BotIntelli — SoD Policies User Guide
This guide explains SoD (Segregation of Duties) Policies: what they are, how to create a policy by selecting conflicting permissions, and how to view and fix violations.
What Are SoD Policies?
SoD Policies define conflicts between permissions—e.g. the same person should not have both “approve payment” and “create payment.” You create policies by choosing two (or more) permission groups or permissions that must be segregated. The system can then detect violations (members who have both) and you can resolve them (e.g. remove one role or permission).
Where to Find It
- Sidebar: Security & Compliance → SoD Policies.
- URL:
https://app.botintelli.com/dashboard?view=rbac-policiesorhttps://app.botintelli.com/settings/policies.
Complete User Journey
Step 1: View Policies List
- You see a list of SoD policies. Each may show name, description, the conflicting permissions (e.g. “Permission A ↔ Permission B”), and status (active, etc.).
Step 2: Create a New Policy
- Click Create (or “New SoD policy”).
- Form:
- Name — Short name (e.g. “Payment approval vs creation”).
- Description — Optional explanation.
- First permission (or group) — Select from a permission catalog (e.g. tenant.manage, user.invite, workflow.delete). The app may group by category (Tenant, Users, Roles, Workflows, Bots, Pipelines, etc.).
- Second permission (or group) — Select another permission that must not be held together with the first.
- Save. The policy is active and the system can report violations.
Step 3: View Violations (When Available)
- In Compliance or in the policy detail you may see violations: members who have both permissions. For each, you can resolve by changing the member’s role or removing one of the permissions so the conflict is removed.
Step 4: Edit or Delete a Policy
- Edit — Change name, description, or the permission pair; save.
- Delete — Remove the policy so that conflict is no longer enforced.
Permission Catalog (Examples)
Policies are built from a permission catalog. Typical groups include:
- Tenant / Organization — tenant.view, tenant.manage, tenant.billing, tenant.delete
- Users / Members — user.view, user.invite, user.manage, user.remove, user.suspend
- Roles — role.view, role.manage
- Workflows — workflow.view, workflow.create, workflow.edit, workflow.delete, workflow.execute
- Templates — template.view, template.create, template.edit, template.delete, template.share
- Bots & Knowledge Base — bot.view, bot.create, bot.edit, bot.delete, bot.train, kb.view, kb.manage
- Pipelines — pipeline.view, pipeline.create, pipeline.edit, pipeline.delete, pipeline.execute
- Analytics / Security / Compliance — analytics, audit, etc. (as in your app)
You pick two (or more, if the UI supports it) that must be segregated.
Input Fields (Create Policy)
| Field | What to do |
|---|---|
| Name | Short policy name. |
| Description | Optional. |
| First permission | Select from catalog (conflicting side A). |
| Second permission | Select from catalog (conflicting side B). |
Quick Reference
| Goal | Action |
|---|---|
| Create SoD policy | Create → name, description, pick two permissions → save. |
| See violations | Open Compliance or policy detail; resolve by changing roles/permissions. |
| Remove policy | Edit policy → Delete (or use delete action). |
For compliance metrics and dashboard, see Compliance. For audit trail of changes, see Audit Logs.