Access control is evaluated every time an AI agent is started. If a user does not have
access to the AI agent, the system blocks the request so that the user cannot complete the task.
Configuring access to AI agents helps to make sure that only authorized users can access and start
agents that perform actions and retrieve information. By controlling access through user groups, you
can align AI agent usage with business roles and responsibilities.
About this task
AI agent access is controlled by associating each agent with user groups in IBM Sterling® Order Management System. Users can invoke only the AI agents that their user group is allowed to
access. Access is evaluated every time an AI agent runs.
Before users can use AI agents, you must both enable the AI agent features and configure access.
Enabling AI agents makes them available to the system, but access configuration determines who can
use them.
Some AI agents rely on other agents to complete a task. For these scenarios, users must have
access to all required AI agents for the task to succeed.
Granting access to AI agents
To grant access, assign AI agents to the appropriate user groups based on user roles and
responsibilities. Administrators typically have access by default. Other users require explicit
access. When you introduce new AI agents or update existing ones, review user group assignments to
make sure that access remains aligned with business needs.
Removing access to AI agents
You can remove access by disassociating an AI agent from a user group. After access is removed,
users in that group can no longer invoke the agent. The change takes effect the next time the user
attempts to use the agent.
Procedure
-
Log in to the IBM Sterling Order Management System
Applications Manager to add users to a user group.
-
Select .
-
Open .
-
Open an existing group with AI agent permissions and view the group details.
If needed, create a custom user group and edit the custom group. Do not modify the default
OCAdminGroup or
OCBusUserGroup groups.
Tip: You can
copy one of the existing groups as a starting point. For more information, see
Defining user groups.
Note: Make sure that users have the
appropriate resource permission for accessing the AI chat interface:
- Call Center → Resource ID: ICC000120
- Order Hub → Resource ID: BUCAI0001
-
Open the permissions module and edit the permissions as needed.
Note: The permissions for the AI agents appear under
in the resource hierarchy.
The
resource permissions are as follows.
- SAIAGENT000001 - Orderhub Router Agent
- SAIAGENT000002 - Callcenter Router Agent
- SAIAGENT000003 - Search Orders Agent
- SAIAGENT000004 - Cancel Order Agent
- SAIAGENT000005 - Coupon Agent
- SAIAGENT000006 - Appease Customer Agent
- SAIAGENT000007 - Inventory Supervisor Agent
- SAIAGENT000008 - Inventory Lookup Agent
- SAIAGENT000009 - Inventory Supply Lookup Agent
- SAIAGENT000010 - Inventory Segment Lookup Agent
- SAIAGENT000011 - Inventory Segment Actions Agent
- SAIAGENT000012 - Inventory Segment Rule Agent
-
Select Grant permission or Revoke permission for
each AI agent as needed.
Note: If users cannot access an agent after you grant permission for the group, make sure that
modifications are allowed for that agent. For more information, see
Defining modification rules.
After the user groups are defined, you can add users to the user group.
-
After the user groups are defined, add users to the user group.
Assign existing
users to the user group.
- Within the user group, select User Subscriptions.
- Click Find users to add to group.
- Search for the user or team and then click Add users to group.
- Click Save.
Assign new users to the user group.
- Create the user within the menu. Make sure that the user's IBMid exists in the Email
field of the Contact Info tab.
Note: Multiple users cannot have the same
IBMid in the Email field. Each unique user ID must have a unique email
address.
- Subscribe the user to the user group. For more information about how to subscribe a user to a
group, see Creating a user.
What to do next
Validate user access to the AI agents
After you update access settings, verify that authorized users can invoke the expected AI agents
and that unauthorized users are blocked. If users report access issues, review their user group
membership and confirm that access is configured correctly.