Advanced Security

This chapter covers advanced security topics for General Bots, including Role-Based Access Control (RBAC), organization multi-tenancy, knowledge base security, and compliance requirements.

Overview

General Bots implements a comprehensive security model designed for enterprise deployments:

Multi-tenant Architecture: Support for multiple organizations with complete data isolation
Role-Based Access Control (RBAC): Fine-grained permissions at every level
Knowledge Base Security: Folder-level permissions with Qdrant vector search integration
SOC 2 Type II Compliance: Enterprise-grade security controls and audit logging

Security Layers

┌─────────────────────────────────────────────────────────────┐
│                    Organization Layer                        │
│  ┌─────────────────────────────────────────────────────┐    │
│  │                    Bot Layer                         │    │
│  │  ┌─────────────────────────────────────────────┐    │    │
│  │  │              App Layer                       │    │    │
│  │  │  ┌─────────────────────────────────────┐    │    │    │
│  │  │  │        Resource Layer                │    │    │    │
│  │  │  │  (KB folders, files, data)          │    │    │    │
│  │  │  └─────────────────────────────────────┘    │    │    │
│  │  └─────────────────────────────────────────────┘    │    │
│  └─────────────────────────────────────────────────────┘    │
└─────────────────────────────────────────────────────────────┘

Key Concepts

Organizations

Organizations are the top-level tenant in General Bots. Each organization has:

Its own subscription and billing
Isolated user base and permissions
Separate bots and knowledge bases
Independent quota management

Users can belong to multiple organizations and switch between them.

Roles and Permissions

General Bots uses a role-based model with predefined roles:

Role	Description
Global Admin	Full access to all resources
Billing Admin	Manage subscriptions and payments
User Admin	Manage users, groups, and role assignments
Bot Admin	Create and configure bots
KB Manager	Manage knowledge bases and permissions
App Developer	Create and publish apps (Forms, Sites, Projects)
Editor	Edit content and use apps
Viewer	Read-only access

Knowledge Base Security

KB folders can have individual permission settings:

Public: Anyone can access
Authenticated: Logged-in users only
Role-based: Users with specific roles
Group-based: Users in specific groups
User-based: Named individual users

These permissions are enforced during vector search, ensuring users only see content they’re authorized to access.

In This Chapter

RBAC & Security Design - Complete RBAC architecture and security matrix
Organization Multi-Tenancy - Multi-organization support and switching
Knowledge Base Security - Folder-level permissions and Qdrant integration
SOC 2 Compliance - Enterprise compliance controls
Security Matrix Reference - Complete permission reference tables

Quick Links

Authentication & Permissions - Basic auth setup
API Security - API authentication
Subscription & Billing - Plan-based access control

Best Practices

Principle of Least Privilege: Assign the minimum permissions necessary
Use Groups: Manage permissions through groups rather than individual users
Regular Audits: Review permissions and access logs periodically
Secure KB by Default: Set restrictive default permissions on sensitive folders
Enable Audit Logging: Track all permission changes and access attempts

Keyboard shortcuts

General Bots Documentation