solace-agent-mesh 1.7.1__py3-none-any.whl → 1.13.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solace-agent-mesh might be problematic. Click here for more details.

Files changed (447) hide show
  1. solace_agent_mesh/agent/adk/alembic/README +74 -0
  2. solace_agent_mesh/agent/adk/alembic/env.py +77 -0
  3. solace_agent_mesh/agent/adk/alembic/script.py.mako +28 -0
  4. solace_agent_mesh/agent/adk/alembic/versions/e2902798564d_adk_session_db_upgrade.py +52 -0
  5. solace_agent_mesh/agent/adk/alembic.ini +112 -0
  6. solace_agent_mesh/agent/adk/artifacts/filesystem_artifact_service.py +164 -0
  7. solace_agent_mesh/agent/adk/artifacts/s3_artifact_service.py +163 -0
  8. solace_agent_mesh/agent/adk/callbacks.py +752 -127
  9. solace_agent_mesh/agent/adk/embed_resolving_mcp_toolset.py +99 -7
  10. solace_agent_mesh/agent/adk/intelligent_mcp_callbacks.py +52 -5
  11. solace_agent_mesh/agent/adk/mcp_content_processor.py +1 -1
  12. solace_agent_mesh/agent/adk/models/lite_llm.py +34 -16
  13. solace_agent_mesh/agent/adk/models/oauth2_token_manager.py +24 -137
  14. solace_agent_mesh/agent/adk/runner.py +66 -8
  15. solace_agent_mesh/agent/adk/schema_migration.py +88 -0
  16. solace_agent_mesh/agent/adk/services.py +41 -1
  17. solace_agent_mesh/agent/adk/setup.py +220 -32
  18. solace_agent_mesh/agent/adk/stream_parser.py +229 -40
  19. solace_agent_mesh/agent/protocol/event_handlers.py +219 -33
  20. solace_agent_mesh/agent/proxies/a2a/component.py +572 -75
  21. solace_agent_mesh/agent/proxies/a2a/config.py +80 -4
  22. solace_agent_mesh/agent/proxies/base/component.py +188 -22
  23. solace_agent_mesh/agent/proxies/base/proxy_task_context.py +3 -1
  24. solace_agent_mesh/agent/sac/app.py +37 -12
  25. solace_agent_mesh/agent/sac/component.py +322 -52
  26. solace_agent_mesh/agent/sac/patch_adk.py +8 -16
  27. solace_agent_mesh/agent/sac/task_execution_context.py +90 -0
  28. solace_agent_mesh/agent/tools/__init__.py +3 -0
  29. solace_agent_mesh/agent/tools/audio_tools.py +3 -3
  30. solace_agent_mesh/agent/tools/builtin_artifact_tools.py +698 -24
  31. solace_agent_mesh/agent/tools/deep_research_tools.py +2161 -0
  32. solace_agent_mesh/agent/tools/peer_agent_tool.py +82 -15
  33. solace_agent_mesh/agent/tools/time_tools.py +126 -0
  34. solace_agent_mesh/agent/tools/tool_config_types.py +54 -2
  35. solace_agent_mesh/agent/tools/web_search_tools.py +279 -0
  36. solace_agent_mesh/agent/tools/web_tools.py +125 -17
  37. solace_agent_mesh/agent/utils/artifact_helpers.py +243 -5
  38. solace_agent_mesh/agent/utils/context_helpers.py +17 -0
  39. solace_agent_mesh/assets/docs/404.html +6 -6
  40. solace_agent_mesh/assets/docs/assets/css/{styles.906a1503.css → styles.8162edfb.css} +1 -1
  41. solace_agent_mesh/assets/docs/assets/js/05749d90.19ac4f35.js +1 -0
  42. solace_agent_mesh/assets/docs/assets/js/15ba94aa.e186750d.js +1 -0
  43. solace_agent_mesh/assets/docs/assets/js/15e40e79.434bb30f.js +1 -0
  44. solace_agent_mesh/assets/docs/assets/js/17896441.e612dfb4.js +1 -0
  45. solace_agent_mesh/assets/docs/assets/js/2279.550aa580.js +2 -0
  46. solace_agent_mesh/assets/docs/assets/js/{17896441.a5e82f9b.js.LICENSE.txt → 2279.550aa580.js.LICENSE.txt} +6 -0
  47. solace_agent_mesh/assets/docs/assets/js/240a0364.83e37aa8.js +1 -0
  48. solace_agent_mesh/assets/docs/assets/js/2e32b5e0.2f0db237.js +1 -0
  49. solace_agent_mesh/assets/docs/assets/js/3a6c6137.7e61915d.js +1 -0
  50. solace_agent_mesh/assets/docs/assets/js/3ac1795d.7f7ab1c1.js +1 -0
  51. solace_agent_mesh/assets/docs/assets/js/3ff0015d.e53c9b78.js +1 -0
  52. solace_agent_mesh/assets/docs/assets/js/41adc471.0e95b87c.js +1 -0
  53. solace_agent_mesh/assets/docs/assets/js/4667dc50.bf2ad456.js +1 -0
  54. solace_agent_mesh/assets/docs/assets/js/49eed117.493d6f99.js +1 -0
  55. solace_agent_mesh/assets/docs/assets/js/{509e993c.4c7a1a6d.js → 509e993c.a1fbf45a.js} +1 -1
  56. solace_agent_mesh/assets/docs/assets/js/547e15cc.8e6da617.js +1 -0
  57. solace_agent_mesh/assets/docs/assets/js/55b7b518.29d6e75d.js +1 -0
  58. solace_agent_mesh/assets/docs/assets/js/5b8d9c11.d4eb37b8.js +1 -0
  59. solace_agent_mesh/assets/docs/assets/js/5c2bd65f.1ee87753.js +1 -0
  60. solace_agent_mesh/assets/docs/assets/js/60702c0e.a8bdd79b.js +1 -0
  61. solace_agent_mesh/assets/docs/assets/js/64195356.09dbd087.js +1 -0
  62. solace_agent_mesh/assets/docs/assets/js/66d4869e.30340bd3.js +1 -0
  63. solace_agent_mesh/assets/docs/assets/js/6aaedf65.7253541d.js +1 -0
  64. solace_agent_mesh/assets/docs/assets/js/6d84eae0.fd23ba4a.js +1 -0
  65. solace_agent_mesh/assets/docs/assets/js/729898df.7249e9fd.js +1 -0
  66. solace_agent_mesh/assets/docs/assets/js/7e294c01.7c5f6906.js +1 -0
  67. solace_agent_mesh/assets/docs/assets/js/8024126c.e3467286.js +1 -0
  68. solace_agent_mesh/assets/docs/assets/js/81a99df0.7ed65d45.js +1 -0
  69. solace_agent_mesh/assets/docs/assets/js/82fbfb93.161823a5.js +1 -0
  70. solace_agent_mesh/assets/docs/assets/js/924ffdeb.975e428a.js +1 -0
  71. solace_agent_mesh/assets/docs/assets/js/94e8668d.16083b3f.js +1 -0
  72. solace_agent_mesh/assets/docs/assets/js/9bb13469.4523ae20.js +1 -0
  73. solace_agent_mesh/assets/docs/assets/js/a7d42657.a956689d.js +1 -0
  74. solace_agent_mesh/assets/docs/assets/js/a94703ab.3e5fbcb3.js +1 -0
  75. solace_agent_mesh/assets/docs/assets/js/ab9708a8.3e563275.js +1 -0
  76. solace_agent_mesh/assets/docs/assets/js/c93cbaa0.0e0d8baf.js +1 -0
  77. solace_agent_mesh/assets/docs/assets/js/cab03b5b.6a073091.js +1 -0
  78. solace_agent_mesh/assets/docs/assets/js/cbe2e9ea.07e170dd.js +1 -0
  79. solace_agent_mesh/assets/docs/assets/js/e04b235d.06d23db6.js +1 -0
  80. solace_agent_mesh/assets/docs/assets/js/e1b6eeb4.deb2b62e.js +1 -0
  81. solace_agent_mesh/assets/docs/assets/js/e3d9abda.1476f570.js +1 -0
  82. solace_agent_mesh/assets/docs/assets/js/e6f9706b.acc800d3.js +1 -0
  83. solace_agent_mesh/assets/docs/assets/js/e92d0134.c147a429.js +1 -0
  84. solace_agent_mesh/assets/docs/assets/js/ee0c2fe7.94d0a351.js +1 -0
  85. solace_agent_mesh/assets/docs/assets/js/f284c35a.cc97854c.js +1 -0
  86. solace_agent_mesh/assets/docs/assets/js/main.d634009f.js +2 -0
  87. solace_agent_mesh/assets/docs/assets/js/runtime~main.27bb82a7.js +1 -0
  88. solace_agent_mesh/assets/docs/docs/documentation/components/agents/index.html +68 -68
  89. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/artifact-management/index.html +50 -50
  90. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/audio-tools/index.html +42 -42
  91. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/data-analysis-tools/index.html +55 -55
  92. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/embeds/index.html +75 -75
  93. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/image-tools/index.html +81 -0
  94. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/index.html +67 -50
  95. solace_agent_mesh/assets/docs/docs/documentation/components/builtin-tools/research-tools/index.html +136 -0
  96. solace_agent_mesh/assets/docs/docs/documentation/components/cli/index.html +178 -144
  97. solace_agent_mesh/assets/docs/docs/documentation/components/gateways/index.html +43 -42
  98. solace_agent_mesh/assets/docs/docs/documentation/components/index.html +20 -18
  99. solace_agent_mesh/assets/docs/docs/documentation/components/orchestrator/index.html +23 -23
  100. solace_agent_mesh/assets/docs/docs/documentation/components/platform-service/index.html +33 -0
  101. solace_agent_mesh/assets/docs/docs/documentation/components/plugins/index.html +45 -45
  102. solace_agent_mesh/assets/docs/docs/documentation/components/projects/index.html +98 -112
  103. solace_agent_mesh/assets/docs/docs/documentation/components/prompts/index.html +147 -0
  104. solace_agent_mesh/assets/docs/docs/documentation/components/proxies/index.html +208 -125
  105. solace_agent_mesh/assets/docs/docs/documentation/components/speech/index.html +52 -0
  106. solace_agent_mesh/assets/docs/docs/documentation/deploying/debugging/index.html +28 -28
  107. solace_agent_mesh/assets/docs/docs/documentation/deploying/deployment-options/index.html +29 -29
  108. solace_agent_mesh/assets/docs/docs/documentation/deploying/index.html +14 -14
  109. solace_agent_mesh/assets/docs/docs/documentation/deploying/kubernetes/index.html +47 -0
  110. solace_agent_mesh/assets/docs/docs/documentation/deploying/kubernetes/kubernetes-deployment-guide/index.html +197 -0
  111. solace_agent_mesh/assets/docs/docs/documentation/deploying/logging/index.html +67 -53
  112. solace_agent_mesh/assets/docs/docs/documentation/deploying/observability/index.html +17 -17
  113. solace_agent_mesh/assets/docs/docs/documentation/deploying/proxy_configuration/index.html +49 -0
  114. solace_agent_mesh/assets/docs/docs/documentation/developing/create-agents/index.html +38 -38
  115. solace_agent_mesh/assets/docs/docs/documentation/developing/create-gateways/index.html +87 -87
  116. solace_agent_mesh/assets/docs/docs/documentation/developing/creating-python-tools/index.html +67 -49
  117. solace_agent_mesh/assets/docs/docs/documentation/developing/creating-service-providers/index.html +17 -17
  118. solace_agent_mesh/assets/docs/docs/documentation/developing/evaluations/index.html +51 -51
  119. solace_agent_mesh/assets/docs/docs/documentation/developing/index.html +22 -22
  120. solace_agent_mesh/assets/docs/docs/documentation/developing/structure/index.html +27 -27
  121. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/bedrock-agents/index.html +135 -135
  122. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/custom-agent/index.html +66 -66
  123. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/event-mesh-gateway/index.html +51 -51
  124. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/mcp-integration/index.html +50 -38
  125. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/mongodb-integration/index.html +86 -86
  126. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/rag-integration/index.html +51 -51
  127. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/rest-gateway/index.html +24 -24
  128. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/slack-integration/index.html +30 -30
  129. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/sql-database/index.html +44 -44
  130. solace_agent_mesh/assets/docs/docs/documentation/developing/tutorials/teams-integration/index.html +115 -0
  131. solace_agent_mesh/assets/docs/docs/documentation/enterprise/agent-builder/index.html +50 -23
  132. solace_agent_mesh/assets/docs/docs/documentation/enterprise/connectors/index.html +29 -24
  133. solace_agent_mesh/assets/docs/docs/documentation/enterprise/index.html +21 -21
  134. solace_agent_mesh/assets/docs/docs/documentation/enterprise/installation/index.html +40 -37
  135. solace_agent_mesh/assets/docs/docs/documentation/enterprise/openapi-tools/index.html +324 -0
  136. solace_agent_mesh/assets/docs/docs/documentation/enterprise/rbac-setup-guide/index.html +96 -66
  137. solace_agent_mesh/assets/docs/docs/documentation/enterprise/secure-user-delegated-access/index.html +181 -181
  138. solace_agent_mesh/assets/docs/docs/documentation/enterprise/single-sign-on/index.html +75 -75
  139. solace_agent_mesh/assets/docs/docs/documentation/enterprise/wheel-installation/index.html +27 -27
  140. solace_agent_mesh/assets/docs/docs/documentation/getting-started/architecture/index.html +44 -44
  141. solace_agent_mesh/assets/docs/docs/documentation/getting-started/index.html +39 -38
  142. solace_agent_mesh/assets/docs/docs/documentation/getting-started/introduction/index.html +30 -30
  143. solace_agent_mesh/assets/docs/docs/documentation/getting-started/try-agent-mesh/index.html +18 -18
  144. solace_agent_mesh/assets/docs/docs/documentation/getting-started/vibe_coding/index.html +62 -0
  145. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/artifact-storage/index.html +135 -114
  146. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/configurations/index.html +37 -37
  147. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/index.html +14 -14
  148. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/installation/index.html +27 -25
  149. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/large_language_models/index.html +69 -69
  150. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/run-project/index.html +72 -72
  151. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/session-storage/index.html +112 -112
  152. solace_agent_mesh/assets/docs/docs/documentation/installing-and-configuring/user-feedback/index.html +28 -28
  153. solace_agent_mesh/assets/docs/docs/documentation/migrations/a2a-upgrade/a2a-gateway-upgrade-to-0.3.0/index.html +42 -42
  154. solace_agent_mesh/assets/docs/docs/documentation/migrations/a2a-upgrade/a2a-technical-migration-map/index.html +20 -20
  155. solace_agent_mesh/assets/docs/docs/documentation/migrations/platform-service-split/index.html +85 -0
  156. solace_agent_mesh/assets/docs/lunr-index-1768329217460.json +1 -0
  157. solace_agent_mesh/assets/docs/lunr-index.json +1 -1
  158. solace_agent_mesh/assets/docs/search-doc-1768329217460.json +1 -0
  159. solace_agent_mesh/assets/docs/search-doc.json +1 -1
  160. solace_agent_mesh/assets/docs/sitemap.xml +1 -1
  161. solace_agent_mesh/cli/__init__.py +1 -1
  162. solace_agent_mesh/cli/commands/add_cmd/__init__.py +3 -1
  163. solace_agent_mesh/cli/commands/add_cmd/agent_cmd.py +6 -1
  164. solace_agent_mesh/cli/commands/add_cmd/proxy_cmd.py +100 -0
  165. solace_agent_mesh/cli/commands/eval_cmd.py +1 -1
  166. solace_agent_mesh/cli/commands/init_cmd/__init__.py +15 -0
  167. solace_agent_mesh/cli/commands/init_cmd/directory_step.py +1 -1
  168. solace_agent_mesh/cli/commands/init_cmd/env_step.py +30 -3
  169. solace_agent_mesh/cli/commands/init_cmd/orchestrator_step.py +3 -4
  170. solace_agent_mesh/cli/commands/init_cmd/platform_service_step.py +85 -0
  171. solace_agent_mesh/cli/commands/init_cmd/webui_gateway_step.py +16 -3
  172. solace_agent_mesh/cli/commands/plugin_cmd/add_cmd.py +2 -1
  173. solace_agent_mesh/cli/commands/plugin_cmd/catalog_cmd.py +1 -0
  174. solace_agent_mesh/cli/commands/plugin_cmd/create_cmd.py +3 -3
  175. solace_agent_mesh/cli/commands/run_cmd.py +64 -49
  176. solace_agent_mesh/cli/commands/tools_cmd.py +315 -0
  177. solace_agent_mesh/cli/main.py +15 -0
  178. solace_agent_mesh/client/webui/frontend/static/assets/{authCallback-tcIFZLis.js → authCallback-KnKMP_vb.js} +1 -1
  179. solace_agent_mesh/client/webui/frontend/static/assets/client-DpBL2stg.js +25 -0
  180. solace_agent_mesh/client/webui/frontend/static/assets/main-Cd498TV2.js +435 -0
  181. solace_agent_mesh/client/webui/frontend/static/assets/main-rSf8Vu29.css +1 -0
  182. solace_agent_mesh/client/webui/frontend/static/assets/{vendor-CINwxvwV.js → vendor-CGk8Suyh.js} +189 -94
  183. solace_agent_mesh/client/webui/frontend/static/auth-callback.html +3 -3
  184. solace_agent_mesh/client/webui/frontend/static/index.html +4 -4
  185. solace_agent_mesh/client/webui/frontend/static/mockServiceWorker.js +336 -0
  186. solace_agent_mesh/client/webui/frontend/static/ui-version.json +6 -0
  187. solace_agent_mesh/common/a2a/types.py +1 -1
  188. solace_agent_mesh/common/agent_registry.py +38 -11
  189. solace_agent_mesh/common/data_parts.py +124 -0
  190. solace_agent_mesh/common/error_handlers.py +83 -0
  191. solace_agent_mesh/common/exceptions.py +24 -0
  192. solace_agent_mesh/common/oauth/__init__.py +17 -0
  193. solace_agent_mesh/common/oauth/oauth_client.py +408 -0
  194. solace_agent_mesh/common/oauth/utils.py +50 -0
  195. solace_agent_mesh/common/rag_dto.py +156 -0
  196. solace_agent_mesh/common/sac/sam_component_base.py +73 -1
  197. solace_agent_mesh/common/sam_events/event_service.py +2 -2
  198. solace_agent_mesh/common/utils/embeds/converter.py +1 -8
  199. solace_agent_mesh/common/utils/embeds/modifiers.py +2 -27
  200. solace_agent_mesh/common/utils/embeds/resolver.py +94 -25
  201. solace_agent_mesh/common/utils/embeds/types.py +1 -0
  202. solace_agent_mesh/common/utils/log_formatters.py +20 -0
  203. solace_agent_mesh/common/utils/mime_helpers.py +12 -5
  204. solace_agent_mesh/common/utils/rbac_utils.py +69 -0
  205. solace_agent_mesh/common/utils/templates/__init__.py +8 -0
  206. solace_agent_mesh/common/utils/templates/liquid_renderer.py +210 -0
  207. solace_agent_mesh/common/utils/templates/template_resolver.py +161 -0
  208. solace_agent_mesh/config_portal/backend/common.py +12 -0
  209. solace_agent_mesh/config_portal/frontend/static/client/assets/_index-CljP4_mv.js +103 -0
  210. solace_agent_mesh/config_portal/frontend/static/client/assets/{components-Rk0n-9cK.js → components-CaC6hG8d.js} +22 -22
  211. solace_agent_mesh/config_portal/frontend/static/client/assets/{entry.client-mvZjNKiz.js → entry.client-H_TM0YBt.js} +3 -3
  212. solace_agent_mesh/config_portal/frontend/static/client/assets/{index-DzNKzXrc.js → index-CnFykb2v.js} +16 -16
  213. solace_agent_mesh/config_portal/frontend/static/client/assets/manifest-f8439d40.js +1 -0
  214. solace_agent_mesh/config_portal/frontend/static/client/assets/root-BIMqslJB.css +1 -0
  215. solace_agent_mesh/config_portal/frontend/static/client/assets/root-mJmTIdIk.js +10 -0
  216. solace_agent_mesh/config_portal/frontend/static/client/index.html +3 -3
  217. solace_agent_mesh/core_a2a/service.py +3 -2
  218. solace_agent_mesh/gateway/adapter/base.py +28 -1
  219. solace_agent_mesh/gateway/adapter/types.py +9 -0
  220. solace_agent_mesh/gateway/base/app.py +10 -0
  221. solace_agent_mesh/gateway/base/auth_interface.py +103 -0
  222. solace_agent_mesh/gateway/base/component.py +451 -10
  223. solace_agent_mesh/gateway/generic/component.py +274 -30
  224. solace_agent_mesh/gateway/http_sse/alembic/env.py +0 -7
  225. solace_agent_mesh/gateway/http_sse/alembic/versions/20251023_add_soft_delete_and_search.py +2 -43
  226. solace_agent_mesh/gateway/http_sse/alembic/versions/20251024_add_default_agent_to_projects.py +2 -2
  227. solace_agent_mesh/gateway/http_sse/alembic/versions/20251108_create_prompt_tables_with_sharing.py +154 -0
  228. solace_agent_mesh/gateway/http_sse/alembic/versions/20251115_add_parent_task_id.py +32 -0
  229. solace_agent_mesh/gateway/http_sse/alembic/versions/20251126_add_background_task_fields.py +47 -0
  230. solace_agent_mesh/gateway/http_sse/alembic/versions/20251202_add_versioned_fields_to_prompts.py +52 -0
  231. solace_agent_mesh/gateway/http_sse/alembic.ini +0 -36
  232. solace_agent_mesh/gateway/http_sse/app.py +23 -6
  233. solace_agent_mesh/gateway/http_sse/component.py +158 -73
  234. solace_agent_mesh/gateway/http_sse/dependencies.py +50 -57
  235. solace_agent_mesh/gateway/http_sse/main.py +58 -482
  236. solace_agent_mesh/gateway/http_sse/repository/chat_task_repository.py +2 -2
  237. solace_agent_mesh/gateway/http_sse/repository/entities/project.py +1 -1
  238. solace_agent_mesh/gateway/http_sse/repository/entities/project_user.py +1 -1
  239. solace_agent_mesh/gateway/http_sse/repository/entities/session.py +3 -2
  240. solace_agent_mesh/gateway/http_sse/repository/entities/task.py +7 -0
  241. solace_agent_mesh/gateway/http_sse/repository/feedback_repository.py +2 -2
  242. solace_agent_mesh/gateway/http_sse/repository/interfaces.py +2 -2
  243. solace_agent_mesh/gateway/http_sse/repository/models/__init__.py +5 -0
  244. solace_agent_mesh/gateway/http_sse/repository/models/prompt_model.py +159 -0
  245. solace_agent_mesh/gateway/http_sse/repository/models/session_model.py +1 -1
  246. solace_agent_mesh/gateway/http_sse/repository/models/task_model.py +8 -1
  247. solace_agent_mesh/gateway/http_sse/repository/project_repository.py +1 -1
  248. solace_agent_mesh/gateway/http_sse/repository/project_user_repository.py +1 -1
  249. solace_agent_mesh/gateway/http_sse/repository/session_repository.py +12 -107
  250. solace_agent_mesh/gateway/http_sse/repository/task_repository.py +86 -2
  251. solace_agent_mesh/gateway/http_sse/routers/agent_cards.py +38 -7
  252. solace_agent_mesh/gateway/http_sse/routers/artifacts.py +113 -7
  253. solace_agent_mesh/gateway/http_sse/routers/auth.py +69 -132
  254. solace_agent_mesh/gateway/http_sse/routers/config.py +235 -10
  255. solace_agent_mesh/gateway/http_sse/routers/dto/project_dto.py +69 -0
  256. solace_agent_mesh/gateway/http_sse/routers/dto/prompt_dto.py +255 -0
  257. solace_agent_mesh/gateway/http_sse/routers/dto/requests/session_requests.py +1 -1
  258. solace_agent_mesh/gateway/http_sse/routers/dto/responses/base_responses.py +1 -1
  259. solace_agent_mesh/gateway/http_sse/routers/dto/responses/project_responses.py +1 -0
  260. solace_agent_mesh/gateway/http_sse/routers/dto/responses/session_responses.py +3 -2
  261. solace_agent_mesh/gateway/http_sse/routers/dto/responses/version_responses.py +31 -0
  262. solace_agent_mesh/gateway/http_sse/routers/feedback.py +2 -2
  263. solace_agent_mesh/gateway/http_sse/routers/people.py +2 -2
  264. solace_agent_mesh/gateway/http_sse/routers/projects.py +250 -24
  265. solace_agent_mesh/gateway/http_sse/routers/prompts.py +1416 -0
  266. solace_agent_mesh/gateway/http_sse/routers/sessions.py +14 -5
  267. solace_agent_mesh/gateway/http_sse/routers/speech.py +355 -0
  268. solace_agent_mesh/gateway/http_sse/routers/sse.py +117 -4
  269. solace_agent_mesh/gateway/http_sse/routers/tasks.py +509 -149
  270. solace_agent_mesh/gateway/http_sse/routers/users.py +1 -1
  271. solace_agent_mesh/gateway/http_sse/routers/version.py +343 -0
  272. solace_agent_mesh/gateway/http_sse/routers/visualization.py +2 -1
  273. solace_agent_mesh/gateway/http_sse/services/audio_service.py +1227 -0
  274. solace_agent_mesh/gateway/http_sse/services/background_task_monitor.py +186 -0
  275. solace_agent_mesh/gateway/http_sse/services/data_retention_service.py +1 -1
  276. solace_agent_mesh/gateway/http_sse/services/feedback_service.py +1 -1
  277. solace_agent_mesh/gateway/http_sse/services/project_service.py +539 -12
  278. solace_agent_mesh/gateway/http_sse/services/prompt_builder_assistant.py +303 -0
  279. solace_agent_mesh/gateway/http_sse/services/session_service.py +198 -21
  280. solace_agent_mesh/gateway/http_sse/services/task_logger_service.py +354 -4
  281. solace_agent_mesh/gateway/http_sse/sse_manager.py +280 -169
  282. solace_agent_mesh/gateway/http_sse/utils/artifact_copy_utils.py +370 -0
  283. solace_agent_mesh/gateway/http_sse/utils/stim_utils.py +41 -1
  284. solace_agent_mesh/services/__init__.py +0 -0
  285. solace_agent_mesh/services/platform/__init__.py +29 -0
  286. solace_agent_mesh/services/platform/alembic/env.py +85 -0
  287. solace_agent_mesh/services/platform/alembic/script.py.mako +28 -0
  288. solace_agent_mesh/services/platform/alembic.ini +109 -0
  289. solace_agent_mesh/services/platform/api/__init__.py +3 -0
  290. solace_agent_mesh/services/platform/api/dependencies.py +154 -0
  291. solace_agent_mesh/services/platform/api/main.py +314 -0
  292. solace_agent_mesh/services/platform/api/middleware.py +51 -0
  293. solace_agent_mesh/services/platform/api/routers/__init__.py +33 -0
  294. solace_agent_mesh/services/platform/api/routers/health_router.py +31 -0
  295. solace_agent_mesh/services/platform/app.py +215 -0
  296. solace_agent_mesh/services/platform/component.py +777 -0
  297. solace_agent_mesh/shared/__init__.py +14 -0
  298. solace_agent_mesh/shared/api/__init__.py +42 -0
  299. solace_agent_mesh/shared/auth/__init__.py +26 -0
  300. solace_agent_mesh/shared/auth/dependencies.py +204 -0
  301. solace_agent_mesh/shared/auth/middleware.py +347 -0
  302. solace_agent_mesh/shared/database/__init__.py +20 -0
  303. solace_agent_mesh/{gateway/http_sse/shared → shared/database}/base_repository.py +1 -1
  304. solace_agent_mesh/{gateway/http_sse/shared → shared/database}/database_exceptions.py +1 -1
  305. solace_agent_mesh/{gateway/http_sse/shared → shared/database}/database_helpers.py +1 -1
  306. solace_agent_mesh/shared/exceptions/__init__.py +36 -0
  307. solace_agent_mesh/{gateway/http_sse/shared → shared/exceptions}/exception_handlers.py +1 -1
  308. solace_agent_mesh/shared/utils/__init__.py +21 -0
  309. solace_agent_mesh/templates/logging_config_template.yaml +48 -0
  310. solace_agent_mesh/templates/main_orchestrator.yaml +12 -1
  311. solace_agent_mesh/templates/platform.yaml +49 -0
  312. solace_agent_mesh/templates/plugin_readme_template.md +3 -25
  313. solace_agent_mesh/templates/plugin_tool_config_template.yaml +109 -0
  314. solace_agent_mesh/templates/proxy_template.yaml +62 -0
  315. solace_agent_mesh/templates/webui.yaml +148 -6
  316. solace_agent_mesh/tools/web_search/__init__.py +18 -0
  317. solace_agent_mesh/tools/web_search/base.py +84 -0
  318. solace_agent_mesh/tools/web_search/google_search.py +247 -0
  319. solace_agent_mesh/tools/web_search/models.py +99 -0
  320. {solace_agent_mesh-1.7.1.dist-info → solace_agent_mesh-1.13.2.dist-info}/METADATA +29 -8
  321. {solace_agent_mesh-1.7.1.dist-info → solace_agent_mesh-1.13.2.dist-info}/RECORD +334 -313
  322. {solace_agent_mesh-1.7.1.dist-info → solace_agent_mesh-1.13.2.dist-info}/WHEEL +1 -1
  323. solace_agent_mesh/agent/adk/adk_llm.txt +0 -226
  324. solace_agent_mesh/agent/adk/adk_llm_detail.txt +0 -566
  325. solace_agent_mesh/agent/adk/artifacts/artifacts_llm.txt +0 -171
  326. solace_agent_mesh/agent/adk/models/models_llm.txt +0 -189
  327. solace_agent_mesh/agent/agent_llm.txt +0 -369
  328. solace_agent_mesh/agent/agent_llm_detail.txt +0 -1702
  329. solace_agent_mesh/agent/protocol/protocol_llm.txt +0 -81
  330. solace_agent_mesh/agent/protocol/protocol_llm_detail.txt +0 -92
  331. solace_agent_mesh/agent/proxies/a2a/a2a_llm.txt +0 -190
  332. solace_agent_mesh/agent/proxies/base/base_llm.txt +0 -148
  333. solace_agent_mesh/agent/proxies/proxies_llm.txt +0 -283
  334. solace_agent_mesh/agent/sac/sac_llm.txt +0 -189
  335. solace_agent_mesh/agent/sac/sac_llm_detail.txt +0 -200
  336. solace_agent_mesh/agent/testing/testing_llm.txt +0 -58
  337. solace_agent_mesh/agent/testing/testing_llm_detail.txt +0 -68
  338. solace_agent_mesh/agent/tools/tools_llm.txt +0 -276
  339. solace_agent_mesh/agent/tools/tools_llm_detail.txt +0 -275
  340. solace_agent_mesh/agent/utils/utils_llm.txt +0 -152
  341. solace_agent_mesh/agent/utils/utils_llm_detail.txt +0 -149
  342. solace_agent_mesh/assets/docs/assets/js/05749d90.c70b2be9.js +0 -1
  343. solace_agent_mesh/assets/docs/assets/js/15ba94aa.92fea363.js +0 -1
  344. solace_agent_mesh/assets/docs/assets/js/15e40e79.36003774.js +0 -1
  345. solace_agent_mesh/assets/docs/assets/js/17896441.a5e82f9b.js +0 -2
  346. solace_agent_mesh/assets/docs/assets/js/240a0364.c39f8388.js +0 -1
  347. solace_agent_mesh/assets/docs/assets/js/2e32b5e0.33f5d75b.js +0 -1
  348. solace_agent_mesh/assets/docs/assets/js/3a6c6137.f5940cfa.js +0 -1
  349. solace_agent_mesh/assets/docs/assets/js/3ac1795d.e4870a49.js +0 -1
  350. solace_agent_mesh/assets/docs/assets/js/3ff0015d.b63ee53a.js +0 -1
  351. solace_agent_mesh/assets/docs/assets/js/547e15cc.2f7790c1.js +0 -1
  352. solace_agent_mesh/assets/docs/assets/js/55b7b518.f2b1d1ba.js +0 -1
  353. solace_agent_mesh/assets/docs/assets/js/5c2bd65f.45b32c2b.js +0 -1
  354. solace_agent_mesh/assets/docs/assets/js/64195356.c498c4d0.js +0 -1
  355. solace_agent_mesh/assets/docs/assets/js/66d4869e.830d443f.js +0 -1
  356. solace_agent_mesh/assets/docs/assets/js/6d84eae0.4a5fbf39.js +0 -1
  357. solace_agent_mesh/assets/docs/assets/js/8024126c.fa0e7186.js +0 -1
  358. solace_agent_mesh/assets/docs/assets/js/81a99df0.07034dd9.js +0 -1
  359. solace_agent_mesh/assets/docs/assets/js/82fbfb93.139a1a1f.js +0 -1
  360. solace_agent_mesh/assets/docs/assets/js/924ffdeb.8095e148.js +0 -1
  361. solace_agent_mesh/assets/docs/assets/js/94e8668d.09ed9234.js +0 -1
  362. solace_agent_mesh/assets/docs/assets/js/9bb13469.dd1c9b54.js +0 -1
  363. solace_agent_mesh/assets/docs/assets/js/a94703ab.0438dbc2.js +0 -1
  364. solace_agent_mesh/assets/docs/assets/js/ab9708a8.245ae0ef.js +0 -1
  365. solace_agent_mesh/assets/docs/assets/js/c93cbaa0.eaff365e.js +0 -1
  366. solace_agent_mesh/assets/docs/assets/js/cbe2e9ea.f902fad8.js +0 -1
  367. solace_agent_mesh/assets/docs/assets/js/db5d6442.3daf1696.js +0 -1
  368. solace_agent_mesh/assets/docs/assets/js/e04b235d.c9c50c7b.js +0 -1
  369. solace_agent_mesh/assets/docs/assets/js/e3d9abda.d11c67a7.js +0 -1
  370. solace_agent_mesh/assets/docs/assets/js/e6f9706b.045d0fa1.js +0 -1
  371. solace_agent_mesh/assets/docs/assets/js/e92d0134.3bda61dd.js +0 -1
  372. solace_agent_mesh/assets/docs/assets/js/f284c35a.5099c51e.js +0 -1
  373. solace_agent_mesh/assets/docs/assets/js/main.f213fe0c.js +0 -2
  374. solace_agent_mesh/assets/docs/assets/js/runtime~main.d9606d6a.js +0 -1
  375. solace_agent_mesh/assets/docs/docs/documentation/deploying/kubernetes-deployment/index.html +0 -47
  376. solace_agent_mesh/assets/docs/lunr-index-1762283454666.json +0 -1
  377. solace_agent_mesh/assets/docs/search-doc-1762283454666.json +0 -1
  378. solace_agent_mesh/cli/commands/add_cmd/add_cmd_llm.txt +0 -250
  379. solace_agent_mesh/cli/commands/init_cmd/init_cmd_llm.txt +0 -365
  380. solace_agent_mesh/cli/commands/plugin_cmd/plugin_cmd_llm.txt +0 -305
  381. solace_agent_mesh/client/webui/frontend/static/assets/client-CRYdKo2Q.js +0 -25
  382. solace_agent_mesh/client/webui/frontend/static/assets/main-CojeY_1w.css +0 -1
  383. solace_agent_mesh/client/webui/frontend/static/assets/main-ILja9MCG.js +0 -353
  384. solace_agent_mesh/common/a2a/a2a_llm.txt +0 -175
  385. solace_agent_mesh/common/a2a/a2a_llm_detail.txt +0 -193
  386. solace_agent_mesh/common/a2a_spec/a2a_spec_llm.txt +0 -445
  387. solace_agent_mesh/common/a2a_spec/a2a_spec_llm_detail.txt +0 -736
  388. solace_agent_mesh/common/a2a_spec/schemas/schemas_llm.txt +0 -330
  389. solace_agent_mesh/common/common_llm.txt +0 -230
  390. solace_agent_mesh/common/common_llm_detail.txt +0 -2562
  391. solace_agent_mesh/common/middleware/middleware_llm.txt +0 -174
  392. solace_agent_mesh/common/middleware/middleware_llm_detail.txt +0 -185
  393. solace_agent_mesh/common/sac/sac_llm.txt +0 -71
  394. solace_agent_mesh/common/sac/sac_llm_detail.txt +0 -82
  395. solace_agent_mesh/common/sam_events/sam_events_llm.txt +0 -104
  396. solace_agent_mesh/common/sam_events/sam_events_llm_detail.txt +0 -115
  397. solace_agent_mesh/common/services/providers/providers_llm.txt +0 -81
  398. solace_agent_mesh/common/services/services_llm.txt +0 -368
  399. solace_agent_mesh/common/services/services_llm_detail.txt +0 -459
  400. solace_agent_mesh/common/utils/embeds/embeds_llm.txt +0 -220
  401. solace_agent_mesh/common/utils/utils_llm.txt +0 -335
  402. solace_agent_mesh/common/utils/utils_llm_detail.txt +0 -572
  403. solace_agent_mesh/config_portal/frontend/static/client/assets/_index-ByU1X1HD.js +0 -98
  404. solace_agent_mesh/config_portal/frontend/static/client/assets/manifest-61038fc6.js +0 -1
  405. solace_agent_mesh/config_portal/frontend/static/client/assets/root-BWvk5-gF.js +0 -10
  406. solace_agent_mesh/config_portal/frontend/static/client/assets/root-DxRwaWiE.css +0 -1
  407. solace_agent_mesh/core_a2a/core_a2a_llm.txt +0 -90
  408. solace_agent_mesh/core_a2a/core_a2a_llm_detail.txt +0 -101
  409. solace_agent_mesh/gateway/base/base_llm.txt +0 -226
  410. solace_agent_mesh/gateway/base/base_llm_detail.txt +0 -235
  411. solace_agent_mesh/gateway/gateway_llm.txt +0 -369
  412. solace_agent_mesh/gateway/gateway_llm_detail.txt +0 -3885
  413. solace_agent_mesh/gateway/http_sse/alembic/alembic_llm.txt +0 -345
  414. solace_agent_mesh/gateway/http_sse/alembic/versions/20251023_add_fulltext_search_indexes.py +0 -92
  415. solace_agent_mesh/gateway/http_sse/alembic/versions/versions_llm.txt +0 -161
  416. solace_agent_mesh/gateway/http_sse/components/components_llm.txt +0 -105
  417. solace_agent_mesh/gateway/http_sse/http_sse_llm.txt +0 -299
  418. solace_agent_mesh/gateway/http_sse/http_sse_llm_detail.txt +0 -3278
  419. solace_agent_mesh/gateway/http_sse/repository/entities/entities_llm.txt +0 -221
  420. solace_agent_mesh/gateway/http_sse/repository/models/models_llm.txt +0 -257
  421. solace_agent_mesh/gateway/http_sse/repository/repository_llm.txt +0 -308
  422. solace_agent_mesh/gateway/http_sse/routers/dto/dto_llm.txt +0 -450
  423. solace_agent_mesh/gateway/http_sse/routers/dto/requests/requests_llm.txt +0 -133
  424. solace_agent_mesh/gateway/http_sse/routers/dto/responses/responses_llm.txt +0 -123
  425. solace_agent_mesh/gateway/http_sse/routers/routers_llm.txt +0 -312
  426. solace_agent_mesh/gateway/http_sse/services/services_llm.txt +0 -303
  427. solace_agent_mesh/gateway/http_sse/shared/__init__.py +0 -146
  428. solace_agent_mesh/gateway/http_sse/shared/shared_llm.txt +0 -319
  429. solace_agent_mesh/gateway/http_sse/utils/utils_llm.txt +0 -47
  430. solace_agent_mesh/llm.txt +0 -228
  431. solace_agent_mesh/llm_detail.txt +0 -2835
  432. solace_agent_mesh/solace_agent_mesh_llm.txt +0 -362
  433. solace_agent_mesh/solace_agent_mesh_llm_detail.txt +0 -8599
  434. solace_agent_mesh/templates/logging_config_template.ini +0 -45
  435. solace_agent_mesh/templates/templates_llm.txt +0 -147
  436. /solace_agent_mesh/assets/docs/assets/js/{main.f213fe0c.js.LICENSE.txt → main.d634009f.js.LICENSE.txt} +0 -0
  437. /solace_agent_mesh/{gateway/http_sse/shared → shared/api}/auth_utils.py +0 -0
  438. /solace_agent_mesh/{gateway/http_sse/shared → shared/api}/pagination.py +0 -0
  439. /solace_agent_mesh/{gateway/http_sse/shared → shared/api}/response_utils.py +0 -0
  440. /solace_agent_mesh/{gateway/http_sse/shared → shared/exceptions}/error_dto.py +0 -0
  441. /solace_agent_mesh/{gateway/http_sse/shared → shared/exceptions}/exceptions.py +0 -0
  442. /solace_agent_mesh/{gateway/http_sse/shared → shared/utils}/enums.py +0 -0
  443. /solace_agent_mesh/{gateway/http_sse/shared → shared/utils}/timestamp_utils.py +0 -0
  444. /solace_agent_mesh/{gateway/http_sse/shared → shared/utils}/types.py +0 -0
  445. /solace_agent_mesh/{gateway/http_sse/shared → shared/utils}/utils.py +0 -0
  446. {solace_agent_mesh-1.7.1.dist-info → solace_agent_mesh-1.13.2.dist-info}/entry_points.txt +0 -0
  447. {solace_agent_mesh-1.7.1.dist-info → solace_agent_mesh-1.13.2.dist-info}/licenses/LICENSE +0 -0
solace_agent_mesh/assets/docs/docs/documentation/enterprise/rbac-setup-guide/index.html CHANGED
@@ -2,76 +2,90 @@
2
2
  <html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-current docs-doc-page docs-doc-id-documentation/enterprise/rbac-setup-guide" data-has-hydrated="false">
3
3
  <head>
4
4
  <meta charset="UTF-8">
5
- <meta name="generator" content="Docusaurus v3.8.1">
6
- <title data-rh="true">Setting Up RBAC | Solace Agent Mesh</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:image" content="https://solacelabs.github.io/solace-agent-mesh/img/logo.png"><meta data-rh="true" name="twitter:image" content="https://solacelabs.github.io/solace-agent-mesh/img/logo.png"><meta data-rh="true" property="og:url" content="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Setting Up RBAC | Solace Agent Mesh"><meta data-rh="true" name="description" content="This guide walks you through configuring Role-Based Access Control (RBAC) in a Docker installation for Agent Mesh. You will learn how to control access to Agent Mesh Enterprise features and resources based on user roles and permissions."><meta data-rh="true" property="og:description" content="This guide walks you through configuring Role-Based Access Control (RBAC) in a Docker installation for Agent Mesh. You will learn how to control access to Agent Mesh Enterprise features and resources based on user roles and permissions."><link data-rh="true" rel="icon" href="/solace-agent-mesh/img/logo.png"><link data-rh="true" rel="canonical" href="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"><link data-rh="true" rel="alternate" href="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide" hreflang="en"><link data-rh="true" rel="alternate" href="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Agent Mesh Enterprise","item":"https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/"},{"@type":"ListItem","position":2,"name":"Setting Up RBAC","item":"https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"}]}</script><link rel="stylesheet" href="/solace-agent-mesh/assets/css/styles.906a1503.css">
7
- <script src="/solace-agent-mesh/assets/js/runtime~main.d9606d6a.js" defer="defer"></script>
8
- <script src="/solace-agent-mesh/assets/js/main.f213fe0c.js" defer="defer"></script>
5
+ <meta name="generator" content="Docusaurus v3.9.2">
6
+ <title data-rh="true">Setting Up RBAC | Solace Agent Mesh</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:image" content="https://solacelabs.github.io/solace-agent-mesh/img/logo.png"><meta data-rh="true" name="twitter:image" content="https://solacelabs.github.io/solace-agent-mesh/img/logo.png"><meta data-rh="true" property="og:url" content="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Setting Up RBAC | Solace Agent Mesh"><meta data-rh="true" name="description" content="Agent Mesh Enterprise now uses secure-by-default authorization. If you do not configure an authorization service, the system will deny all access by default. You must explicitly configure RBAC or another authorization type to grant access to users."><meta data-rh="true" property="og:description" content="Agent Mesh Enterprise now uses secure-by-default authorization. If you do not configure an authorization service, the system will deny all access by default. You must explicitly configure RBAC or another authorization type to grant access to users."><link data-rh="true" rel="icon" href="/solace-agent-mesh/img/logo.png"><link data-rh="true" rel="canonical" href="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"><link data-rh="true" rel="alternate" href="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide" hreflang="en"><link data-rh="true" rel="alternate" href="https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Agent Mesh Enterprise","item":"https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/"},{"@type":"ListItem","position":2,"name":"Setting Up RBAC","item":"https://solacelabs.github.io/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"}]}</script><link rel="stylesheet" href="/solace-agent-mesh/assets/css/styles.8162edfb.css">
7
+ <script src="/solace-agent-mesh/assets/js/runtime~main.27bb82a7.js" defer="defer"></script>
8
+ <script src="/solace-agent-mesh/assets/js/main.d634009f.js" defer="defer"></script>
9
9
  </head>
10
10
  <body class="navigation-with-keyboard">
11
- <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs>
11
+ <svg style="display: none;"><defs>
12
12
  <symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
13
13
  </defs></svg>
14
- <script>!function(){var t=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",t||(window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light")),document.documentElement.setAttribute("data-theme-choice",t||"system")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><link rel="preload" as="image" href="/solace-agent-mesh/img/logo.png"><link rel="preload" as="image" href="/solace-agent-mesh/img/solace-logo.png"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/solace-agent-mesh/docs/documentation/getting-started"><div class="navbar__logo"><img src="/solace-agent-mesh/img/logo.png" alt="Solace Agent Mesh Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/solace-agent-mesh/img/logo.png" alt="Solace Agent Mesh Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">Solace Agent Mesh</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/solace-agent-mesh/docs/documentation/getting-started/">Documentation</a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><a href="https://github.com/SolaceLabs/solace-agent-mesh/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="system mode" aria-label="Switch between dark and light mode (currently system mode)"><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP systemToggleIcon_QzmC"><path fill="currentColor" d="m12 21c4.971 0 9-4.029 9-9s-4.029-9-9-9-9 4.029-9 9 4.029 9 9 9zm4.95-13.95c1.313 1.313 2.05 3.093 2.05 4.95s-0.738 3.637-2.05 4.95c-1.313 1.313-3.093 2.05-4.95 2.05v-14c1.857 0 3.637 0.737 4.95 2.05z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><div class="navbar__search"><span aria-label="expand searchbar" role="button" class="search-icon" tabindex="0"></span><input id="search_input_react" type="search" placeholder="Loading..." aria-label="Search" class="navbar__search-input search-bar" disabled=""></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/getting-started/">Getting Started</a><button aria-label="Collapse sidebar category &#x27;Getting Started&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/introduction">What is Agent Mesh?</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/try-agent-mesh">Try Agent Mesh</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/architecture">Architecture Overview</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/components/">Components</a><button aria-label="Expand sidebar category &#x27;Components&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/installing-and-configuring/">Installing and Configuring Agent Mesh</a><button aria-label="Expand sidebar category &#x27;Installing and Configuring Agent Mesh&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/developing/">Developing with Agent Mesh</a><button aria-label="Expand sidebar category &#x27;Developing with Agent Mesh&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/deploying/">Deploying Agent Mesh</a><button aria-label="Expand sidebar category &#x27;Deploying Agent Mesh&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/solace-agent-mesh/docs/documentation/migrations/a2a-upgrade/a2a-gateway-upgrade-to-0.3.0">Migrations</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" href="/solace-agent-mesh/docs/documentation/enterprise/">Agent Mesh Enterprise</a><button aria-label="Collapse sidebar category &#x27;Agent Mesh Enterprise&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/installation">Installing Agent Mesh Enterprise</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/wheel-installation">Running from Wheel File</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/agent-builder">Agent Builder</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/connectors/">Connectors</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide">Setting Up RBAC</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/single-sign-on">Enabling SSO</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/secure-user-delegated-access">Secure User Delegated Access</a></li></ul></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/solace-agent-mesh/docs/documentation/enterprise/"><span>Agent Mesh Enterprise</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Setting Up RBAC</span></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Setting Up RBAC</h1></header><p>This guide walks you through configuring Role-Based Access Control (RBAC) in a Docker installation for Agent Mesh. You will learn how to control access to Agent Mesh Enterprise features and resources based on user roles and permissions.</p>
15
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="table-of-contents">Table of Contents<a href="#table-of-contents" class="hash-link" aria-label="Direct link to Table of Contents" title="Direct link to Table of Contents">​</a></h2>
14
+ <script>!function(){var t=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",t||(window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light")),document.documentElement.setAttribute("data-theme-choice",t||"system")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><link rel="preload" as="image" href="/solace-agent-mesh/img/logo.png"><link rel="preload" as="image" href="/solace-agent-mesh/img/solace-logo.png"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/solace-agent-mesh/docs/documentation/getting-started"><div class="navbar__logo"><img src="/solace-agent-mesh/img/logo.png" alt="Solace Agent Mesh Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/solace-agent-mesh/img/logo.png" alt="Solace Agent Mesh Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">Solace Agent Mesh</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/solace-agent-mesh/docs/documentation/getting-started/">Documentation</a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><a href="https://github.com/SolaceLabs/solace-agent-mesh/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="system mode" aria-label="Switch between dark and light mode (currently system mode)"><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP systemToggleIcon_QzmC"><path fill="currentColor" d="m12 21c4.971 0 9-4.029 9-9s-4.029-9-9-9-9 4.029-9 9 4.029 9 9 9zm4.95-13.95c1.313 1.313 2.05 3.093 2.05 4.95s-0.738 3.637-2.05 4.95c-1.313 1.313-3.093 2.05-4.95 2.05v-14c1.857 0 3.637 0.737 4.95 2.05z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><div class="navbar__search"><span aria-label="expand searchbar" role="button" class="search-icon" tabindex="0"></span><input id="search_input_react" type="search" placeholder="Loading..." aria-label="Search" class="navbar__search-input search-bar" disabled=""></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/getting-started/"><span title="Getting Started" class="categoryLinkLabel_W154">Getting Started</span></a><button aria-label="Collapse sidebar category &#x27;Getting Started&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/introduction"><span title="What is Agent Mesh?" class="linkLabel_WmDU">What is Agent Mesh?</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/try-agent-mesh"><span title="Try Agent Mesh" class="linkLabel_WmDU">Try Agent Mesh</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/architecture"><span title="Architecture Overview" class="linkLabel_WmDU">Architecture Overview</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/getting-started/vibe_coding"><span title="Vibe Coding" class="linkLabel_WmDU">Vibe Coding</span></a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/components/"><span title="Components" class="categoryLinkLabel_W154">Components</span></a><button aria-label="Expand sidebar category &#x27;Components&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/installing-and-configuring/"><span title="Installing and Configuring Agent Mesh" class="categoryLinkLabel_W154">Installing and Configuring Agent Mesh</span></a><button aria-label="Expand sidebar category &#x27;Installing and Configuring Agent Mesh&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/developing/"><span title="Developing with Agent Mesh" class="categoryLinkLabel_W154">Developing with Agent Mesh</span></a><button aria-label="Expand sidebar category &#x27;Developing with Agent Mesh&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/solace-agent-mesh/docs/documentation/deploying/"><span title="Deploying Agent Mesh" class="categoryLinkLabel_W154">Deploying Agent Mesh</span></a><button aria-label="Expand sidebar category &#x27;Deploying Agent Mesh&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/solace-agent-mesh/docs/documentation/migrations/platform-service-split"><span title="Migrations" class="categoryLinkLabel_W154">Migrations</span></a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--active" href="/solace-agent-mesh/docs/documentation/enterprise/"><span title="Agent Mesh Enterprise" class="categoryLinkLabel_W154">Agent Mesh Enterprise</span></a><button aria-label="Collapse sidebar category &#x27;Agent Mesh Enterprise&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/installation"><span title="Installing Agent Mesh Enterprise" class="linkLabel_WmDU">Installing Agent Mesh Enterprise</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/wheel-installation"><span title="Running from Wheel File" class="linkLabel_WmDU">Running from Wheel File</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/agent-builder"><span title="Agent Builder" class="linkLabel_WmDU">Agent Builder</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/connectors/"><span title="Connectors" class="linkLabel_WmDU">Connectors</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"><span title="Setting Up RBAC" class="linkLabel_WmDU">Setting Up RBAC</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/single-sign-on"><span title="Enabling SSO" class="linkLabel_WmDU">Enabling SSO</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/secure-user-delegated-access"><span title="Secure User Delegated Access" class="linkLabel_WmDU">Secure User Delegated Access</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/solace-agent-mesh/docs/documentation/enterprise/openapi-tools"><span title="OpenAPI Tools" class="linkLabel_WmDU">OpenAPI Tools</span></a></li></ul></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/solace-agent-mesh/docs/documentation/enterprise/"><span>Agent Mesh Enterprise</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Setting Up RBAC</span></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Setting Up RBAC</h1></header><div class="theme-admonition theme-admonition-warning admonition_xJq3 alert alert--warning"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8.893 1.5c-.183-.31-.52-.5-.887-.5s-.703.19-.886.5L.138 13.499a.98.98 0 0 0 0 1.001c.193.31.53.501.886.501h13.964c.367 0 .704-.19.877-.5a1.03 1.03 0 0 0 .01-1.002L8.893 1.5zm.133 11.497H6.987v-2.003h2.039v2.003zm0-3.004H6.987V5.987h2.039v4.006z"></path></svg></span>Security Notice</div><div class="admonitionContent_BuS1"><p><strong>Agent Mesh Enterprise now uses secure-by-default authorization.</strong> If you do not configure an authorization service, the system will <strong>deny all access</strong> by default. You must explicitly configure RBAC or another authorization type to grant access to users.</p></div></div>
15
+ <p>This guide walks you through configuring Role-Based Access Control (RBAC) in a Docker installation for Agent Mesh. You will learn how to control access to Agent Mesh Enterprise features and resources based on user roles and permissions.</p>
16
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="table-of-contents">Table of Contents<a href="#table-of-contents" class="hash-link" aria-label="Direct link to Table of Contents" title="Direct link to Table of Contents" translate="no">​</a></h2>
16
17
  <ul>
17
- <li><a href="#understanding-rbac-in-agent-mesh-enterprise">Understanding RBAC in Agent Mesh Enterprise</a></li>
18
- <li><a href="#planning-your-rbac-configuration">Planning Your RBAC Configuration</a></li>
19
- <li><a href="#setting-up-rbac-in-docker">Setting Up RBAC in Docker</a></li>
20
- <li><a href="#understanding-configuration-files">Understanding Configuration Files</a></li>
21
- <li><a href="#advanced-configuration-options">Advanced Configuration Options</a></li>
22
- <li><a href="#best-practices">Best Practices</a></li>
23
- <li><a href="#troubleshooting">Troubleshooting</a></li>
18
+ <li class=""><a href="#understanding-rbac-in-agent-mesh-enterprise" class="">Understanding RBAC in Agent Mesh Enterprise</a></li>
19
+ <li class=""><a href="#planning-your-rbac-configuration" class="">Planning Your RBAC Configuration</a></li>
20
+ <li class=""><a href="#setting-up-rbac-in-docker" class="">Setting Up RBAC in Docker</a></li>
21
+ <li class=""><a href="#understanding-configuration-files" class="">Understanding Configuration Files</a></li>
22
+ <li class=""><a href="#advanced-configuration-options" class="">Advanced Configuration Options</a></li>
23
+ <li class=""><a href="#best-practices" class="">Best Practices</a></li>
24
+ <li class=""><a href="#troubleshooting" class="">Troubleshooting</a></li>
24
25
  </ul>
25
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="understanding-rbac-in-agent-mesh-enterprise">Understanding RBAC in Agent Mesh Enterprise<a href="#understanding-rbac-in-agent-mesh-enterprise" class="hash-link" aria-label="Direct link to Understanding RBAC in Agent Mesh Enterprise" title="Direct link to Understanding RBAC in Agent Mesh Enterprise">​</a></h2>
26
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="understanding-rbac-in-agent-mesh-enterprise">Understanding RBAC in Agent Mesh Enterprise<a href="#understanding-rbac-in-agent-mesh-enterprise" class="hash-link" aria-label="Direct link to Understanding RBAC in Agent Mesh Enterprise" title="Direct link to Understanding RBAC in Agent Mesh Enterprise" translate="no">​</a></h2>
26
27
  <p>Before you configure RBAC, you need to understand how the system works. Agent Mesh Enterprise uses a three-tier authorization model that separates identity, roles, and permissions.</p>
27
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="the-three-components">The Three Components<a href="#the-three-components" class="hash-link" aria-label="Direct link to The Three Components" title="Direct link to The Three Components">​</a></h3>
28
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="authorization-types">Authorization Types<a href="#authorization-types" class="hash-link" aria-label="Direct link to Authorization Types" title="Direct link to Authorization Types" translate="no">​</a></h3>
29
+ <p>Agent Mesh Enterprise supports multiple authorization types, each suited for different use cases:</p>
30
+ <p><strong><code>deny_all</code> (Default)</strong> - The secure default that denies all access. This type is automatically used when:</p>
31
+ <ul>
32
+ <li class="">No <code>authorization_service</code> configuration block is present</li>
33
+ <li class="">The <code>authorization_service</code> block is empty</li>
34
+ <li class="">The <code>type</code> field is explicitly set to <code>deny_all</code></li>
35
+ </ul>
36
+ <p>When this type is active, all user requests are denied and logged with WARNING messages. This ensures maximum security by default.</p>
37
+ <p><strong><code>default_rbac</code></strong> - Role-Based Access Control using configuration files. This type is the recommended type for production deployments where you need fine-grained control over user permissions. It requires both role definitions and user assignments files.</p>
38
+ <p><strong><code>custom</code></strong> - Custom authorization service implementation. Use this when you need to integrate with external authorization systems or implement custom authorization logic.</p>
39
+ <p><strong><code>none</code></strong> - Disables authorization entirely, granting wildcard <code>*</code> scope to all users. This type must be explicitly configured and should <strong>only be used in development environments</strong>. The system logs prominent security warnings when this type is active.</p>
40
+ <div class="theme-admonition theme-admonition-danger admonition_xJq3 alert alert--danger"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M5.05.31c.81 2.17.41 3.38-.52 4.31C3.55 5.67 1.98 6.45.9 7.98c-1.45 2.05-1.7 6.53 3.53 7.7-2.2-1.16-2.67-4.52-.3-6.61-.61 2.03.53 3.33 1.94 2.86 1.39-.47 2.3.53 2.27 1.67-.02.78-.31 1.44-1.13 1.81 3.42-.59 4.78-3.42 4.78-5.56 0-2.84-2.53-3.22-1.25-5.61-1.52.13-2.03 1.13-1.89 2.75.09 1.08-1.02 1.8-1.86 1.33-.67-.41-.66-1.19-.06-1.78C8.18 5.31 8.68 2.45 5.05.32L5.03.3l.02.01z"></path></svg></span>Development Only</div><div class="admonitionContent_BuS1"><p>The <code>type: none</code> authorization configuration grants full access to all users and should <strong>never</strong> be used in production environments. It is intended only for local development and testing.</p></div></div>
41
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="the-three-components">The Three Components<a href="#the-three-components" class="hash-link" aria-label="Direct link to The Three Components" title="Direct link to The Three Components" translate="no">​</a></h3>
28
42
  <p>RBAC in Agent Mesh Enterprise consists of three interconnected components:</p>
29
43
  <p><strong>Users</strong> represent identities in your system. Each user has a unique identifier, typically an email address. When a user attempts to access a feature or resource, Agent Mesh Enterprise checks their assigned roles to determine what they can do.</p>
30
44
  <p><strong>Roles</strong> are collections of permissions that you assign to users. Instead of granting permissions directly to individual users, you create roles that represent job functions or responsibilities. For example, you might create a &quot;data_analyst&quot; role for users who need to work with data tools and artifacts. This approach simplifies administration because you can modify a role&#x27;s permissions once and affect all users assigned to that role.</p>
31
45
  <p><strong>Scopes</strong> are the actual permissions that grant access to specific features or resources. Each scope follows a pattern that identifies what it controls. For example, the scope <code>tool:data:read</code> grants permission to read data tools, while <code>artifact:create</code> allows creating artifacts. Scopes use wildcards to grant broader permissions. For example, the scope <code>tool:data:*</code> grants all permissions for data tools.</p>
32
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="how-authorization-works">How Authorization Works<a href="#how-authorization-works" class="hash-link" aria-label="Direct link to How Authorization Works" title="Direct link to How Authorization Works">​</a></h3>
46
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="how-authorization-works">How Authorization Works<a href="#how-authorization-works" class="hash-link" aria-label="Direct link to How Authorization Works" title="Direct link to How Authorization Works" translate="no">​</a></h3>
33
47
  <p>When a user attempts an action in Agent Mesh Enterprise, the system follows this authorization flow:</p>
34
48
  <ol>
35
- <li>The system identifies the user based on their authentication credentials</li>
36
- <li>It retrieves all roles assigned to that user</li>
37
- <li>For each role, it collects all associated scopes (permissions)</li>
38
- <li>It checks if any of the user&#x27;s scopes match the permission required for the requested action</li>
39
- <li>If a matching scope exists, the system allows the action; otherwise, it denies access</li>
49
+ <li class="">The system identifies the user based on their authentication credentials</li>
50
+ <li class="">It retrieves all roles assigned to that user</li>
51
+ <li class="">For each role, it collects all associated scopes (permissions)</li>
52
+ <li class="">It checks if any of the user&#x27;s scopes match the permission required for the requested action</li>
53
+ <li class="">If a matching scope exists, the system allows the action; otherwise, it denies access</li>
40
54
  </ol>
41
55
  <p>This model implements the principle of least privilege: users receive only the permissions they need to perform their job functions.</p>
42
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="planning-your-rbac-configuration">Planning Your RBAC Configuration<a href="#planning-your-rbac-configuration" class="hash-link" aria-label="Direct link to Planning Your RBAC Configuration" title="Direct link to Planning Your RBAC Configuration">​</a></h2>
56
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="planning-your-rbac-configuration">Planning Your RBAC Configuration<a href="#planning-your-rbac-configuration" class="hash-link" aria-label="Direct link to Planning Your RBAC Configuration" title="Direct link to Planning Your RBAC Configuration" translate="no">​</a></h2>
43
57
  <p>Before you create configuration files, you should plan your RBAC structure. This planning phase helps you design a system that meets your organization&#x27;s needs while remaining maintainable.</p>
44
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="identifying-user-types">Identifying User Types<a href="#identifying-user-types" class="hash-link" aria-label="Direct link to Identifying User Types" title="Direct link to Identifying User Types">​</a></h3>
58
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="identifying-user-types">Identifying User Types<a href="#identifying-user-types" class="hash-link" aria-label="Direct link to Identifying User Types" title="Direct link to Identifying User Types" translate="no">​</a></h3>
45
59
  <p>Start by identifying the different types of users in your organization. Consider their job functions and what they need to accomplish with Agent Mesh Enterprise. Common user types include:</p>
46
60
  <p>Administrators need full access to all features and resources. They manage the system, configure settings, and troubleshoot issues. You typically assign these users a role with wildcard permissions.</p>
47
61
  <p>Operators perform day-to-day tasks such as running tools, creating artifacts, and monitoring system activity. They need broad access to operational features but not administrative capabilities.</p>
48
62
  <p>Analysts work with data and reports. They need access to data tools, artifact creation, and monitoring capabilities, but they do not need access to system configuration or advanced tools.</p>
49
63
  <p>Viewers need read-only access to monitor system activity and view artifacts. They cannot create, modify, or delete resources.</p>
50
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="designing-roles">Designing Roles<a href="#designing-roles" class="hash-link" aria-label="Direct link to Designing Roles" title="Direct link to Designing Roles">​</a></h3>
64
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="designing-roles">Designing Roles<a href="#designing-roles" class="hash-link" aria-label="Direct link to Designing Roles" title="Direct link to Designing Roles" translate="no">​</a></h3>
51
65
  <p>Once you identify user types, design roles that match their needs. Each role should represent a specific job function and include only the scopes necessary for that function.</p>
52
66
  <p>Consider creating a role hierarchy where some roles inherit permissions from others. For example, an &quot;operator&quot; role might inherit all permissions from a &quot;viewer&quot; role and add additional capabilities. This approach reduces duplication and makes your configuration easier to maintain.</p>
53
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="mapping-scopes-to-features">Mapping Scopes to Features<a href="#mapping-scopes-to-features" class="hash-link" aria-label="Direct link to Mapping Scopes to Features" title="Direct link to Mapping Scopes to Features">​</a></h3>
67
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="mapping-scopes-to-features">Mapping Scopes to Features<a href="#mapping-scopes-to-features" class="hash-link" aria-label="Direct link to Mapping Scopes to Features" title="Direct link to Mapping Scopes to Features" translate="no">​</a></h3>
54
68
  <p>Understanding available scopes helps you design effective roles. Agent Mesh Enterprise uses a hierarchical scope naming convention:</p>
55
69
  <p>Tool scopes control access to tools and follow the pattern <code>tool:&lt;category&gt;:&lt;action&gt;</code>. For example, <code>tool:basic:read</code> grants permission to read basic tools, while <code>tool:data:*</code> grants all permissions for data tools.</p>
56
70
  <p>Artifact scopes control access to artifacts (files and data created by the system) and use the pattern <code>artifact:&lt;action&gt;</code>. Common artifact scopes include <code>artifact:read</code>, <code>artifact:create</code>, and <code>artifact:delete</code>.</p>
57
71
  <p>Monitoring scopes control access to system monitoring features and follow the pattern <code>monitor/namespace/&lt;namespace&gt;:a2a_messages:subscribe</code>. These scopes allow users to observe message traffic in specific namespaces.</p>
58
72
  <p>The wildcard scope <code>*</code> grants all permissions and should only be used for administrator roles.</p>
59
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="setting-up-rbac-in-docker">Setting Up RBAC in Docker<a href="#setting-up-rbac-in-docker" class="hash-link" aria-label="Direct link to Setting Up RBAC in Docker" title="Direct link to Setting Up RBAC in Docker">​</a></h2>
73
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="setting-up-rbac-in-docker">Setting Up RBAC in Docker<a href="#setting-up-rbac-in-docker" class="hash-link" aria-label="Direct link to Setting Up RBAC in Docker" title="Direct link to Setting Up RBAC in Docker" translate="no">​</a></h2>
60
74
  <p>Now that you understand RBAC concepts and have planned your configuration, you can set up RBAC in your Docker environment. This process involves creating configuration files, setting up the Docker container, and verifying that everything works correctly.</p>
61
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="prerequisites">Prerequisites<a href="#prerequisites" class="hash-link" aria-label="Direct link to Prerequisites" title="Direct link to Prerequisites">​</a></h3>
75
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="prerequisites">Prerequisites<a href="#prerequisites" class="hash-link" aria-label="Direct link to Prerequisites" title="Direct link to Prerequisites" translate="no">​</a></h3>
62
76
  <p>Before you begin, ensure you have:</p>
63
77
  <ul>
64
- <li>Docker installed and running on your system</li>
65
- <li>The Agent Mesh Enterprise Docker image (<code>solace-agent-mesh-enterprise</code>)</li>
66
- <li>A text editor for creating configuration files</li>
67
- <li>Basic familiarity with YAML file format</li>
78
+ <li class="">Docker installed and running on your system</li>
79
+ <li class="">The Agent Mesh Enterprise Docker image (<code>solace-agent-mesh-enterprise</code>)</li>
80
+ <li class="">A text editor for creating configuration files</li>
81
+ <li class="">Basic familiarity with YAML file format</li>
68
82
  </ul>
69
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="creating-the-configuration-directory-structure">Creating the Configuration Directory Structure<a href="#creating-the-configuration-directory-structure" class="hash-link" aria-label="Direct link to Creating the Configuration Directory Structure" title="Direct link to Creating the Configuration Directory Structure">​</a></h3>
83
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="creating-the-configuration-directory-structure">Creating the Configuration Directory Structure<a href="#creating-the-configuration-directory-structure" class="hash-link" aria-label="Direct link to Creating the Configuration Directory Structure" title="Direct link to Creating the Configuration Directory Structure" translate="no">​</a></h3>
70
84
  <p>You need to create a directory structure on your host system to store RBAC configuration files. The Docker container will mount this directory to access your configurations.</p>
71
85
  <p>Create the directory structure as follows:</p>
72
86
  <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">mkdir -p sam-enterprise/config/auth</span><br></span></code></pre></div></div>
73
87
  <p>This command creates a <code>sam-enterprise</code> directory with a nested <code>config/auth</code> subdirectory. The <code>auth</code> subdirectory will contain your RBAC configuration files.</p>
74
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="defining-roles-and-permissions">Defining Roles and Permissions<a href="#defining-roles-and-permissions" class="hash-link" aria-label="Direct link to Defining Roles and Permissions" title="Direct link to Defining Roles and Permissions">​</a></h3>
88
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="defining-roles-and-permissions">Defining Roles and Permissions<a href="#defining-roles-and-permissions" class="hash-link" aria-label="Direct link to Defining Roles and Permissions" title="Direct link to Defining Roles and Permissions" translate="no">​</a></h3>
75
89
  <p>Create a file named <code>role-to-scope-definitions.yaml</code> in the <code>sam-enterprise/config/auth</code> directory.
76
90
  This file defines all roles in your system and the scopes (permissions) associated with each role.</p>
77
91
  <p>Here is an example configuration that defines three roles:</p>
@@ -80,29 +94,45 @@ This file defines all roles in your system and the scopes (permissions) associat
80
94
  <p>The <code>enterprise_admin</code> role receives the wildcard scope <code>*</code>, which grants all permissions in the system. You should assign this role only to trusted administrators who need complete control over Agent Mesh Enterprise.</p>
81
95
  <p>The <code>data_analyst</code> role receives permissions tailored for data analysis work. The scope <code>tool:data:*</code> grants all permissions for data-related tools (read, write, execute). The <code>artifact:read</code> and <code>artifact:create</code> scopes allow analysts to view existing artifacts and create new ones. The monitoring scope <code>monitor/namespace/*:a2a_messages:subscribe</code> enables analysts to observe message traffic across all namespaces, which helps them understand data flows.</p>
82
96
  <p>The <code>standard_user</code> role provides minimal permissions for basic operations. Users with this role can read artifacts and perform basic tool operations but cannot create new artifacts or access advanced features.</p>
83
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="assigning-users-to-roles">Assigning Users to Roles<a href="#assigning-users-to-roles" class="hash-link" aria-label="Direct link to Assigning Users to Roles" title="Direct link to Assigning Users to Roles">​</a></h3>
97
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="assigning-users-to-roles">Assigning Users to Roles<a href="#assigning-users-to-roles" class="hash-link" aria-label="Direct link to Assigning Users to Roles" title="Direct link to Assigning Users to Roles" translate="no">​</a></h3>
84
98
  <p>Create a file named <code>user-to-role-assignments.yaml</code> in the <code>sam-enterprise/config/auth</code> directory. This file maps user identities to roles.</p>
85
99
  <p>Here is an example configuration:</p>
86
100
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># user-to-role-assignments.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">users</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">admin@example.com</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;enterprise_admin&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Enterprise Administrator Account&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">data.analyst@example.com</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;data_analyst&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Senior Data Analyst&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">user1@example.com</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;standard_user&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Standard Enterprise User&quot;</span><br></span></code></pre></div></div>
87
101
  <p>Each entry in this file maps a user identity (typically an email address) to one or more roles. The user identity must match exactly what your authentication system provides because Agent Mesh Enterprise performs case-sensitive matching.</p>
88
102
  <p>You can assign multiple roles to a single user by listing them in the <code>roles</code> array. When a user has multiple roles, they receive the combined permissions from all assigned roles. For example, if you assign both <code>data_analyst</code> and <code>standard_user</code> roles to a user, they receive all scopes from both roles.</p>
89
103
  <p>The <code>description</code> field is optional but recommended. It helps you document the purpose of each user account, which is valuable when reviewing or auditing your RBAC configuration.</p>
90
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="creating-the-enterprise-configuration">Creating the Enterprise Configuration<a href="#creating-the-enterprise-configuration" class="hash-link" aria-label="Direct link to Creating the Enterprise Configuration" title="Direct link to Creating the Enterprise Configuration">​</a></h3>
104
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="creating-the-enterprise-configuration">Creating the Enterprise Configuration<a href="#creating-the-enterprise-configuration" class="hash-link" aria-label="Direct link to Creating the Enterprise Configuration" title="Direct link to Creating the Enterprise Configuration" translate="no">​</a></h3>
91
105
  <p>Create a file named <code>enterprise_config.yaml</code> in the <code>sam-enterprise/config</code> directory (not in the <code>auth</code> subdirectory). This file tells Agent Mesh Enterprise where to find your RBAC configuration files and how to use them.</p>
92
- <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># enterprise_config.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">authorization_service</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">type</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;default_rbac&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">role_to_scope_definitions_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;config/auth/role-to-scope-definitions.yaml&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">user_to_role_assignments_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;config/auth/user-to-role-assignments.yaml&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">namespace</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;enterprise_prod&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">gateway_id</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;enterprise_gateway&quot;</span><br></span></code></pre></div></div>
106
+ <div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>Optional Configuration</div><div class="admonitionContent_BuS1"><p>The <code>authorization_service</code> configuration block is <strong>optional</strong>. If omitted, the system defaults to <code>deny_all</code> (secure by default) and logs a WARNING message. You must explicitly configure authorization to grant access to users.</p></div></div>
107
+ <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># enterprise_config.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">authorization_service</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">type</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;default_rbac&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">role_to_scope_definitions_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;config/auth/role-to-scope-definitions.yaml&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">user_to_role_assignments_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;config/auth/user-to-role-assignments.yaml&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">namespace</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;enterprise_prod&quot;</span><br></span></code></pre></div></div>
93
108
  <p>The <code>authorization_service</code> section configures the RBAC system. The <code>type</code> field specifies <code>default_rbac</code>, which tells Agent Mesh Enterprise to use the file-based RBAC system. The two path fields point to your RBAC configuration files—these paths are relative to the container&#x27;s working directory, not your host system.</p>
94
- <p>The <code>namespace</code> and <code>gateway_id</code> fields configure the Agent Mesh Enterprise instance. The namespace isolates this instance from others, while the gateway ID identifies the web interface gateway.</p>
95
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="running-the-docker-container">Running the Docker Container<a href="#running-the-docker-container" class="hash-link" aria-label="Direct link to Running the Docker Container" title="Direct link to Running the Docker Container">​</a></h3>
109
+ <p><strong>Important:</strong> When using <code>type: default_rbac</code>, <code>role_to_scope_definitions_path</code> is <strong>required</strong>. The system fails to start if these files are missing or invalid.</p>
110
+ <p>The <code>namespace</code> field configures the Agent Mesh Enterprise instance. The namespace isolates this instance from others.</p>
111
+ <h4 class="anchor anchorTargetStickyNavbar_Vzrq" id="alternative-development-mode-permissive">Alternative: Development Mode (Permissive)<a href="#alternative-development-mode-permissive" class="hash-link" aria-label="Direct link to Alternative: Development Mode (Permissive)" title="Direct link to Alternative: Development Mode (Permissive)" translate="no">​</a></h4>
112
+ <p>For local development and testing only, you can disable authorization:</p>
113
+ <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># enterprise_config.yaml - DEVELOPMENT ONLY</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">authorization_service</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">type</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;none&quot;</span><span class="token plain"> </span><span class="token comment" style="color:rgb(98, 114, 164)"># Grants full access to all users</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">namespace</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;enterprise_dev&quot;</span><br></span></code></pre></div></div>
114
+ <div class="theme-admonition theme-admonition-danger admonition_xJq3 alert alert--danger"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M5.05.31c.81 2.17.41 3.38-.52 4.31C3.55 5.67 1.98 6.45.9 7.98c-1.45 2.05-1.7 6.53 3.53 7.7-2.2-1.16-2.67-4.52-.3-6.61-.61 2.03.53 3.33 1.94 2.86 1.39-.47 2.3.53 2.27 1.67-.02.78-.31 1.44-1.13 1.81 3.42-.59 4.78-3.42 4.78-5.56 0-2.84-2.53-3.22-1.25-5.61-1.52.13-2.03 1.13-1.89 2.75.09 1.08-1.02 1.8-1.86 1.33-.67-.41-.66-1.19-.06-1.78C8.18 5.31 8.68 2.45 5.05.32L5.03.3l.02.01z"></path></svg></span>Security Warning</div><div class="admonitionContent_BuS1"><p>Using <code>type: none</code> disables all authorization checks and grants wildcard <code>*</code> scope to every user. This configuration should <strong>never</strong> be used in production environments. The system logs prominent security warnings when this type is active.</p></div></div>
115
+ <h4 class="anchor anchorTargetStickyNavbar_Vzrq" id="default-behavior-no-configuration">Default Behavior (No Configuration)<a href="#default-behavior-no-configuration" class="hash-link" aria-label="Direct link to Default Behavior (No Configuration)" title="Direct link to Default Behavior (No Configuration)" translate="no">​</a></h4>
116
+ <p>If you omit the <code>authorization_service</code> block entirely, the system uses secure defaults:</p>
117
+ <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># enterprise_config.yaml - Secure by default</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token comment" style="color:rgb(98, 114, 164)"># No authorization_service block = deny_all</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">namespace</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;enterprise_prod&quot;</span><br></span></code></pre></div></div>
118
+ <p>When no authorization configuration is present, the system:</p>
119
+ <ol>
120
+ <li class="">Logs a WARNING message about missing configuration</li>
121
+ <li class="">Defaults to <code>deny_all</code> authorization type</li>
122
+ <li class="">Denies all user requests with WARNING logs</li>
123
+ <li class="">Requires explicit RBAC configuration to grant access</li>
124
+ </ol>
125
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="running-the-docker-container">Running the Docker Container<a href="#running-the-docker-container" class="hash-link" aria-label="Direct link to Running the Docker Container" title="Direct link to Running the Docker Container" translate="no">​</a></h3>
96
126
  <p>Now you can start the Docker container with your RBAC configuration.
97
127
  Navigate to your <code>sam-enterprise</code> directory and run:</p>
98
- <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">cd sam-enterprise</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker run -d \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> --name sam-enterprise \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -p 8001:8000 \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -v &quot;$(pwd):/app&quot; \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e SAM_AUTHORIZATION_CONFIG=&quot;/app/config/auth/enterprise_config.yaml&quot; \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e NAMESPACE=enterprise_prod \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e WEBUI_GATEWAY_ID=enterprise_gateway \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e ... list here all other necessary env vars ...</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> solace-agent-mesh-enterprise:&lt;tagname&gt;</span><br></span></code></pre></div></div>
99
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="verifying-your-configuration">Verifying Your Configuration<a href="#verifying-your-configuration" class="hash-link" aria-label="Direct link to Verifying Your Configuration" title="Direct link to Verifying Your Configuration">​</a></h3>
128
+ <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">cd sam-enterprise</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker run -d \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> --name sam-enterprise \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -p 8001:8000 \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -v &quot;$(pwd):/app&quot; \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e SAM_AUTHORIZATION_CONFIG=&quot;/app/config/enterprise_config.yaml&quot; \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e NAMESPACE=enterprise_prod \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e ... list here all other necessary env vars ...</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> solace-agent-mesh-enterprise:&lt;tagname&gt;</span><br></span></code></pre></div></div>
129
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="verifying-your-configuration">Verifying Your Configuration<a href="#verifying-your-configuration" class="hash-link" aria-label="Direct link to Verifying Your Configuration" title="Direct link to Verifying Your Configuration" translate="no">​</a></h3>
100
130
  <p>After starting the container, you should verify that RBAC is working correctly. Follow these steps:</p>
101
131
  <ol>
102
- <li>Open your web browser and navigate to <code>http://localhost:8001</code></li>
103
- <li>Log in using one of the user identities defined in your <code>user-to-role-assignments.yaml</code> file</li>
104
- <li>Attempt to access features that the user should have permission to use</li>
105
- <li>Attempt to access features that the user should not have permission to use</li>
132
+ <li class="">Open your web browser and navigate to <code>http://localhost:8001</code></li>
133
+ <li class="">Log in using one of the user identities defined in your <code>user-to-role-assignments.yaml</code> file</li>
134
+ <li class="">Attempt to access features that the user should have permission to use</li>
135
+ <li class="">Attempt to access features that the user should not have permission to use</li>
106
136
  </ol>
107
137
  <p>If RBAC is configured correctly, the user can access permitted features and receives authorization errors when attempting to access restricted features.</p>
108
138
  <p>You can also check the container logs to verify that Agent Mesh Enterprise loaded your configuration files:</p>
@@ -110,66 +140,66 @@ Navigate to your <code>sam-enterprise</code> directory and run:</p>
110
140
  <p>Look for log messages that indicate successful configuration loading. You should see messages similar to:</p>
111
141
  <div class="language-text codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">INFO:solace_ai_connector:[ConfigurableRbacAuthSvc] Successfully loaded role-to-scope definitions from: /app/config/auth/role-to-scope-definitions.yaml</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">DEBUG:solace_ai_connector:[ConfigurableRbacAuthSvc] Role &#x27;enterprise_admin&#x27; loaded with 1 direct scopes, 1 resolved scopes.</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">DEBUG:solace_ai_connector:[ConfigurableRbacAuthSvc] Role &#x27;data_analyst&#x27; loaded with 4 direct scopes, 4 resolved scopes.</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">DEBUG:solace_ai_connector:[ConfigurableRbacAuthSvc] Role &#x27;standard_user&#x27; loaded with 3 direct scopes, 3 resolved scopes.</span><br></span></code></pre></div></div>
112
142
  <p>These messages confirm that Agent Mesh Enterprise found and parsed your configuration files correctly.</p>
113
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="understanding-configuration-files">Understanding Configuration Files<a href="#understanding-configuration-files" class="hash-link" aria-label="Direct link to Understanding Configuration Files" title="Direct link to Understanding Configuration Files">​</a></h2>
143
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="understanding-configuration-files">Understanding Configuration Files<a href="#understanding-configuration-files" class="hash-link" aria-label="Direct link to Understanding Configuration Files" title="Direct link to Understanding Configuration Files" translate="no">​</a></h2>
114
144
  <p>Now that you have a working RBAC configuration, you should understand the full structure and capabilities of each configuration file. This knowledge helps you customize the configuration to meet your specific needs.</p>
115
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="role-to-scope-definitions-structure">Role-to-Scope Definitions Structure<a href="#role-to-scope-definitions-structure" class="hash-link" aria-label="Direct link to Role-to-Scope Definitions Structure" title="Direct link to Role-to-Scope Definitions Structure">​</a></h3>
145
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="role-to-scope-definitions-structure">Role-to-Scope Definitions Structure<a href="#role-to-scope-definitions-structure" class="hash-link" aria-label="Direct link to Role-to-Scope Definitions Structure" title="Direct link to Role-to-Scope Definitions Structure" translate="no">​</a></h3>
116
146
  <p>The <code>role-to-scope-definitions.yaml</code> file supports several features beyond the basic examples shown earlier. Here is the complete structure:</p>
117
147
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">role_name</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Role description&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">scopes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;scope1&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;scope2&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">inherits</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token comment" style="color:rgb(98, 114, 164)"># Optional - inherit scopes from other roles</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;parent_role1&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;parent_role2&quot;</span><br></span></code></pre></div></div>
118
148
  <p>The <code>inherits</code> field allows you to create role hierarchies. When a role inherits from another role, it receives all scopes from the parent role in addition to its own scopes. This feature reduces duplication and makes your configuration easier to maintain.</p>
119
149
  <p>For example, you might create a base &quot;viewer&quot; role with read-only permissions, then create an &quot;operator&quot; role that inherits from &quot;viewer&quot; and adds write permissions:</p>
120
150
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">viewer</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Read-only access&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">scopes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;tool:basic:read&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;artifact:read&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">operator</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Operational access&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">inherits</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;viewer&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">scopes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;tool:basic:*&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;artifact:create&quot;</span><br></span></code></pre></div></div>
121
151
  <p>In this example, the &quot;operator&quot; role receives all scopes from &quot;viewer&quot; (<code>tool:basic:read</code> and <code>artifact:read</code>) plus its own scopes (<code>tool:basic:*</code> and <code>artifact:create</code>). Note that <code>tool:basic:*</code> includes <code>tool:basic:read</code>, so there is some overlap. Agent Mesh Enterprise handles this correctly by deduplicating scopes.</p>
122
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="user-to-role-assignments-structure">User-to-Role Assignments Structure<a href="#user-to-role-assignments-structure" class="hash-link" aria-label="Direct link to User-to-Role Assignments Structure" title="Direct link to User-to-Role Assignments Structure">​</a></h3>
152
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="user-to-role-assignments-structure">User-to-Role Assignments Structure<a href="#user-to-role-assignments-structure" class="hash-link" aria-label="Direct link to User-to-Role Assignments Structure" title="Direct link to User-to-Role Assignments Structure" translate="no">​</a></h3>
123
153
  <p>The <code>user-to-role-assignments.yaml</code> file supports both global user identities and gateway-specific identities. Here is the complete structure:</p>
124
154
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token key atrule">users</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">user_identity</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;role1&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;role2&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;User description&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token comment" style="color:rgb(98, 114, 164)"># Optional: Gateway-specific user identities</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">gateway_specific_identities</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">gateway_id:user_identity</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;role1&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;role2&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;User with specific roles on this gateway&quot;</span><br></span></code></pre></div></div>
125
155
  <p>The <code>users</code> section defines global user identities that apply across all gateways. Most configurations only need this section.</p>
126
- <p>The <code>gateway_specific_identities</code> section allows you to assign different roles to the same user identity on different gateways. This feature is useful in multi-gateway deployments where you want to grant different permissions based on which gateway a user accesses. The key format is <code>gateway_id:user_identity</code>, where <code>gateway_id</code> matches the gateway ID in your enterprise configuration.</p>
127
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="enterprise-configuration-structure">Enterprise Configuration Structure<a href="#enterprise-configuration-structure" class="hash-link" aria-label="Direct link to Enterprise Configuration Structure" title="Direct link to Enterprise Configuration Structure">​</a></h3>
156
+ <p>The <code>gateway_specific_identities</code> section allows you to assign different roles to the same user identity on different gateways. This feature is useful in multi-gateway deployments where you want to grant different permissions based on which gateway a user accesses. The key format is <code>gateway_id:user_identity</code>, where <code>gateway_id</code> matches the gateway ID in your configuration. The default gateway ID is <code>_default_enterprise_gateway</code>.</p>
157
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="enterprise-configuration-structure">Enterprise Configuration Structure<a href="#enterprise-configuration-structure" class="hash-link" aria-label="Direct link to Enterprise Configuration Structure" title="Direct link to Enterprise Configuration Structure" translate="no">​</a></h3>
128
158
  <p>The enterprise configuration file supports multiple authorization service types. Here is the complete structure for the file-based RBAC system:</p>
129
159
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token key atrule">authorization_service</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">type</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;default_rbac&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">role_to_scope_definitions_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;path/to/role-to-scope-definitions.yaml&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">user_to_role_assignments_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;path/to/user-to-role-assignments.yaml&quot;</span><br></span></code></pre></div></div>
130
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="advanced-configuration-options">Advanced Configuration Options<a href="#advanced-configuration-options" class="hash-link" aria-label="Direct link to Advanced Configuration Options" title="Direct link to Advanced Configuration Options">​</a></h2>
160
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="advanced-configuration-options">Advanced Configuration Options<a href="#advanced-configuration-options" class="hash-link" aria-label="Direct link to Advanced Configuration Options" title="Direct link to Advanced Configuration Options" translate="no">​</a></h2>
131
161
  <p>After you have a basic RBAC configuration working, you might want to explore advanced options that provide additional flexibility and integration capabilities.</p>
132
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="production-ready-role-configuration">Production-Ready Role Configuration<a href="#production-ready-role-configuration" class="hash-link" aria-label="Direct link to Production-Ready Role Configuration" title="Direct link to Production-Ready Role Configuration">​</a></h3>
162
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="production-ready-role-configuration">Production-Ready Role Configuration<a href="#production-ready-role-configuration" class="hash-link" aria-label="Direct link to Production-Ready Role Configuration" title="Direct link to Production-Ready Role Configuration" translate="no">​</a></h3>
133
163
  <p>A production environment typically needs more sophisticated role definitions than the basic examples
134
164
  . Here is a comprehensive configuration that demonstrates best practices:</p>
135
165
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># role-to-scope-definitions.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">admin</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Administrator with full access&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">scopes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;*&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">operator</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;System operator&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">scopes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;tool:basic:*&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;tool:advanced:read&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;artifact:read&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;artifact:create&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;monitor/namespace/*:a2a_messages:subscribe&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">viewer</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Read-only access&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">scopes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;tool:basic:read&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;artifact:read&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">-</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;monitor/namespace/*:a2a_messages:subscribe&quot;</span><br></span></code></pre></div></div>
136
166
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># user-to-role-assignments.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">users</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">admin@company.com</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;admin&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;System Administrator&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">operator@company.com</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;operator&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;System Operator&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">viewer@company.com</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">roles</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token string" style="color:rgb(255, 121, 198)">&quot;viewer&quot;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">description</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;Read-only User&quot;</span><br></span></code></pre></div></div>
137
167
  <p>This configuration creates a clear hierarchy of access levels. The admin role has unrestricted access, the operator role can perform most operational tasks, and the viewer role provides read-only access for monitoring and auditing purposes.</p>
138
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="integrating-with-microsoft-graph">Integrating with Microsoft Graph<a href="#integrating-with-microsoft-graph" class="hash-link" aria-label="Direct link to Integrating with Microsoft Graph" title="Direct link to Integrating with Microsoft Graph">​</a></h3>
168
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="integrating-with-microsoft-graph">Integrating with Microsoft Graph<a href="#integrating-with-microsoft-graph" class="hash-link" aria-label="Direct link to Integrating with Microsoft Graph" title="Direct link to Integrating with Microsoft Graph" translate="no">​</a></h3>
139
169
  <p>For enterprise environments that use Microsoft Entra ID (formerly Azure AD) for user management, you can integrate Agent Mesh Enterprise with Microsoft Graph. This integration allows you to manage user role assignments through Microsoft Graph instead of maintaining a separate YAML file.</p>
140
170
  <p>To configure Microsoft Graph integration, modify your <code>enterprise_config.yaml</code>:</p>
141
171
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># enterprise_config.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">authorization_service</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">type</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;default_rbac&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">role_to_scope_definitions_path</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;config/auth/role-to-scope-definitions.yaml&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">user_to_role_provider</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;ms_graph&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">ms_graph_config</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">ms_graph_tenant_id</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> $</span><span class="token punctuation" style="color:rgb(248, 248, 242)">{</span><span class="token plain">MS_GRAPH_TENANT_ID</span><span class="token punctuation" style="color:rgb(248, 248, 242)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">ms_graph_client_id</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> $</span><span class="token punctuation" style="color:rgb(248, 248, 242)">{</span><span class="token plain">MS_GRAPH_CLIENT_ID</span><span class="token punctuation" style="color:rgb(248, 248, 242)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> </span><span class="token key atrule">ms_graph_client_secret</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> $</span><span class="token punctuation" style="color:rgb(248, 248, 242)">{</span><span class="token plain">MS_GRAPH_CLIENT_SECRET</span><span class="token punctuation" style="color:rgb(248, 248, 242)">}</span><br></span></code></pre></div></div>
142
172
  <p>This configuration tells Agent Mesh Enterprise to retrieve user role assignments from Microsoft Graph instead of reading them from a YAML file. The <code>${...}</code> syntax indicates that these values come from environment variables, which keeps sensitive credentials out of your configuration files.</p>
143
173
  <p>When you use Microsoft Graph integration, you still define roles in the <code>role-to-scope-definitions.yaml</code> file, but you manage user-to-role assignments through Microsoft Graph groups or attributes.</p>
144
174
  <p>Run the Docker container with the Microsoft Graph credentials:</p>
145
- <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker run -d \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> --name sam-enterprise \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -p 8000:8001 \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -v &quot;$(pwd):/app&quot; \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e MS_GRAPH_TENANT_ID=your-tenant-id \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e MS_GRAPH_CLIENT_ID=your-client-id \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e MS_GRAPH_CLIENT_SECRET=your-client-secret \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e NAMESPACE=enterprise_prod \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e WEBUI_GATEWAY_ID=enterprise_gateway \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> solace-agent-mesh-enterprise:&lt;tag&gt;</span><br></span></code></pre></div></div>
175
+ <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker run -d \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> --name sam-enterprise \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -p 8000:8001 \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -v &quot;$(pwd):/app&quot; \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e MS_GRAPH_TENANT_ID=your-tenant-id \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e MS_GRAPH_CLIENT_ID=your-client-id \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e MS_GRAPH_CLIENT_SECRET=your-client-secret \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> -e NAMESPACE=enterprise_prod \</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> solace-agent-mesh-enterprise:&lt;tag&gt;</span><br></span></code></pre></div></div>
146
176
  <p>The Microsoft Graph integration requires that you configure an application registration in Microsoft Entra ID with appropriate permissions to read user and group information. The tenant ID identifies your Microsoft Entra ID tenant, the client ID identifies your application registration, and the client secret authenticates your application.</p>
147
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="best-practices">Best Practices<a href="#best-practices" class="hash-link" aria-label="Direct link to Best Practices" title="Direct link to Best Practices">​</a></h2>
177
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="best-practices">Best Practices<a href="#best-practices" class="hash-link" aria-label="Direct link to Best Practices" title="Direct link to Best Practices" translate="no">​</a></h2>
148
178
  <p>Following best practices helps you create a secure, maintainable RBAC configuration that scales with your organization&#x27;s needs.</p>
149
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="security-recommendations">Security Recommendations<a href="#security-recommendations" class="hash-link" aria-label="Direct link to Security Recommendations" title="Direct link to Security Recommendations">​</a></h3>
179
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="security-recommendations">Security Recommendations<a href="#security-recommendations" class="hash-link" aria-label="Direct link to Security Recommendations" title="Direct link to Security Recommendations" translate="no">​</a></h3>
150
180
  <p>You should implement these security practices to protect your Agent Mesh Enterprise deployment:</p>
151
181
  <p>Apply the principle of least privilege by assigning users only the minimum permissions necessary for their tasks. Start with restrictive permissions and add more as needed, rather than starting with broad permissions and removing them later. This approach reduces the risk of unauthorized access.</p>
152
182
  <p>Conduct regular audits of your role assignments and permissions. Review who has access to what features and verify that access levels remain appropriate as job responsibilities change. Remove access for users who no longer need it.</p>
153
183
  <p>Protect your RBAC configuration files with appropriate file permissions on your host system. These files control access to your entire Agent Mesh Enterprise deployment, so you should restrict read and write access to authorized administrators only.</p>
154
184
  <p>Store sensitive information like Microsoft Graph credentials as environment variables rather than hardcoding them in configuration files. Environment variables provide better security because they do not appear in version control systems or configuration backups.</p>
155
185
  <p>Never use development configurations in production environments. Development configurations often include test accounts with elevated permissions or relaxed security settings that are inappropriate for production use.</p>
156
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="role-design-principles">Role Design Principles<a href="#role-design-principles" class="hash-link" aria-label="Direct link to Role Design Principles" title="Direct link to Role Design Principles">​</a></h3>
186
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="role-design-principles">Role Design Principles<a href="#role-design-principles" class="hash-link" aria-label="Direct link to Role Design Principles" title="Direct link to Role Design Principles" translate="no">​</a></h3>
157
187
  <p>Well-designed roles make your RBAC configuration easier to understand and maintain:</p>
158
188
  <p>Create roles that align with job functions in your organization. Each role should represent a specific type of work that users perform. This alignment makes it easier to determine which role to assign to new users.</p>
159
189
  <p>Use role inheritance to build a logical hierarchy. If one role needs all the permissions of another role plus additional permissions, use inheritance rather than duplicating scopes. This approach reduces configuration size and makes updates easier.</p>
160
190
  <p>Use clear, descriptive names for roles that indicate their purpose. Names like &quot;data_analyst&quot; or &quot;system_operator&quot; are more meaningful than generic names like &quot;role1&quot; or &quot;user_type_a&quot;.</p>
161
191
  <p>Document the purpose and scope of each role in the description field. This documentation helps other administrators understand your RBAC configuration and makes it easier to maintain over time.</p>
162
192
  <p>Minimize wildcard usage in scope definitions. While wildcards like <code>*</code> or <code>tool:*:*</code> are convenient, they grant broad permissions that might include features you did not intend to allow. Use specific scopes whenever possible, and reserve wildcards for administrator roles.</p>
163
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="docker-specific-recommendations">Docker-Specific Recommendations<a href="#docker-specific-recommendations" class="hash-link" aria-label="Direct link to Docker-Specific Recommendations" title="Direct link to Docker-Specific Recommendations">​</a></h3>
193
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="docker-specific-recommendations">Docker-Specific Recommendations<a href="#docker-specific-recommendations" class="hash-link" aria-label="Direct link to Docker-Specific Recommendations" title="Direct link to Docker-Specific Recommendations" translate="no">​</a></h3>
164
194
  <p>When you run Agent Mesh Enterprise in Docker, follow these recommendations:</p>
165
195
  <p>Use Docker volumes for persistent configuration storage. The volume mount approach shown in this guide ensures that your configuration persists even if you remove and recreate the container.</p>
166
196
  <p>Create separate configuration files for different environments (development, staging, production). This separation prevents accidental use of inappropriate configurations and makes it easier to maintain environment-specific settings.</p>
167
197
  <p>Implement health checks to verify that RBAC is functioning correctly. You can add a health check to your Docker run command that periodically tests whether the container is responding correctly.</p>
168
198
  <p>Regularly backup your RBAC configuration files. Store backups in a secure location separate from your Docker host. If you lose your configuration files, you lose control over who can access your Agent Mesh Enterprise deployment.</p>
169
199
  <p>Follow Docker security best practices such as running containers as non-root users and using read-only filesystems where possible. These practices reduce the impact of potential security vulnerabilities.</p>
170
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="troubleshooting">Troubleshooting<a href="#troubleshooting" class="hash-link" aria-label="Direct link to Troubleshooting" title="Direct link to Troubleshooting">​</a></h2>
200
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="troubleshooting">Troubleshooting<a href="#troubleshooting" class="hash-link" aria-label="Direct link to Troubleshooting" title="Direct link to Troubleshooting" translate="no">​</a></h2>
171
201
  <p>When you encounter issues with your RBAC configuration, systematic troubleshooting helps you identify and resolve problems quickly.</p>
172
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="authorization-denied-for-valid-user">Authorization Denied for Valid User<a href="#authorization-denied-for-valid-user" class="hash-link" aria-label="Direct link to Authorization Denied for Valid User" title="Direct link to Authorization Denied for Valid User">​</a></h3>
202
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="authorization-denied-for-valid-user">Authorization Denied for Valid User<a href="#authorization-denied-for-valid-user" class="hash-link" aria-label="Direct link to Authorization Denied for Valid User" title="Direct link to Authorization Denied for Valid User" translate="no">​</a></h3>
173
203
  <p>If a user cannot access features they should have permission to use, you might see authorization denied messages in the logs or user interface.</p>
174
204
  <p>To resolve this issue, first verify that the user identity matches exactly what appears in your <code>user-to-role-assignments.yaml</code> file. Agent Mesh Enterprise performs case-sensitive matching, so <code>user@example.com</code> and <code>User@example.com</code> are different identities.</p>
175
205
  <p>Next, check that the role assigned to the user has the necessary scopes. Review the <code>role-to-scope-definitions.yaml</code> file and verify that the role includes scopes for the features the user is trying to access.</p>
@@ -180,20 +210,20 @@ Navigate to your <code>sam-enterprise</code> directory and run:</p>
180
210
  <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker logs sam-enterprise</span><br></span></code></pre></div></div>
181
211
  <p>Look for messages with the <code>[ConfigurableRbacAuthSvc]</code> prefix. These messages indicate whether Agent Mesh Enterprise successfully loaded your configuration files and how it resolved roles and scopes. You should see messages like:</p>
182
212
  <div class="language-text codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">INFO:solace_ai_connector:[ConfigurableRbacAuthSvc] Successfully loaded role-to-scope definitions from: /app/config/auth/role-to-scope-definitions.yaml</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">DEBUG:solace_ai_connector:[ConfigurableRbacAuthSvc] Role &#x27;enterprise_admin&#x27; loaded with 1 direct scopes, 1 resolved scopes.</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">DEBUG:solace_ai_connector:[ConfigurableRbacAuthSvc] Role &#x27;data_analyst&#x27; loaded with 4 direct scopes, 4 resolved scopes.</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">DEBUG:solace_ai_connector:[ConfigurableRbacAuthSvc] Role &#x27;standard_user&#x27; loaded with 1 direct scopes, 1 resolved scopes.</span><br></span></code></pre></div></div>
183
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="configuration-files-not-found">Configuration Files Not Found<a href="#configuration-files-not-found" class="hash-link" aria-label="Direct link to Configuration Files Not Found" title="Direct link to Configuration Files Not Found">​</a></h3>
213
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="configuration-files-not-found">Configuration Files Not Found<a href="#configuration-files-not-found" class="hash-link" aria-label="Direct link to Configuration Files Not Found" title="Direct link to Configuration Files Not Found" translate="no">​</a></h3>
184
214
  <p>If you see error messages about missing configuration files or the system uses default authorization behavior, the container cannot find your configuration files.</p>
185
215
  <p>Check that the volume mount in your Docker run command is correct. The mount should map your host directory to <code>/app</code> in the container. Verify that you are using the correct path on your host system.</p>
186
216
  <p>Ensure that file permissions allow the container user to read the files. On Linux systems, you might need to adjust file permissions:</p>
187
217
  <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">chmod 644 sam-enterprise/config/auth/*.yaml</span><br></span></code></pre></div></div>
188
218
  <p>Check for typos in file names or paths. The file names are case-sensitive, and even small typos prevent Agent Mesh Enterprise from finding your configuration files.</p>
189
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="microsoft-graph-integration-not-working">Microsoft Graph Integration Not Working<a href="#microsoft-graph-integration-not-working" class="hash-link" aria-label="Direct link to Microsoft Graph Integration Not Working" title="Direct link to Microsoft Graph Integration Not Working">​</a></h3>
219
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="microsoft-graph-integration-not-working">Microsoft Graph Integration Not Working<a href="#microsoft-graph-integration-not-working" class="hash-link" aria-label="Direct link to Microsoft Graph Integration Not Working" title="Direct link to Microsoft Graph Integration Not Working" translate="no">​</a></h3>
190
220
  <p>If users cannot authenticate when you use Microsoft Graph integration, or you see error messages related to Microsoft Graph in the logs, several issues might be causing the problem.</p>
191
221
  <p>Verify that your Microsoft Graph credentials are correct. Double-check the tenant ID, client ID, and client secret against your Microsoft Entra ID application registration.</p>
192
222
  <p>Check that environment variables are properly set in your Docker run command. You can verify environment variables inside the container:</p>
193
223
  <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker exec -it sam-enterprise env | grep MS_GRAPH</span><br></span></code></pre></div></div>
194
224
  <p>Ensure that your Microsoft Graph application has the necessary permissions. The application needs permissions to read user and group information from Microsoft Entra ID.</p>
195
225
  <p>Check network connectivity from the container to Microsoft Graph endpoints. The container must be able to reach <code>graph.microsoft.com</code> over HTTPS. Firewall rules or network policies might block this connectivity.</p>
196
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="debugging-authorization-issues">Debugging Authorization Issues<a href="#debugging-authorization-issues" class="hash-link" aria-label="Direct link to Debugging Authorization Issues" title="Direct link to Debugging Authorization Issues">​</a></h3>
226
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="debugging-authorization-issues">Debugging Authorization Issues<a href="#debugging-authorization-issues" class="hash-link" aria-label="Direct link to Debugging Authorization Issues" title="Direct link to Debugging Authorization Issues" translate="no">​</a></h3>
197
227
  <p>When you need to investigate authorization problems in detail, follow these debugging steps:</p>
198
228
  <p>Enable debug logging by adding a log level setting to your <code>enterprise_config.yaml</code>:</p>
199
229
  <div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># Add to your enterprise_config.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">log_level</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&quot;DEBUG&quot;</span><br></span></code></pre></div></div>
@@ -205,13 +235,13 @@ Navigate to your <code>sam-enterprise</code> directory and run:</p>
205
235
  <p>Inspect the mounted configuration files inside the container to verify that they contain the expected content:</p>
206
236
  <div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker exec -it sam-enterprise cat /app/config/auth/role-to-scope-definitions.yaml</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">docker exec -it sam-enterprise cat /app/config/auth/user-to-role-assignments.yaml</span><br></span></code></pre></div></div>
207
237
  <p>This verification ensures that the files inside the container match your host files and that the volume mount is working correctly.</p>
208
- <h3 class="anchor anchorWithStickyNavbar_LWe7" id="getting-help">Getting Help<a href="#getting-help" class="hash-link" aria-label="Direct link to Getting Help" title="Direct link to Getting Help">​</a></h3>
238
+ <h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="getting-help">Getting Help<a href="#getting-help" class="hash-link" aria-label="Direct link to Getting Help" title="Direct link to Getting Help" translate="no">​</a></h3>
209
239
  <p>If you continue to experience issues after following these troubleshooting steps, you can get additional help:</p>
210
240
  <p>Check the Agent Mesh Enterprise documentation for updates or additional information about RBAC configuration.</p>
211
241
  <p>Review the container logs for specific error messages. Error messages often include details about what went wrong and how to fix it.</p>
212
242
  <p>Contact Solace support with details of your configuration and the issues you are experiencing. Include relevant log excerpts and describe the steps you have already taken to troubleshoot the problem.</p>
213
- <h2 class="anchor anchorWithStickyNavbar_LWe7" id="conclusion">Conclusion<a href="#conclusion" class="hash-link" aria-label="Direct link to Conclusion" title="Direct link to Conclusion">​</a></h2>
243
+ <h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="conclusion">Conclusion<a href="#conclusion" class="hash-link" aria-label="Direct link to Conclusion" title="Direct link to Conclusion" translate="no">​</a></h2>
214
244
  <p>Setting up Role-Based Access Control in your Agent Mesh Enterprise Docker installation provides enhanced security and granular access control. This guide has walked you through understanding RBAC concepts, planning your configuration, creating configuration files, and troubleshooting common issues.</p>
215
- <p>You now have the knowledge to configure RBAC to meet your organization&#x27;s specific requirements while maintaining a secure and manageable environment. Remember to regularly review and update your RBAC configuration as your organization&#x27;s needs evolve, and always follow security best practices when managing access control.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/enterprise/rbac-setup-guide.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/solace-agent-mesh/docs/documentation/enterprise/connectors/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Connectors</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/solace-agent-mesh/docs/documentation/enterprise/single-sign-on"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Enabling SSO</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#table-of-contents" class="table-of-contents__link toc-highlight">Table of Contents</a></li><li><a href="#understanding-rbac-in-agent-mesh-enterprise" class="table-of-contents__link toc-highlight">Understanding RBAC in Agent Mesh Enterprise</a><ul><li><a href="#the-three-components" class="table-of-contents__link toc-highlight">The Three Components</a></li><li><a href="#how-authorization-works" class="table-of-contents__link toc-highlight">How Authorization Works</a></li></ul></li><li><a href="#planning-your-rbac-configuration" class="table-of-contents__link toc-highlight">Planning Your RBAC Configuration</a><ul><li><a href="#identifying-user-types" class="table-of-contents__link toc-highlight">Identifying User Types</a></li><li><a href="#designing-roles" class="table-of-contents__link toc-highlight">Designing Roles</a></li><li><a href="#mapping-scopes-to-features" class="table-of-contents__link toc-highlight">Mapping Scopes to Features</a></li></ul></li><li><a href="#setting-up-rbac-in-docker" class="table-of-contents__link toc-highlight">Setting Up RBAC in Docker</a><ul><li><a href="#prerequisites" class="table-of-contents__link toc-highlight">Prerequisites</a></li><li><a href="#creating-the-configuration-directory-structure" class="table-of-contents__link toc-highlight">Creating the Configuration Directory Structure</a></li><li><a href="#defining-roles-and-permissions" class="table-of-contents__link toc-highlight">Defining Roles and Permissions</a></li><li><a href="#assigning-users-to-roles" class="table-of-contents__link toc-highlight">Assigning Users to Roles</a></li><li><a href="#creating-the-enterprise-configuration" class="table-of-contents__link toc-highlight">Creating the Enterprise Configuration</a></li><li><a href="#running-the-docker-container" class="table-of-contents__link toc-highlight">Running the Docker Container</a></li><li><a href="#verifying-your-configuration" class="table-of-contents__link toc-highlight">Verifying Your Configuration</a></li></ul></li><li><a href="#understanding-configuration-files" class="table-of-contents__link toc-highlight">Understanding Configuration Files</a><ul><li><a href="#role-to-scope-definitions-structure" class="table-of-contents__link toc-highlight">Role-to-Scope Definitions Structure</a></li><li><a href="#user-to-role-assignments-structure" class="table-of-contents__link toc-highlight">User-to-Role Assignments Structure</a></li><li><a href="#enterprise-configuration-structure" class="table-of-contents__link toc-highlight">Enterprise Configuration Structure</a></li></ul></li><li><a href="#advanced-configuration-options" class="table-of-contents__link toc-highlight">Advanced Configuration Options</a><ul><li><a href="#production-ready-role-configuration" class="table-of-contents__link toc-highlight">Production-Ready Role Configuration</a></li><li><a href="#integrating-with-microsoft-graph" class="table-of-contents__link toc-highlight">Integrating with Microsoft Graph</a></li></ul></li><li><a href="#best-practices" class="table-of-contents__link toc-highlight">Best Practices</a><ul><li><a href="#security-recommendations" class="table-of-contents__link toc-highlight">Security Recommendations</a></li><li><a href="#role-design-principles" class="table-of-contents__link toc-highlight">Role Design Principles</a></li><li><a href="#docker-specific-recommendations" class="table-of-contents__link toc-highlight">Docker-Specific Recommendations</a></li></ul></li><li><a href="#troubleshooting" class="table-of-contents__link toc-highlight">Troubleshooting</a><ul><li><a href="#authorization-denied-for-valid-user" class="table-of-contents__link toc-highlight">Authorization Denied for Valid User</a></li><li><a href="#configuration-files-not-found" class="table-of-contents__link toc-highlight">Configuration Files Not Found</a></li><li><a href="#microsoft-graph-integration-not-working" class="table-of-contents__link toc-highlight">Microsoft Graph Integration Not Working</a></li><li><a href="#debugging-authorization-issues" class="table-of-contents__link toc-highlight">Debugging Authorization Issues</a></li><li><a href="#getting-help" class="table-of-contents__link toc-highlight">Getting Help</a></li></ul></li><li><a href="#conclusion" class="table-of-contents__link toc-highlight">Conclusion</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Solace Agent Mesh</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/solace-agent-mesh/docs/documentation/getting-started">Documentation</a></li><li class="footer__item"><a href="https://github.com/SolaceLabs/solace-agent-mesh/" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://github.com/SolaceLabs/solace-agent-mesh-core-plugins/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Official Plugins<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Company</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://solace.com/products/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Products<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://solace.com/contact/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Contact<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://solace.com/support/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Support<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://solace.com/legal/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy and Legal<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.linkedin.com/company/solacedotcom/" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://github.com/SolaceLabs" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/SolaceSystems" target="_blank" rel="noopener noreferrer" class="footer__link-item">YouTube<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://twitter.com/solacedotcom" target="_blank" rel="noopener noreferrer" class="footer__link-item">X<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><img src="/solace-agent-mesh/img/solace-logo.png" alt="Solace Logo" class="footer__logo themedComponent_mlkZ themedComponent--light_NVdE" width="10%" height="10%"><img src="/solace-agent-mesh/img/solace-logo.png" alt="Solace Logo" class="footer__logo themedComponent_mlkZ themedComponent--dark_xIcU" width="10%" height="10%"></div><div class="footer__copyright">Solace Agent Mesh. Copyright © 2025 Solace. Version: 1.7.1</div></div></div></footer></div>
245
+ <p>You now have the knowledge to configure RBAC to meet your organization&#x27;s specific requirements while maintaining a secure and manageable environment. Remember to regularly review and update your RBAC configuration as your organization&#x27;s needs evolve, and always follow security best practices when managing access control.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col noPrint_WFHX"><a href="https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/enterprise/rbac-setup-guide.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/solace-agent-mesh/docs/documentation/enterprise/connectors/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Connectors</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/solace-agent-mesh/docs/documentation/enterprise/single-sign-on"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Enabling SSO</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#table-of-contents" class="table-of-contents__link toc-highlight">Table of Contents</a></li><li><a href="#understanding-rbac-in-agent-mesh-enterprise" class="table-of-contents__link toc-highlight">Understanding RBAC in Agent Mesh Enterprise</a><ul><li><a href="#authorization-types" class="table-of-contents__link toc-highlight">Authorization Types</a></li><li><a href="#the-three-components" class="table-of-contents__link toc-highlight">The Three Components</a></li><li><a href="#how-authorization-works" class="table-of-contents__link toc-highlight">How Authorization Works</a></li></ul></li><li><a href="#planning-your-rbac-configuration" class="table-of-contents__link toc-highlight">Planning Your RBAC Configuration</a><ul><li><a href="#identifying-user-types" class="table-of-contents__link toc-highlight">Identifying User Types</a></li><li><a href="#designing-roles" class="table-of-contents__link toc-highlight">Designing Roles</a></li><li><a href="#mapping-scopes-to-features" class="table-of-contents__link toc-highlight">Mapping Scopes to Features</a></li></ul></li><li><a href="#setting-up-rbac-in-docker" class="table-of-contents__link toc-highlight">Setting Up RBAC in Docker</a><ul><li><a href="#prerequisites" class="table-of-contents__link toc-highlight">Prerequisites</a></li><li><a href="#creating-the-configuration-directory-structure" class="table-of-contents__link toc-highlight">Creating the Configuration Directory Structure</a></li><li><a href="#defining-roles-and-permissions" class="table-of-contents__link toc-highlight">Defining Roles and Permissions</a></li><li><a href="#assigning-users-to-roles" class="table-of-contents__link toc-highlight">Assigning Users to Roles</a></li><li><a href="#creating-the-enterprise-configuration" class="table-of-contents__link toc-highlight">Creating the Enterprise Configuration</a></li><li><a href="#running-the-docker-container" class="table-of-contents__link toc-highlight">Running the Docker Container</a></li><li><a href="#verifying-your-configuration" class="table-of-contents__link toc-highlight">Verifying Your Configuration</a></li></ul></li><li><a href="#understanding-configuration-files" class="table-of-contents__link toc-highlight">Understanding Configuration Files</a><ul><li><a href="#role-to-scope-definitions-structure" class="table-of-contents__link toc-highlight">Role-to-Scope Definitions Structure</a></li><li><a href="#user-to-role-assignments-structure" class="table-of-contents__link toc-highlight">User-to-Role Assignments Structure</a></li><li><a href="#enterprise-configuration-structure" class="table-of-contents__link toc-highlight">Enterprise Configuration Structure</a></li></ul></li><li><a href="#advanced-configuration-options" class="table-of-contents__link toc-highlight">Advanced Configuration Options</a><ul><li><a href="#production-ready-role-configuration" class="table-of-contents__link toc-highlight">Production-Ready Role Configuration</a></li><li><a href="#integrating-with-microsoft-graph" class="table-of-contents__link toc-highlight">Integrating with Microsoft Graph</a></li></ul></li><li><a href="#best-practices" class="table-of-contents__link toc-highlight">Best Practices</a><ul><li><a href="#security-recommendations" class="table-of-contents__link toc-highlight">Security Recommendations</a></li><li><a href="#role-design-principles" class="table-of-contents__link toc-highlight">Role Design Principles</a></li><li><a href="#docker-specific-recommendations" class="table-of-contents__link toc-highlight">Docker-Specific Recommendations</a></li></ul></li><li><a href="#troubleshooting" class="table-of-contents__link toc-highlight">Troubleshooting</a><ul><li><a href="#authorization-denied-for-valid-user" class="table-of-contents__link toc-highlight">Authorization Denied for Valid User</a></li><li><a href="#configuration-files-not-found" class="table-of-contents__link toc-highlight">Configuration Files Not Found</a></li><li><a href="#microsoft-graph-integration-not-working" class="table-of-contents__link toc-highlight">Microsoft Graph Integration Not Working</a></li><li><a href="#debugging-authorization-issues" class="table-of-contents__link toc-highlight">Debugging Authorization Issues</a></li><li><a href="#getting-help" class="table-of-contents__link toc-highlight">Getting Help</a></li></ul></li><li><a href="#conclusion" class="table-of-contents__link toc-highlight">Conclusion</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Solace Agent Mesh</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/solace-agent-mesh/docs/documentation/getting-started">Documentation</a></li><li class="footer__item"><a href="https://github.com/SolaceLabs/solace-agent-mesh/" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://github.com/SolaceLabs/solace-agent-mesh-core-plugins/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Official Plugins<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Company</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://solace.com/products/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Products<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://solace.com/contact/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Contact<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://solace.com/support/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Support<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://solace.com/legal/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy and Legal<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.linkedin.com/company/solacedotcom/" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://github.com/SolaceLabs" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/SolaceSystems" target="_blank" rel="noopener noreferrer" class="footer__link-item">YouTube<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://twitter.com/solacedotcom" target="_blank" rel="noopener noreferrer" class="footer__link-item">X<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><img src="/solace-agent-mesh/img/solace-logo.png" alt="Solace Logo" class="footer__logo themedComponent_mlkZ themedComponent--light_NVdE" width="10%" height="10%"><img src="/solace-agent-mesh/img/solace-logo.png" alt="Solace Logo" class="footer__logo themedComponent_mlkZ themedComponent--dark_xIcU" width="10%" height="10%"></div><div class="footer__copyright">Solace Agent Mesh. Copyright © 2026 Solace. Version: 1.13.2</div></div></div></footer></div>
216
246
  </body>
217
247
  </html>