Box 1: Cognitive Service User -
Ensure that the members of a group named Management-Accountants can approve the FAQs.
Approve=publish.
Cognitive Service User (read/write/publish): API permissions: All access to Cognitive Services resource except for ability to:
1. Add new members to roles.
2. Create new resources.
Box 2: Cognitive Services QnA Maker Editor
Ensure that the members of a group named Consultant-Accountants can create and amend the FAQs.
QnA Maker Editor: API permissions:
1. Create KB API
2. Update KB API
3. Replace KB API
4. Replace Alterations
5. "Train API" [in new service model v5]
Box 3: Cognitive Services QnA Maker Read
Ensure that the members of a group named the Agent-CustomerServices can browse the FAQs.
QnA Maker Read: API Permissions:
1. Download KB API
2. List KBs for user API
3. Get Knowledge base details
4. Download Alterations
Generate Answer -
Reference:
https://docs.microsoft.com/en-us/azure/cognitive-services/qnamaker/concepts/role-based-access-control
