| Prompts Contributor | ✗ | ✗ | ✗ | No token permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No token permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No token permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No token permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No token permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No token permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No token permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No token permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No token permissions |
Special Actions: validate
Note: The ! suffix indicates mandatory role evaluation - standard write permission is NOT sufficient.
FoundationaLLM.AIModel - aiModels
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No AI model permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✓ | ✗ | ✗ | Read via read\|Agents_Contributor OR condition |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No AI model permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No AI model permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No AI model permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No AI model permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No AI model permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No AI model permissions |
| Data Pipelines Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
| Data Pipelines Execution Manager | ✓ | ✗ | ✗ | Explicit read permission in role |
| Attachments Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
| Conversations Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
Special Actions: checkName, purge, filter
FoundationaLLM.Prompt - prompts
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No prompt permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Prompts Contributor | ⚠ | ✓ | ✗ | Read/Write via read\|Prompts_Contributor and write\|Prompts_Contributor OR conditions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No prompt permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No prompt permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No prompt permissions |
Special Actions: checkName, purge
FoundationaLLM.DataSource - dataSources
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No data source permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Data Sources Contributor | ⚠ | ✓ | ✗ | Read/Write via read\|Data_Sources_Contributor and write\|Data_Sources_Contributor OR conditions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Data Pipelines Execution Manager | ✓ | ✗ | ✗ | Explicit read permission in role |
| Attachments Contributor | ✗ | ✗ | ✗ | No data source permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No data source permissions |
Special Actions: checkName, filter, purge
FoundationaLLM.Context - knowledgeSources
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No knowledge source permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Knowledge Sources Contributor | ⚠ | ✓ | ✗ | Read/Write via read\|Knowledge_Sources_Contributor and write\|Knowledge_Sources_Contributor OR conditions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No knowledge source permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No knowledge source permissions |
Special Actions: checkName, query
FoundationaLLM.Context - knowledgeUnits
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Knowledge Units Contributor | ⚠ | ✓ | ✗ | Read/Write via read\|Knowledge_Units_Contributor and write\|Knowledge_Units_Contributor OR conditions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No knowledge unit permissions |
Special Actions: checkName, checkVectorStoreId, setGraph, loadGraph, renderGraph
FoundationaLLM.Vector - vectorDatabases
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No vector database permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Vector Databases Contributor | ⚠ | ✓ | ✗ | Read/Write via read\|Vector_Databases_Contributor and write\|Vector_Databases_Contributor OR conditions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Data Pipelines Execution Manager | ✓ | ✗ | ✗ | Explicit read permission in role |
| Attachments Contributor | ✗ | ✗ | ✗ | No vector database permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No vector database permissions |
Special Actions: checkName, purge
FoundationaLLM.DataPipeline - dataPipelines
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No data pipeline permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Data Pipelines Contributor | ✗ | ✓ | ✗ | Write via write\|Data_Pipelines_Contributor! (mandatory) |
| Data Pipelines Execution Manager | ✓ | ✓ | ✗ | Explicit read/write permissions in role |
| Attachments Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No data pipeline permissions |
Special Actions: checkName, activate, deactivate, trigger, purge
Note: The ! suffix on write indicates mandatory role evaluation - standard write permission is NOT sufficient for Data Pipelines Contributor.
FoundationaLLM.Vectorization - vectorizationPipelines
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Data Pipelines Contributor | ✗ | ✓ | ✗ | Write via write\|Data_Pipelines_Contributor OR condition |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No vectorization pipeline permissions |
Special Actions: activate, deactivate, purge
FoundationaLLM.Attachment - attachments
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No attachment permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No attachment permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No attachment permissions |
| Attachments Contributor | ✓ | ✓ | ✗ | Explicit read/write permissions in role |
| Conversations Contributor | ✗ | ✗ | ✗ | No attachment permissions |
Special Actions: filter
FoundationaLLM.Conversation - conversations
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No conversation permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No conversation permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No conversation permissions |
| Conversations Contributor | ✓ | ✓ | ✗ | Explicit read/write permissions in role |
FoundationaLLM.Configuration - apiEndpointConfigurations
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full access via * |
| Contributor | ✓ | ✓ | ✓ | Full access via * |
| Reader | ✓ | ✗ | ✗ | Read-only via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read-only via */read |
| RBAC Administrator | ✗ | ✗ | ✗ | No configuration permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No configuration permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No configuration permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No configuration permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No configuration permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No configuration permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No configuration permissions |
| Vector Databases Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
| Data Pipelines Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
| Data Pipelines Execution Manager | ✓ | ✗ | ✗ | Explicit read permission in role |
| Attachments Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
| Conversations Contributor | ✓ | ✗ | ✗ | Explicit read permission in role |
Special Actions: checkName, filter
Shared - management (All Resource Providers)
This is a special shared resource type available on all resource providers for administrative operations.
| Role | Write (triggerCommand) | Notes |
|---|---|---|
| Owner | ✓ | Full access via * |
| Contributor | ✓ | Full access via * |
| Reader | ✗ | Read-only via */read (no write) |
| User Access Administrator | ✗ | Read-only via */read (no write) |
| RBAC Administrator | ✗ | No management permissions |
| Resource Providers Administrator | ✓ | Via */management/write - write permission on management resource type |
| Agents Contributor | ✗ | No management permissions |
| Agent Access Tokens Contributor | ✗ | No management permissions |
| Prompts Contributor | ✗ | No management permissions |
| Data Sources Contributor | ✗ | No management permissions |
| Knowledge Sources Contributor | ✗ | No management permissions |
| Knowledge Units Contributor | ✗ | No management permissions |
| Vector Databases Contributor | ✗ | No management permissions |
| Data Pipelines Contributor | ✗ | No management permissions |
| Data Pipelines Execution Manager | ✗ | No management permissions |
| Attachments Contributor | ✗ | No management permissions |
| Conversations Contributor | ✗ | No management permissions |
Special Actions: triggerCommand
Authorization: Requires write permission OR Resource_Providers_Administrator role (mandatory evaluation)
Note: This is NOT a separate operation type. It is the write action on the special management resource type. The pattern */management/write means "write permission on the management resource type across all resource providers."
FoundationaLLM.Authorization - roleAssignments
SPECIAL AUTHORIZATION: Role assignments are authorized against the scope of the role assignment, not the role assignment itself. This is implemented in AuthorizationResourceProviderService.AuthorizeForAuthorizationResourceProviderInternal().
| Role | Read (filter) | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Can manage role assignments at any scope via * |
| Contributor | ✗ | ✗ | ✗ | Explicitly denied via not_actions: FoundationaLLM.Authorization/*/write and FoundationaLLM.Authorization/*/delete |
| Reader | ⚠ | ✗ | ✗ | Can read via */read but requires authorization at the scope level |
| User Access Administrator | ✓ | ✓ | ✓ | Can manage via FoundationaLLM.Authorization/* |
| RBAC Administrator | ✓ | ✓ | ✓ | Explicit permissions: roleAssignments/read, roleAssignments/write, roleAssignments/delete |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No authorization permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No authorization permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No authorization permissions |
Special Actions: filter (requires read permission)
Authorization Flow for Role Assignments:
- Extract the
scopefrom the role assignment (for write/delete) or request payload (for read) - Parse the scope to get the resource path
- Check if the user has the required permission (
read/write/delete) on the scope resource, not on the role assignment - For filter actions at instance level with current user's IDs, authorization check is skipped (users can always see their own role assignments)
FoundationaLLM.Authorization - roleDefinitions
NO AUTHORIZATION REQUIRED: Role definitions are publicly readable resources.
| Role | Read | Write | Delete | Notes |
|---|---|---|---|---|
| ALL ROLES | ✓ | ✗ | ✗ | Role definitions are read-only and publicly accessible |
Note: The LoadRoleDefinitions() method in AuthorizationResourceProviderService explicitly ignores authorization results.
FoundationaLLM.Authorization - securityPrincipals
| Role | Read (filter) | Write | Delete | Notes |
|---|---|---|---|---|
| Owner | ✓ | ✗ | ✗ | Read via * |
| Contributor | ✗ | ✗ | ✗ | Explicitly denied via not_actions |
| Reader | ✓ | ✗ | ✗ | Read via */read |
| User Access Administrator | ✓ | ✗ | ✗ | Read via */read and FoundationaLLM.Authorization/* |
| RBAC Administrator | ✗ | ✗ | ✗ | No security principal permissions |
| Resource Providers Administrator | ✗ | ✗ | ✗ | Only management actions |
| Agents Contributor | ✓ | ✗ | ✗ | Explicit permission in role |
| Agent Access Tokens Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Prompts Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Data Sources Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Knowledge Sources Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Knowledge Units Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Vector Databases Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Data Pipelines Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Data Pipelines Execution Manager | ✗ | ✗ | ✗ | No security principal permissions |
| Attachments Contributor | ✗ | ✗ | ✗ | No security principal permissions |
| Conversations Contributor | ✗ | ✗ | ✗ | No security principal permissions |
Special Actions: filter (requires read permission)
Note: Security principals are read-only; they are managed via identity provider (e.g., Microsoft Entra ID).
Special Authorization Handling
Authorization Resource Provider Special Handling
The FoundationaLLM.Authorization resource provider implements special authorization logic that differs from all other resource providers. This is implemented in:
AuthorizationResourceProviderService.AuthorizeForAuthorizationResourceProviderInternal()- Called from
ResourceProviderServiceBasewhen_name == ResourceProviderNames.FoundationaLLM_Authorization
Key Differences:
Role Assignments: Authorization is checked against the scope of the role assignment
- For
writeoperations: The scope is extracted from the JSON payload'sscopeproperty - For
deleteoperations: The role assignment is retrieved first to get its scope - For
read/filteroperations: The scope is extracted from the query parameters - The authorization check validates permissions on the scope resource, not on the role assignment itself
- Example: To create a role assignment scoped to
/instances/123/providers/FoundationaLLM.Agent/agents/MyAgent, the user must havewritepermission onMyAgent, not on roleAssignments
- For
Role Definitions: No authorization required
- Role definitions are publicly readable
- The authorization result is explicitly ignored in the code
Security Principals: Standard authorization applies
- Read permission required via filter action
- Used for querying users, groups, and service principals from the identity provider
Scope-Based Authorization Flow
User requests: POST /roleAssignments/my-assignment
Payload: { "scope": "/instances/123/providers/FoundationaLLM.Agent/agents/MyAgent", ... }
Authorization Flow:
1. Parse scope from payload → "/instances/123/providers/FoundationaLLM.Agent/agents/MyAgent"
2. Check if user has "FoundationaLLM.Authorization/roleAssignments/write" permission on scope resource (MyAgent)
3. If authorized, allow the role assignment creation
4. If not authorized, deny with 403 Forbidden
Resource Provider Base Implementation
The base class ResourceProviderServiceBase has conditional logic for Authorization provider:
// For POST operations (HandlePostAsync)
var authorizationResult =
_name == ResourceProviderNames.FoundationaLLM_Authorization
? await AuthorizeForAuthorizationResourceProvider(...) // Special handling
: await Authorize(...); // Standard handling
// Same pattern for GET and DELETE operations
This ensures that Authorization resource types are always evaluated using the special scope-based logic.
Permission Summary Tables
By Role - Complete Action Summary
Owner
- Actions:
*(all actions on all resource providers) - Not Actions: None
- Summary: Full administrative access including role assignment management
Contributor
- Actions:
*(all actions on all resource providers) - Not Actions:
FoundationaLLM.Authorization/*/write,FoundationaLLM.Authorization/*/delete - Summary: Full resource management except Authorization write/delete operations
Reader
- Actions:
*/read(all read actions on all resource providers) - Not Actions: None
- Summary: Read-only access to all resources
User Access Administrator
- Actions:
*/read,FoundationaLLM.Authorization/* - Not Actions: None
- Summary: Read all resources + manage all Authorization resources (role assignments, role definitions)
Role Based Access Control Administrator
- Actions: Specific Authorization permissions only
FoundationaLLM.Authorization/roleAssignments/readFoundationaLLM.Authorization/roleAssignments/writeFoundationaLLM.Authorization/roleAssignments/deleteFoundationaLLM.Authorization/roleDefinitions/read
- Not Actions: None
- Summary: Manage role assignments and view role definitions only
Resource Providers Administrator
- Actions:
*/management/write - Not Actions: None
- Summary: Execute management commands on the
managementresource type of all resource providers viawriteaction
Specialized Contributor Roles
These roles grant access to specific operations via OR conditions in resource metadata:
| Role | Grants Access To | Via Mechanism |
|---|---|---|
| Agents Contributor | Agent write operations, Security principals read, AI models read | OR conditions + explicit permissions |
| Agent Access Tokens Contributor | Agent access token write operations (mandatory) | OR condition with ! (mandatory evaluation) |
| Prompts Contributor | Prompt read/write operations | OR conditions |
| Data Sources Contributor | Data source read/write operations | OR conditions |
| Knowledge Sources Contributor | Knowledge source read/write operations | OR conditions |
| Knowledge Units Contributor | Knowledge unit read/write operations | OR conditions |
| Vector Databases Contributor | Vector database read/write operations, API endpoint configurations read | OR conditions + explicit permissions |
| Data Pipelines Contributor | Data pipeline write (mandatory), Vectorization pipeline write, Configuration/AI models/plugins read | OR condition with ! + explicit permissions |
| Data Pipelines Execution Manager | Data pipeline/source read, Data pipeline write, Configuration/AI models/plugins/vector databases read | Explicit permissions |
| Attachments Contributor | Attachment read/write, Azure OpenAI mappings read/write, Configuration/AI models read | Explicit permissions |
| Conversations Contributor | Conversation read/write, Azure OpenAI conversation mappings read/write, Configuration/AI models read | Explicit permissions |
Quick Reference: Resource Type → Allowed Roles
| Resource Type | Roles with Read | Roles with Write | Roles with Delete |
|---|---|---|---|
| agents | Owner, Contributor, Reader, User Access Admin | Owner, Contributor, Agents Contributor | Owner, Contributor |
| agents/agentAccessTokens | Owner, Contributor, Reader, User Access Admin | Owner, Contributor, Agent Access Tokens Contributor* | Owner, Contributor |
| aiModels | Owner, Contributor, Reader, User Access Admin, Agents Contributor, Data Pipelines Contributor, Data Pipelines Execution Manager, Attachments Contributor, Conversations Contributor | Owner, Contributor | Owner, Contributor |
| prompts | Owner, Contributor, Reader, User Access Admin, Prompts Contributor | Owner, Contributor, Prompts Contributor | Owner, Contributor |
| dataSources | Owner, Contributor, Reader, User Access Admin, Data Sources Contributor, Data Pipelines Execution Manager | Owner, Contributor, Data Sources Contributor | Owner, Contributor |
| knowledgeSources | Owner, Contributor, Reader, User Access Admin, Knowledge Sources Contributor | Owner, Contributor, Knowledge Sources Contributor | Owner, Contributor |
| knowledgeUnits | Owner, Contributor, Reader, User Access Admin, Knowledge Units Contributor | Owner, Contributor, Knowledge Units Contributor | Owner, Contributor |
| vectorDatabases | Owner, Contributor, Reader, User Access Admin, Vector Databases Contributor, Data Pipelines Execution Manager | Owner, Contributor, Vector Databases Contributor | Owner, Contributor |
| dataPipelines | Owner, Contributor, Reader, User Access Admin, Data Pipelines Execution Manager | Owner, Contributor, Data Pipelines Contributor*, Data Pipelines Execution Manager | Owner, Contributor |
| vectorizationPipelines | Owner, Contributor, Reader, User Access Admin | Owner, Contributor, Data Pipelines Contributor | Owner, Contributor |
| attachments | Owner, Contributor, Reader, User Access Admin, Attachments Contributor | Owner, Contributor, Attachments Contributor | Owner, Contributor |
| conversations | Owner, Contributor, Reader, User Access Admin, Conversations Contributor | Owner, Contributor, Conversations Contributor | Owner, Contributor |
| apiEndpointConfigurations | Owner, Contributor, Reader, User Access Admin, Vector Databases Contributor, Data Pipelines Contributor, Data Pipelines Execution Manager, Attachments Contributor, Conversations Contributor | Owner, Contributor | Owner, Contributor |
| roleAssignments | Owner, User Access Admin, RBAC Admin (scope-based**) | Owner, User Access Admin, RBAC Admin (scope-based**) | Owner, User Access Admin, RBAC Admin (scope-based**) |
| roleDefinitions | ALL ROLES | None | None |
| securityPrincipals | Owner, Reader, User Access Admin, Agents Contributor | None | None |
* = Mandatory role evaluation (requires explicit role assignment)
** = Authorization checked against scope, not role assignment itself
Management Actions
All resource providers support a special shared resource type called management that enables administrative operations:
| Role | Can Execute Management Actions (write on management resource) |
|---|---|
| Owner | ✓ (via *) |
| Contributor | ✓ (via *) |
| Resource Providers Administrator | ✓ (via */management/write) |
| All Other Roles | ✗ |
Resource Type: management (shared across all resource providers)
Action: triggerCommand - Executes management commands on resource providers
Authorization: Requires write permission OR Resource_Providers_Administrator role (mandatory evaluation)
Example Path: /instances/{instanceId}/providers/{providerName}/management/triggerCommand
Additional Resources
Maintenance Notes
This documentation is generated from source files. When making changes to the RBAC model:
- Update
AuthorizableActions.jsonfor new actions - Update
RoleDefinitions.jsonfor new or modified roles - Update
*ResourceProviderMetadata.csfor resource type permission changes - Update
AuthorizationResourceProviderService.csfor Authorization-specific logic - Update this documentation to reflect the changes
Version: 0.9.8
Last Verified: 2026-01-30