Rediger

Del via


Collaborate with other authors and editors

Collaborate with other authors and editors using Azure role-based access control (Azure RBAC) placed on your QnA Maker resource.

Note

The QnA Maker service is being retired on the 31st of March, 2025. A newer version of the question and answering capability is now available as part of Azure AI Language. For question answering capabilities within the Language Service, see question answering. Starting 1st October, 2022 you won’t be able to create new QnA Maker resources. For information on migrating existing QnA Maker knowledge bases to question answering, consult the migration guide.

Access is provided on the QnA Maker resource

All permissions are controlled by the permissions placed on the QnA Maker resource. These permissions align to read, write, publish, and full access. You can allow collaboration among multiple users by updating RBAC access for QnA Maker resource.

This Azure RBAC feature includes:

  • Microsoft Entra ID is 100% backward compatible with key-based authentication for owners and contributors. Customers can use either key-based authentication or Azure RBAC-based authentication in their requests.
  • Quickly add authors and editors to all knowledge bases in the resource because control is at the resource level, not at the knowledge base level.

Note

Make sure to add a custom subdomain for the resource. Custom Subdomain should be present by default, but if not, please add it

Access is provided by a defined role

The following roles are provided for collaboration:

Role Functionalities API Access API permissions
Owner All Authentication Key All
Cognitive Services Contributor All except ability to add new members to roles Authentication Key All except ability to add new members to roles
Cognitive Services QnA Maker Reader
(read)
Export/Download
Test
Bearer token 1. Download KB API
2. List KBs for user API
3. Get Knowledge base details
4. Download Alterations
Generate Answer
Cognitive Services QnA Maker Editor
(read/write)
Export/Download
Test
Update KB
Export KB
Import KB
Replace KB
Create KB
Bearer token 1. Create KB API
2. Update KB API
3. Replace KB API
4. Replace Alterations
5. "Train API" [in new service model v5]
Cognitive Services User
(read/write/publish)
All Authentication Key All access to Azure AI services resource except for ability to:
1. Add new members to roles.
2. Create new resources.

Authentication flow

The following diagram shows the flow, from the author's perspective, for signing into the QnA Maker portal and using the authoring APIs.

The following diagram shows the flow, from the author's perspective, for signing into the QnA Maker portal and using the authoring APIs.

Steps Description
1 Portal Acquires token for QnA Maker resource.
2 Portal Calls the appropriate QnA Maker authoring API (APIM) passing the token instead of keys.
3 QnA Maker API validates the token.
4 QnA Maker API calls QnAMaker Service.

If you intend to call the authoring APIs, learn more about how to set up authentication.

Authenticate by QnA Maker portal

If you author and collaborate using the QnA Maker portal, after you add the appropriate role to the resource for a collaborator, the QnA Maker portal manages all the access permissions.

Authenticate by QnA Maker APIs and SDKs

If you author and collaborate using the APIs, either through REST or the SDKs, you need to create a service principal to manage the authentication.

Next step

  • Design a knowledge base for languages and for client applications