Collaborate with other authors and editors
Collaborate with other authors and editors using Azure role-based access control (Azure RBAC) placed on your QnA Maker resource.
Note
The QnA Maker service is being retired on the 31st of March, 2025. A newer version of the question and answering capability is now available as part of Azure AI Language. For question answering capabilities within the Language Service, see question answering. Starting 1st October, 2022 you won’t be able to create new QnA Maker resources. For information on migrating existing QnA Maker knowledge bases to question answering, consult the migration guide.
Access is provided on the QnA Maker resource
All permissions are controlled by the permissions placed on the QnA Maker resource. These permissions align to read, write, publish, and full access. You can allow collaboration among multiple users by updating RBAC access for QnA Maker resource.
This Azure RBAC feature includes:
- Microsoft Entra ID is 100% backward compatible with key-based authentication for owners and contributors. Customers can use either key-based authentication or Azure RBAC-based authentication in their requests.
- Quickly add authors and editors to all knowledge bases in the resource because control is at the resource level, not at the knowledge base level.
Note
Make sure to add a custom subdomain for the resource. Custom Subdomain should be present by default, but if not, please add it
Access is provided by a defined role
The following roles are provided for collaboration:
| Role | Functionalities | API Access | API permissions |
|---|---|---|---|
| Owner | All | Authentication Key | All |
| Cognitive Services Contributor | All except ability to add new members to roles | Authentication Key | All except ability to add new members to roles |
| Cognitive Services QnA Maker Reader (read) |
Export/Download Test |
Bearer token | 1. Download KB API 2. List KBs for user API 3. Get Knowledge base details 4. Download Alterations Generate Answer |
| Cognitive Services QnA Maker Editor (read/write) |
Export/Download Test Update KB Export KB Import KB Replace KB Create KB |
Bearer token | 1. Create KB API 2. Update KB API 3. Replace KB API 4. Replace Alterations 5. "Train API" [in new service model v5] |
| Cognitive Services User (read/write/publish) |
All | Authentication Key | All access to Azure AI services resource except for ability to: 1. Add new members to roles. 2. Create new resources. |
Authentication flow
The following diagram shows the flow, from the author's perspective, for signing into the QnA Maker portal and using the authoring APIs.
| Steps | Description |
|---|---|
| 1 | Portal Acquires token for QnA Maker resource. |
| 2 | Portal Calls the appropriate QnA Maker authoring API (APIM) passing the token instead of keys. |
| 3 | QnA Maker API validates the token. |
| 4 | QnA Maker API calls QnAMaker Service. |
If you intend to call the authoring APIs, learn more about how to set up authentication.
Authenticate by QnA Maker portal
If you author and collaborate using the QnA Maker portal, after you add the appropriate role to the resource for a collaborator, the QnA Maker portal manages all the access permissions.
Authenticate by QnA Maker APIs and SDKs
If you author and collaborate using the APIs, either through REST or the SDKs, you need to create a service principal to manage the authentication.
Next step
- Design a knowledge base for languages and for client applications