This project demonstrates a chatbot application that enforces document access control using Oso Cloud authorization. The chatbot allows users to query documents while respecting their access permissions based on their role and department.
- Role-based access control (Manager, Member)
- Department-based document access
- Document similarity search using embeddings
- Interactive chat interface
- Public document access
- Python 3.12.X
- PostgreSQL database with pgvector extension
- Oso Cloud account
- OpenAI API key
-
Clone this repository
-
Install dependencies:
pip install -r requirements.txt
-
Set up environment variables in
.env:DATABASE_URL=postgresql://user:pass@host:5432/dbname OSO_URL=https://cloud.osohq.com OSO_API_KEY=your_api_key # make sure you use an environment without an active policy OPENAI_API_KEY=your_openai_key -
Initialize the database:
python main.py
Run the chatbot:
python main.pyThe chatbot will display a list of available users and their roles. Select a user by entering their name.
You can then:
- Enter prompts to query documents the user has access to
- Type "set_user" to switch to a different user
- Type "exit" to quit
- Managers can read all documents in their department
- Members can only read documents they created
- All users can read public documents
Example users:
- Jane (Engineering Manager)
- Jerry (Engineering Member)
- George (HR Manager)
- Karen (HR Member)
Try these queries with different users to see how access control works:
- "What project is Jerry working on?"
- "Are Jerry and Karen dating?"
- "When is George's birthday?" (Public document)
- "How old is Karen?"
The responses will vary based on the user's permissions.