diff --git a/doc/docs/en/quick-start/installation.md b/doc/docs/en/quick-start/installation.md index c7115a3cd..662eb7c3d 100644 --- a/doc/docs/en/quick-start/installation.md +++ b/doc/docs/en/quick-start/installation.md @@ -44,6 +44,8 @@ After executing this command, the system will provide two different versions for - **Terminal Tool**: Enables openssh-server for AI agent shell command execution - **Regional optimization**: Mainland China users can use optimized image sources +>⚠️ **Important Note**: When deploying v1.8.0 or later for the first time, please pay special attention to the `suadmin` super administrator account information output in the Docker logs. This account has the highest system privileges, and the password is only displayed upon first generation. It cannot be viewed again later, so please be sure to save it securely. + ### 3. Access Your Installation When deployment completes successfully: diff --git a/doc/docs/en/user-guide/agent-market.md b/doc/docs/en/user-guide/agent-market.md index 6fdd8cf84..1106f3db6 100644 --- a/doc/docs/en/user-guide/agent-market.md +++ b/doc/docs/en/user-guide/agent-market.md @@ -38,12 +38,16 @@ Select your preferred agent, download with one click, and add it to your agent s ![Agent Market Download](./assets/agent-market/agent-market-download.png) -### 2️⃣ Configure Fields +### 2️⃣ Configure Local Tools -🔑 Fill in tool permissions as prompted +🔑 Fill in local tool permissions as prompted ![Agent Market Download 2](./assets/agent-market/agent-market-download2.png) +### 3️⃣ Configure External MCP Tools + +🔑 Fill in MCP tool permissions as prompted + After installation, your agent will be ready in **[Agent Space](./agent-space)** ## 📢 Share Your Creations diff --git a/doc/docs/en/user-guide/assets/agent-development/duplicated_import.png b/doc/docs/en/user-guide/assets/agent-development/duplicated_import.png index 3d7e0e6bc..164e4f228 100644 Binary files a/doc/docs/en/user-guide/assets/agent-development/duplicated_import.png and b/doc/docs/en/user-guide/assets/agent-development/duplicated_import.png differ diff --git a/doc/docs/en/user-guide/assets/agent-development/generate-agent.png b/doc/docs/en/user-guide/assets/agent-development/generate-agent.png index 876c42e18..ca9b061ab 100644 Binary files a/doc/docs/en/user-guide/assets/agent-development/generate-agent.png and b/doc/docs/en/user-guide/assets/agent-development/generate-agent.png differ diff --git a/doc/docs/en/user-guide/assets/agent-development/version_management_1.png b/doc/docs/en/user-guide/assets/agent-development/version_management_1.png new file mode 100644 index 000000000..08d182c27 Binary files /dev/null and b/doc/docs/en/user-guide/assets/agent-development/version_management_1.png differ diff --git a/doc/docs/en/user-guide/assets/agent-development/version_management_2.png b/doc/docs/en/user-guide/assets/agent-development/version_management_2.png new file mode 100644 index 000000000..bdf3b5bb0 Binary files /dev/null and b/doc/docs/en/user-guide/assets/agent-development/version_management_2.png differ diff --git a/doc/docs/en/user-guide/assets/agent-market/agent-market-download.png b/doc/docs/en/user-guide/assets/agent-market/agent-market-download.png index 2f258676d..1b7b8c9c1 100644 Binary files a/doc/docs/en/user-guide/assets/agent-market/agent-market-download.png and b/doc/docs/en/user-guide/assets/agent-market/agent-market-download.png differ diff --git a/doc/docs/en/user-guide/assets/agent-market/agent-market-download2.png b/doc/docs/en/user-guide/assets/agent-market/agent-market-download2.png index 4bf6d9491..e1108bc32 100644 Binary files a/doc/docs/en/user-guide/assets/agent-market/agent-market-download2.png and b/doc/docs/en/user-guide/assets/agent-market/agent-market-download2.png differ diff --git a/doc/docs/en/user-guide/assets/agent-market/agent-market-download3.png b/doc/docs/en/user-guide/assets/agent-market/agent-market-download3.png new file mode 100644 index 000000000..164e4f228 Binary files /dev/null and b/doc/docs/en/user-guide/assets/agent-market/agent-market-download3.png differ diff --git a/doc/docs/en/user-guide/assets/agent-market/agent-market.png b/doc/docs/en/user-guide/assets/agent-market/agent-market.png index d8e71e014..8d5be8a55 100644 Binary files a/doc/docs/en/user-guide/assets/agent-market/agent-market.png and b/doc/docs/en/user-guide/assets/agent-market/agent-market.png differ diff --git a/doc/docs/en/user-guide/assets/agent-space/agent-space.png b/doc/docs/en/user-guide/assets/agent-space/agent-space.png index b43f00d21..fb16212d2 100644 Binary files a/doc/docs/en/user-guide/assets/agent-space/agent-space.png and b/doc/docs/en/user-guide/assets/agent-space/agent-space.png differ diff --git a/doc/docs/en/user-guide/assets/home-page/homepage.png b/doc/docs/en/user-guide/assets/home-page/homepage.png index cb00c9561..1e8292dcb 100644 Binary files a/doc/docs/en/user-guide/assets/home-page/homepage.png and b/doc/docs/en/user-guide/assets/home-page/homepage.png differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/create-knowledge-base.png b/doc/docs/en/user-guide/assets/knowledge-base/create-knowledge-base.png index 96f913735..10ba70189 100644 Binary files a/doc/docs/en/user-guide/assets/knowledge-base/create-knowledge-base.png and b/doc/docs/en/user-guide/assets/knowledge-base/create-knowledge-base.png differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/delete-knowledge-base.png b/doc/docs/en/user-guide/assets/knowledge-base/delete-knowledge-base.png deleted file mode 100644 index 4785b2e89..000000000 Binary files a/doc/docs/en/user-guide/assets/knowledge-base/delete-knowledge-base.png and /dev/null differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-file-list.png b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-file-list.png deleted file mode 100644 index a4673369e..000000000 Binary files a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-file-list.png and /dev/null differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-permission.png b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-permission.png new file mode 100644 index 000000000..49d14cbbd Binary files /dev/null and b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-permission.png differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-summary.png b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-summary.png deleted file mode 100644 index 92452a335..000000000 Binary files a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-base-summary.png and /dev/null differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-tool.png b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-tool.png new file mode 100644 index 000000000..8505804ea Binary files /dev/null and b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-tool.png differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/knowledge-tool2.png b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-tool2.png new file mode 100644 index 000000000..20350a1c0 Binary files /dev/null and b/doc/docs/en/user-guide/assets/knowledge-base/knowledge-tool2.png differ diff --git a/doc/docs/en/user-guide/assets/knowledge-base/summary-knowledge-base.png b/doc/docs/en/user-guide/assets/knowledge-base/summary-knowledge-base.png index 1064785a5..a4f206d67 100644 Binary files a/doc/docs/en/user-guide/assets/knowledge-base/summary-knowledge-base.png and b/doc/docs/en/user-guide/assets/knowledge-base/summary-knowledge-base.png differ diff --git a/doc/docs/en/user-guide/assets/user-management/agent-permission.png b/doc/docs/en/user-guide/assets/user-management/agent-permission.png new file mode 100644 index 000000000..e3d3b7ae0 Binary files /dev/null and b/doc/docs/en/user-guide/assets/user-management/agent-permission.png differ diff --git a/doc/docs/en/user-guide/assets/user-management/invite-code-1.png b/doc/docs/en/user-guide/assets/user-management/invite-code-1.png new file mode 100644 index 000000000..667b4f62b Binary files /dev/null and b/doc/docs/en/user-guide/assets/user-management/invite-code-1.png differ diff --git a/doc/docs/en/user-guide/assets/user-management/invite-code-2.png b/doc/docs/en/user-guide/assets/user-management/invite-code-2.png new file mode 100644 index 000000000..728d42d3a Binary files /dev/null and b/doc/docs/en/user-guide/assets/user-management/invite-code-2.png differ diff --git a/doc/docs/en/user-guide/assets/user-management/kb-permission-1.png b/doc/docs/en/user-guide/assets/user-management/kb-permission-1.png new file mode 100644 index 000000000..1894e6be1 Binary files /dev/null and b/doc/docs/en/user-guide/assets/user-management/kb-permission-1.png differ diff --git a/doc/docs/en/user-guide/assets/user-management/kb-permission-2.png b/doc/docs/en/user-guide/assets/user-management/kb-permission-2.png new file mode 100644 index 000000000..3807c0f51 Binary files /dev/null and b/doc/docs/en/user-guide/assets/user-management/kb-permission-2.png differ diff --git a/doc/docs/en/user-guide/assets/user-management/tenant-usergroup.png b/doc/docs/en/user-guide/assets/user-management/tenant-usergroup.png new file mode 100644 index 000000000..7fdedd630 Binary files /dev/null and b/doc/docs/en/user-guide/assets/user-management/tenant-usergroup.png differ diff --git a/doc/docs/en/user-guide/home-page.md b/doc/docs/en/user-guide/home-page.md index 61d457b18..9433594f3 100644 --- a/doc/docs/en/user-guide/home-page.md +++ b/doc/docs/en/user-guide/home-page.md @@ -20,7 +20,7 @@ The Nexent homepage highlights the core entry points of the platform: ### Left navigation -The left sidebar exposes every major module: +Taking the administrator account as an example, the left sidebar exposes every major module: - **Home Page** – Return to the homepage. - **Start Chat** – Open the chat interface. diff --git a/doc/docs/en/user-guide/knowledge-base.md b/doc/docs/en/user-guide/knowledge-base.md index 5885f2b03..e5e5714ff 100644 --- a/doc/docs/en/user-guide/knowledge-base.md +++ b/doc/docs/en/user-guide/knowledge-base.md @@ -44,6 +44,14 @@ Give every knowledge base a clear summary so agents can pick the right source du ![Content Summary](./assets/knowledge-base/summary-knowledge-base.png) +## 🔧 Using Knowledge Bases + +Nexent supports binding knowledge bases to agents individually. When creating an agent, **enable the knowledge_base_search tool** and select the associated knowledge base. + +Tool 1 + +![Tool 2](./assets/knowledge-base/knowledge-tool2.png) + ## 🔍 Knowledge Base Management ### View Knowledge Bases @@ -55,19 +63,12 @@ Give every knowledge base a clear summary so agents can pick the right source du - Click a knowledge base to see all documents - Click **Details** to view or edit the summary -
- - -
- ### Edit Knowledge Bases 1. **Delete Knowledge Base** - Click **Delete** to the right of the knowledge base row - Confirm the deletion (irreversible) -![Delete Knowledge Base](./assets/knowledge-base/delete-knowledge-base.png) - 2. **Delete or Add Files** - Inside the file list, click **Delete** to remove a document - Use the upload area under the list to add new files diff --git a/doc/docs/en/user-guide/quick-setup.md b/doc/docs/en/user-guide/quick-setup.md index bdf403cf9..9e251e20d 100644 --- a/doc/docs/en/user-guide/quick-setup.md +++ b/doc/docs/en/user-guide/quick-setup.md @@ -33,6 +33,11 @@ Create and configure agents: - **Configure capabilities:** Add collaborative agents and tools. - **Describe logic:** Tell Nexent how the agent should work. +Publish agent: + +- **Publish agent:** Published agents will be visible to selected user groups and listed in Agent Space and the Start Chat selection box. +- **Version management:** Track iteration history of agents, support viewing, rolling back to historical versions, and creating new versions. + Learn more: [Agent Development](./agent-development) ## 🎯 Tips diff --git a/doc/docs/en/user-guide/user-management.md b/doc/docs/en/user-guide/user-management.md index 2f03650cc..0d4b4f81a 100644 --- a/doc/docs/en/user-guide/user-management.md +++ b/doc/docs/en/user-guide/user-management.md @@ -1,37 +1,329 @@ # User Management -User Management is an upcoming Nexent module that will add full user and permission controls. +This page provides a detailed explanation of the Nexent platform's user role system, data visibility scope, operation permissions for various resources, and practical examples of permission configuration. -## 🎯 Coming Features +⚠️ **Important Note**: When deploying v1.8.0 or later for the first time, please pay special attention to the `suadmin` super administrator account information output in the Docker logs. This account has the highest system privileges, and the password is only displayed upon first generation. It cannot be viewed again later, so please be sure to save it securely. -User Management will include: +## 📋 Page Navigation -- **User directory** – View and manage every platform user. -- **Permission controls** – Assign features and resource access per user. -- **Role management** – Create role bundles and apply them quickly. -- **Usage insights** – Monitor activity and adoption metrics. +- [I. Role System](#i-role-system) - Definitions and responsibilities of four core roles +- [II. Tab Access Permissions](#ii-tab-access-permissions) - System pages accessible to each role +- [III. Resource Permission Comparison](#iii-resource-permission-comparison) - Detailed operation permissions for various resources +- [IV. Permission Configuration](#iv-permission-configuration) - Permission management for agents and knowledge bases +- [V. Invitation Code Mechanism](#v-invitation-code-mechanism) - User registration and invitation process +- [VI. Practical Examples](#vi-practical-examples) - Recommendations for permission configuration -## ⏳ Stay Tuned +## I. Role System -We are building a flexible user-management system so you can: +Nexent adopts a Role-Based Access Control (RBAC) model, dividing user scope through the concepts of tenants and user groups: -- Apply fine-grained permission policies. -- Configure roles that match your organization. -- Understand how users collaborate with agents. +### 1.1 What is a Tenant? -## 📢 Follow Updates +- A **Tenant** is the top-level resource isolation unit in the Nexent platform, which can be understood as an independent workspace or organizational unit -Want to know when User Management ships? +- Data between different tenants is completely isolated and invisible to each other. Each tenant can independently create agents, knowledge bases, models, MCPs, etc. -- Join our [Discord community](https://discord.gg/tb5H3S3wyv) for announcements. -- Follow project updates in the repository. +- Only the Super Administrator can manage permissions across tenants and invite tenant administrators -## 🚀 Related Features +### 1.2 What is a User Group? -While waiting for User Management you can: +- A **User Group** is a collection of users within a tenant. User management and permission control can be achieved through user group division +- A user can belong to multiple user groups +- The visibility of resources such as knowledge bases and agents within a tenant is controlled through user groups -1. Manage agents in **[Agent Space](./agent-space)**. -2. Configure models in **[Model Management](./model-management)**. -3. Chat with agents via **[Start Chat](./start-chat)**. +![Tenant and User Group Relationship](./assets/user-management/tenant-usergroup.png) -Need help? Check the **[FAQ](../quick-start/faq)** or open a thread in [GitHub Discussions](https://github.com/ModelEngine-Group/nexent/discussions). \ No newline at end of file +### 1.3 User Roles + +Includes the following four core roles: + +| Role | Responsibility Description | Applicable Scenarios | Role Notes | +| ---- | -------------------------- | -------------------- | ---------- | +| **Super Administrator** | Can create **different tenants** and manage all tenant resources | Platform operation and maintenance personnel | There is only one Super Administrator in the Nexent system. Account credentials are generated during local deployment. Please keep them safe as they cannot be retrieved after logs are cleared | +| **Administrator** | Responsible for **intra-tenant** resource management and permission allocation | Department managers, tenant leaders | A tenant can have multiple administrators, who can only be invited by the Super Administrator | +| **Developer** | Can create and edit agents, knowledge bases, and other resources, but has no management permissions | Developers, product managers | A tenant can have multiple developers who can belong to multiple user groups within the tenant, invited by administrators and the Super Administrator | +| **Regular User** | Can only use platform features without creation and editing permissions | Employees, business personnel | A tenant can have multiple regular users who can belong to multiple user groups within the tenant, invited by administrators and the Super Administrator | + +#### 1.3.1 Super Administrator + +The Super Administrator is responsible for the overall operation and maintenance of the platform. They can create tenants and participate in user permission management within each tenant, but cannot use agents. + +- ✅ Can manage personnel and permissions for all tenants +- ✅ Can view platform-wide monitoring and operation data +- ❌ Cannot directly view specific business data (such as agent conversation content, knowledge base documents, etc.) +- ❌ Cannot create and use agents, knowledge bases, etc. + +#### 1.3.2 Administrator + +The Administrator is the highest permission role within a tenant, responsible for resource management and user management within the tenant, with full platform functionality. + +- ✅ Can manage all users and user groups within the tenant +- ✅ Can view and edit all agents, knowledge bases, and MCPs within the tenant +- ❌ Cannot access data from other tenants + +#### 1.3.3 Developer + +The Developer is a technical role within a tenant, responsible for creating and optimizing technical resources such as agents and knowledge bases. + +- ✅ Can create agents and knowledge bases and set permissions +- ⚠️ For resources created by others, authorization is required to edit +- ❌ Cannot manage users and user groups within the tenant + +#### 1.3.4 Regular User + +Regular Users only have permission to use agents for conversations. + +- ✅ Can use authorized agents for conversations +- ✅ Can view their own usage records and personal information +- ❌ Cannot create or edit agents, knowledge bases + + + +## II. Tab Access Permissions + +| Tab | Super Administrator | Administrator | Developer | Regular User | +| --- | :-----------------: | :-----------: | :-------: | :----------: | +| **Home** | ✅ | ✅ | ✅ | ✅ | +| **Start Chat** | ❌ | ✅ | ✅ | ✅ | +| **Quick Setup** | ❌ | ✅ | ✅ | ✅ | +| **Agent Space** | ❌ | ✅ | ✅ | ❌ | +| **Agent Market** | ❌ | ✅ | ✅ | ❌ | +| **Agent Development** | ❌ | ✅ | ✅ | ❌ | +| **Knowledge Base** | ❌ | ✅ | ✅ | ❌ | +| **MCP Tools** | ❌ | ✅ | ✅ | ❌ | +| **Monitoring** | ✅ | ✅ | ✅ | ❌ | +| **Model Management** | ❌ | ✅ | ✅ | ❌ | +| **Memory Management** | ❌ | ✅ | ✅ | ✅ | +| **Personal Information** | ❌ | ✅ | ✅ | ✅ | +| **Tenant Resources** | ✅ | ✅ | ❌ | ❌ | + + +## III. Resource Permission Comparison + +The following tables show the operation permissions of four roles for various types of resources. Among them: + +- **Super Administrator**: Can manage resources for all tenants (cross-tenant) +- **Administrator/Developer/Regular User**: Can only operate resources within their own tenant + +### 3.1 User and User Group Permissions + +| Operation | Super Administrator | Administrator | Developer | Regular User | +| --------- | :-----------------: | :-----------: | :-------: | :----------: | +| **View Tenant List** | ✅ | ❌ | ❌ | ❌ | +| **Create/Delete Tenant** | ✅ | ❌ | ❌ | ❌ | +| **View User List** | ✅ | ✅ | ❌ | ❌ | +| **Edit User Permissions** | ✅ | ✅ | ❌ | ❌ | +| **Delete User** | ✅ | ✅ | ❌ | ❌ | +| **Assign User Group** | ✅ | ✅ | ❌ | ❌ | +| **View User Group List** | ✅ | ✅ | ❌ | ❌ | +| **Create User Group** | ✅ | ✅ | ❌ | ❌ | +| **Edit User Group** | ✅ | ✅ | ❌ | ❌ | +| **Delete User Group** | ✅ | ✅ | ❌ | ❌ | + +### 3.2 Model Permissions + +| Operation | Super Administrator | Administrator | Developer | Regular User | +| --------- | :-----------------: | :-----------: | :-------: | :----------: | +| **View Model List** | ✅ | ✅ | ✅ | ❌ | +| **Add Model** | ✅ | ✅ | ❌ | ❌ | +| **Edit Model** | ✅ | ✅ | ❌ | ❌ | +| **Delete Model** | ✅ | ✅ | ❌ | ❌ | +| **Test Connectivity** | ✅ | ✅ | ✅ | ❌ | +| **Use Model** | ❌ | ✅ | ✅ | ✅ | + +> 💡 **Note**: Models are tenant-level shared resources. All user groups within the same tenant share the same model pool, with no group-level isolation. Administrators uniformly manage model configurations, while developers and regular users can only use configured models. + +### 3.3 Knowledge Base Permissions + +| Operation | Super Administrator | Administrator | Developer | Regular User | +| --------- | :-----------------: | :-----------: | :-------: | :----------: | +| **View Knowledge Base List** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **View Knowledge Base Details** | ❌ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **View Knowledge Base Summary** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Create Knowledge Base** | ❌ | ✅ | ✅ | ❌ | +| **Edit Knowledge Base Name and Permissions** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Edit Knowledge Base Chunks and Summary** | ❌ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Delete Knowledge Base** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Upload/Delete Files** | ❌ | ✅ | 🟡 Self-created/Authorized | ❌ | + +### 3.4 Agent Permissions + +| Operation | Super Administrator | Administrator | Developer | Regular User | +| --------- | :-----------------: | :-----------: | :-------: | :----------: | +| **View Agent List** | ✅ | ✅ | 🟡 Self-created/Authorized | 🟡 Authorized Published Agents | +| **View Agent Info** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Edit Agent Config** | ❌ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Manage Agent Versions** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Delete Agent** | ✅ | ✅ | 🟡 Self-created/Authorized | ❌ | +| **Use Agent Chat** | ❌ | ✅ | 🟡 Self-created/Authorized | 🟡 Authorized Published Agents | + +### 3.5 MCP Permissions + +| Operation | Super Administrator | Administrator | Developer | Regular User | +| --------- | :-----------------: | :-----------: | :-------: | :----------: | +| **View MCP Tools** | ✅ | ✅ | ✅ | ❌ | +| **Edit MCP Tools** | ✅ | ✅ | ❌ | ❌ | +| **Add MCP Tools** | ✅ | ✅ | ✅ | ❌ | +| **Delete MCP Tools** | ✅ | ✅ | ❌ | ❌ | + +> 💡 **Note**: MCP tools are tenant-level shared resources. All user groups within the same tenant share the same MCP tools, with no group-level isolation. Administrators can add and manage MCP tools, while developers can only add MCP tools. + + +## IV. Permission Configuration + +### 4.1 Agent Permission Settings + +| Permission Level | Description | Applicable Scenario | +| ---------------- | ----------- | ------------------- | +| **Creator Only** | Only the creator (and administrators) can view and edit | Personal development agents | +| **Specified User Group - Read Only** | User groups specified in the agent development page can view and publish, but cannot edit or delete. | Department-specific agents | +
+ Agent Permission Settings +
+ +### 4.2 Knowledge Base Permission Settings + +| Permission Level | Description | Applicable Scenario | +| ---------------- | ----------- | ------------------- | +| **Private** | Only the creator (and administrators) can view and manage | Personal knowledge base | +| **Specified User Group - Read Only** | Specified user groups can view but cannot edit or delete | Department knowledge base | +| **Specified User Group - Editable** | Specified user groups can view and edit, delete | Project team knowledge base | + +
+ Knowledge Base Permission Settings 1 + Knowledge Base Permission Settings 2 +
+ + +## V. Invitation Code Mechanism + +Nexent platform uses an invitation code mechanism to control new user registration, ensuring platform security and controllability. + +### 5.1 Generating Invitation Codes + +- Super Administrators can go to "Tenant Resources" → "Select Tenant" → "Invitation Code" +- Administrators can go directly through "Tenant Resources" → "Invitation Code" +- Click "Create Invitation Code" +- Configure parameters: invitation type (Administrator, Developer, User), invitation code, number of uses, user groups to join, expiration time +- Copy the invitation code and distribute it to relevant personnel + +![Invitation Code 1](./assets/user-management/invite-code-1.png) + +
+ Invitation Code 2 +
+ + +## VI. Practical Examples + +This section uses **XX City People's Hospital - Orthopedics Department** as an example to demonstrate how to build a single-department medical intelligent assistant system on the Nexent platform, as well as the workflow of each role in the system. + +### 6.1 Overall Architecture Design + +#### 6.1.1 Architecture Level Correspondence + +In the scenario of XX City People's Hospital, the correspondence between Nexent platform levels and hospital entities is as follows: + +| Level | Corresponding Entity | Description | +| ----- | -------------------- | ----------- | +| **Super Administrator** | Hospital Information Center/System Administrator | Manages multiple departments (multiple tenants) of the entire hospital | +| **Single Tenant** | Single Department | Such as: Orthopedics, Cardiology, Surgery | +| **User Groups within Tenant** | Professional groups within the department | Such as: Orthopedics Physician Group, Nursing Group, Rehabilitation Group | +| **Members within User Groups** | Specific medical staff/patients | Such as: Chief Physician of Orthopedics, Charge Nurse, Inpatient | + +#### 6.1.2 Definition and Responsibilities of Each Role + +| Role | Corresponding Personnel in Orthopedics Tenant | Core Responsibilities | Data Visibility Scope | +| ---- | --------------------------------------------- | --------------------- | --------------------- | +| **Super Administrator** | Hospital Information Center Administrator | Manages multiple tenants of hospital departments (Orthopedics, Cardiology, Surgery, etc.) | Data of all tenants in the hospital | +| **Administrator** | Chief of Orthopedics | Manages all resources within the Orthopedics tenant (users, agents, knowledge bases, etc.) | All data of this department (this tenant) | +| **Developer** | Chief Physicians and Associate Chief Physicians of Orthopedics Sub-specialties | Creates and edits clinical auxiliary agents, uploads professional materials to knowledge bases | Resources authorized within this department; self-created resources are manageable | +| **Regular User** | Resident Physicians, Nurses, Patients | Uses published agents for work assistance, information queries, health education | Resources authorized for use within this department; view-only, no editing | + +### 6.2 Example User Work Scenarios + +#### Scenario 1: Hospital Information Center Administrator (Super Administrator Role) + +- **User Identity**: Hospital Information Center - System Administrator - Engineer Zhang +- **Role**: Super Administrator +- **Work Requirement**: Manage Nexent platform tenants for all departments of XX City People's Hospital, ensuring normal operation of systems in each department +- **Operation Process in Nexent Platform**: + 1. **Login to System**: Log in to Nexent platform with Super Administrator account + 2. **View Tenant List**: Go to the "Tenant Resources" tab to view tenants of all hospital departments: + - Orthopedics Tenant + - Cardiology Tenant + - Surgery Tenant + - Pediatrics Tenant + - ... (other department tenants) + 3. **Create New Tenant** (e.g., hospital newly opened Rehabilitation Department): + - Click "Create Tenant" + - Fill in tenant name: "XX City People's Hospital - Rehabilitation Department" + - Invite the Chief of Rehabilitation Department as the tenant administrator + +#### Scenario 2: Chief of Orthopedics (Tenant Administrator Role) + +- **User Identity**: Orthopedics - Management - Chief of Orthopedics - Director Liu +- **Role**: Administrator +- **Work Requirement**: Manage all resources within the Orthopedics tenant, create accounts and configure permissions for newly hired spine surgeons +- **Operation Process in Nexent Platform**: + 1. **Login to System**: Log in to Nexent platform with Administrator account + 2. **Enter User Management**: Click the "User Management" tab + 3. **Create New User**: + - Click "Create Invitation Code", configure the group and developer permissions for this doctor + 4. **Assign User Groups**: + - This doctor also needs to join the subsequently created "Spine Surgery New Group" user group, enter "User Management" to edit + 5. **Check Agent Permissions**: + - Enter "Agent Space" to view all existing agents in Orthopedics + - Check if the permission settings for "Spine CT Image Analysis Assistant" are correct (visible and editable to the Spine Surgery Group) + 6. **Manage Knowledge Base**: + - Enter the "Knowledge Base" tab to check the content update status of the Orthopedics knowledge base + - Approve new materials submitted by doctors (such as new surgical cases, research literature, etc.) + +#### Scenario 3: Chief Physician of Spine Surgery (Developer Role) + +- **User Identity**: Orthopedics - Spine Surgery Group - Chief Physician - Dr. Wang +- **Role**: Developer +- **Work Requirement**: Need an intelligent assistant to help analyze spine CT images and provide surgical plan recommendations +- **Operation Process in Nexent Platform**: + 1. **Login to System**: Register account and password with the hospital-assigned invitation code and log in to the corresponding development group + 2. **Enter Agent Development**: Click the "Agent Development" tab + 3. **Create New Agent**: Click "Create Agent", name it "Spine CT Image Analysis Assistant" + 4. **Configure Agent Capabilities**: + - Select "Medical Image Analysis Model" as the base model + - Associate "Spine Surgery Knowledge Base" as the knowledge source + - Configure prompts to train the agent to identify disc herniation, scoliosis and other lesions + 5. **Set Permissions**: + - Visible User Groups: Select "Spine Surgery Group" + - Permission Level: Select "Editable" (allows doctors in the same department to modify and optimize) + 6. **Publish Agent**: Click "Publish", the agent is officially put into use +- **Accessible Data**: + - ✅ Self-created "Spine CT Image Analysis Assistant" agent (editable, version manageable) + - ✅ Other agents authorized for use (such as "Orthopedics Medication Assistant") (view-only) + - ✅ Orthopedics-related knowledge bases (queryable, some can upload materials) + - ❌ Data from other tenants (such as Cardiology) (completely isolated) + +#### Scenario 4: Orthopedics Inpatient (Regular User Role) + +- **User Identity**: Orthopedics - Inpatient Group - Inpatient - Mr. Zhang +- **Role**: Regular User +- **Work Requirement**: After lumbar disc surgery, wants to understand rehabilitation training methods and post-discharge precautions +- **Operation Process in Nexent Platform**: + 1. **Login to System**: Log in to the Nexent platform patient portal + 2. **Enter Patient Services**: Click the "Start Chat" tab + 3. **Select Agent**: Click "Orthopedics Rehabilitation Assistant" + 4. **Initiate Consultation**: + - Input question: "Day 3 after lumbar disc surgery, what rehabilitation training can I do?" + - The agent provides rehabilitation movement videos and guidance suitable for early postoperative period based on the Orthopedics Rehabilitation knowledge base + 5. **Schedule Follow-up**: Schedule a one-month post-discharge outpatient follow-up through the agent +- **Accessible Data**: + - ✅ "Orthopedics Rehabilitation Assistant" agent (view-only) + - ❌ Doctor's diagnostic system (no permission) + - ❌ Other patients' data (completely isolated) + + +## 💡 Get Help + +If you encounter any issues while using the platform: + +- 📖 Check the **[FAQ](../quick-start/faq)** for detailed answers +- 💬 Join our [Discord community](https://discord.gg/tb5H3S3wyv) to connect with other users diff --git a/doc/docs/zh/quick-start/installation.md b/doc/docs/zh/quick-start/installation.md index bee8f9588..64840b8d0 100644 --- a/doc/docs/zh/quick-start/installation.md +++ b/doc/docs/zh/quick-start/installation.md @@ -44,6 +44,9 @@ bash deploy.sh - **终端工具**: 启用 openssh-server 供 AI 智能体执行 shell 命令 - **区域优化**: 中国大陆用户可使用优化的镜像源 + +>⚠️ **重要提示**:首次部署 v1.8.0 及以上版本时,需特别留意 Docker 日志中输出的 `suadmin` 超级管理员账号信息。该账号为系统最高权限账户,密码仅在首次生成时显示,后续无法再次查看,请务必妥善保存。 + ### 3. 访问您的安装 部署成功完成后: diff --git a/doc/docs/zh/user-guide/agent-development.md b/doc/docs/zh/user-guide/agent-development.md index cc00ef115..eebed03cf 100644 --- a/doc/docs/zh/user-guide/agent-development.md +++ b/doc/docs/zh/user-guide/agent-development.md @@ -160,6 +160,19 @@ 调试成功后,可点击右下角"保存"按钮,此智能体将会被保存并出现在智能体列表中。 +### 🐛 版本管理 + +Nexent 支持智能体的版本管理,您可以在调试过程中,保存不同版本的智能体配置。 + +确认智能体配置无误后,您可发布智能体。发布后智能体将在智能体空间、开始问答中可见。 + +![版本管理1](./assets/agent-development/version_management_1.png) + +若需回滚到其他版本,可在版本管理页面点击"回滚"按钮。 + +![版本管理2](./assets/agent-development/version_management_2.png) + + ## 🔧 管理智能体 在左侧智能体列表中,您可对已有的智能体进行以下操作: diff --git a/doc/docs/zh/user-guide/agent-market.md b/doc/docs/zh/user-guide/agent-market.md index 020bbfa1a..47f5b2f5d 100644 --- a/doc/docs/zh/user-guide/agent-market.md +++ b/doc/docs/zh/user-guide/agent-market.md @@ -38,12 +38,18 @@ ![智能体市场下载](./assets/agent-market/agent-market-download.png) -### 2️⃣ 配置字段 +### 2️⃣ 配置本地工具 -🔑 依据提示补充工具许可 +🔑 依据提示补充本地工具的许可 ![智能体市场下载2](./assets/agent-market/agent-market-download2.png) +### 3️⃣ 配置外部 MCP 工具 + +🔑 依据提示补充 MCP 工具的许可 + +![智能体市场下载3](./assets/agent-market/agent-market-download3.png) + 安装完成后,您的智能体会在 **[智能体空间](./agent-space)** 准备好 ## 📢 分享您的创作 diff --git a/doc/docs/zh/user-guide/assets/agent-development/duplicated_import.png b/doc/docs/zh/user-guide/assets/agent-development/duplicated_import.png index e4d51cad5..588fb0f52 100644 Binary files a/doc/docs/zh/user-guide/assets/agent-development/duplicated_import.png and b/doc/docs/zh/user-guide/assets/agent-development/duplicated_import.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-development/generate-agent.png b/doc/docs/zh/user-guide/assets/agent-development/generate-agent.png index 0dd5eef50..b9169dbcd 100644 Binary files a/doc/docs/zh/user-guide/assets/agent-development/generate-agent.png and b/doc/docs/zh/user-guide/assets/agent-development/generate-agent.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-development/version_management_1.png b/doc/docs/zh/user-guide/assets/agent-development/version_management_1.png new file mode 100644 index 000000000..a945374c5 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/agent-development/version_management_1.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-development/version_management_2.png b/doc/docs/zh/user-guide/assets/agent-development/version_management_2.png new file mode 100644 index 000000000..baa7fe7ea Binary files /dev/null and b/doc/docs/zh/user-guide/assets/agent-development/version_management_2.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-market/agent-market-download.png b/doc/docs/zh/user-guide/assets/agent-market/agent-market-download.png index d874638f4..b8617829e 100644 Binary files a/doc/docs/zh/user-guide/assets/agent-market/agent-market-download.png and b/doc/docs/zh/user-guide/assets/agent-market/agent-market-download.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-market/agent-market-download2.png b/doc/docs/zh/user-guide/assets/agent-market/agent-market-download2.png index d9f88e409..6604b5bfd 100644 Binary files a/doc/docs/zh/user-guide/assets/agent-market/agent-market-download2.png and b/doc/docs/zh/user-guide/assets/agent-market/agent-market-download2.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-market/agent-market-download3.png b/doc/docs/zh/user-guide/assets/agent-market/agent-market-download3.png new file mode 100644 index 000000000..714db1470 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/agent-market/agent-market-download3.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-market/agent-market.png b/doc/docs/zh/user-guide/assets/agent-market/agent-market.png index 9b4c0811b..e136ddcb6 100644 Binary files a/doc/docs/zh/user-guide/assets/agent-market/agent-market.png and b/doc/docs/zh/user-guide/assets/agent-market/agent-market.png differ diff --git a/doc/docs/zh/user-guide/assets/agent-space/agent-space.png b/doc/docs/zh/user-guide/assets/agent-space/agent-space.png index 4576a5767..61bd31553 100644 Binary files a/doc/docs/zh/user-guide/assets/agent-space/agent-space.png and b/doc/docs/zh/user-guide/assets/agent-space/agent-space.png differ diff --git a/doc/docs/zh/user-guide/assets/home-page/homepage.png b/doc/docs/zh/user-guide/assets/home-page/homepage.png index 845b31a57..a41616d3b 100644 Binary files a/doc/docs/zh/user-guide/assets/home-page/homepage.png and b/doc/docs/zh/user-guide/assets/home-page/homepage.png differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/create-knowledge-base.png b/doc/docs/zh/user-guide/assets/knowledge-base/create-knowledge-base.png index 29f0dbc03..3731860ee 100644 Binary files a/doc/docs/zh/user-guide/assets/knowledge-base/create-knowledge-base.png and b/doc/docs/zh/user-guide/assets/knowledge-base/create-knowledge-base.png differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/delete-knowledge-base.png b/doc/docs/zh/user-guide/assets/knowledge-base/delete-knowledge-base.png deleted file mode 100644 index 6871731af..000000000 Binary files a/doc/docs/zh/user-guide/assets/knowledge-base/delete-knowledge-base.png and /dev/null differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-file-list.png b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-file-list.png deleted file mode 100644 index f930878b2..000000000 Binary files a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-file-list.png and /dev/null differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-permission.png b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-permission.png new file mode 100644 index 000000000..8394ab9f9 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-permission.png differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-summary.png b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-summary.png deleted file mode 100644 index eb6acb792..000000000 Binary files a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-base-summary.png and /dev/null differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-tool.png b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-tool.png new file mode 100644 index 000000000..4359a66f9 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-tool.png differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-tool2.png b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-tool2.png new file mode 100644 index 000000000..ac0369c3b Binary files /dev/null and b/doc/docs/zh/user-guide/assets/knowledge-base/knowledge-tool2.png differ diff --git a/doc/docs/zh/user-guide/assets/knowledge-base/summary-knowledge-base.png b/doc/docs/zh/user-guide/assets/knowledge-base/summary-knowledge-base.png index b36303da2..306a1b295 100644 Binary files a/doc/docs/zh/user-guide/assets/knowledge-base/summary-knowledge-base.png and b/doc/docs/zh/user-guide/assets/knowledge-base/summary-knowledge-base.png differ diff --git a/doc/docs/zh/user-guide/assets/user-management/agent-permission.png b/doc/docs/zh/user-guide/assets/user-management/agent-permission.png new file mode 100644 index 000000000..22c797553 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/user-management/agent-permission.png differ diff --git a/doc/docs/zh/user-guide/assets/user-management/invite-code-1.png b/doc/docs/zh/user-guide/assets/user-management/invite-code-1.png new file mode 100644 index 000000000..1ee8302ff Binary files /dev/null and b/doc/docs/zh/user-guide/assets/user-management/invite-code-1.png differ diff --git a/doc/docs/zh/user-guide/assets/user-management/invite-code-2.png b/doc/docs/zh/user-guide/assets/user-management/invite-code-2.png new file mode 100644 index 000000000..5e84b0d30 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/user-management/invite-code-2.png differ diff --git a/doc/docs/zh/user-guide/assets/user-management/kb-permission-1.png b/doc/docs/zh/user-guide/assets/user-management/kb-permission-1.png new file mode 100644 index 000000000..7d399369d Binary files /dev/null and b/doc/docs/zh/user-guide/assets/user-management/kb-permission-1.png differ diff --git a/doc/docs/zh/user-guide/assets/user-management/kb-permission-2.png b/doc/docs/zh/user-guide/assets/user-management/kb-permission-2.png new file mode 100644 index 000000000..7cd990eca Binary files /dev/null and b/doc/docs/zh/user-guide/assets/user-management/kb-permission-2.png differ diff --git a/doc/docs/zh/user-guide/assets/user-management/tenant-usergroup.png b/doc/docs/zh/user-guide/assets/user-management/tenant-usergroup.png new file mode 100644 index 000000000..6033b9b84 Binary files /dev/null and b/doc/docs/zh/user-guide/assets/user-management/tenant-usergroup.png differ diff --git a/doc/docs/zh/user-guide/home-page.md b/doc/docs/zh/user-guide/home-page.md index 5e24343ac..0a3a82957 100644 --- a/doc/docs/zh/user-guide/home-page.md +++ b/doc/docs/zh/user-guide/home-page.md @@ -22,7 +22,7 @@ Nexent首页展示了平台的核心功能,为您提供快速入口: ### ➡️ 左侧导航栏 -页面左侧提供了完整的导航栏,包含以下模块: +以管理员账号为例,页面左侧提供了完整的导航栏,包含以下模块: - **首页**:返回平台首页 - **开始问答**:进入对话页面,选择智能体进行交互 @@ -35,7 +35,9 @@ Nexent首页展示了平台的核心功能,为您提供快速入口: - **监控与运维**:实时掌控智能体的运行状态(即将上线) - **模型管理**:管理应用信息与模型配置,连接你需要的 AI 能力 - **记忆管理**:控制智能体的长期记忆,让对话更高效 -- **用户管理**:管为团队提供统一的用户、角色与权限控制(即将上线) +- **个人信息**:查看和管理您的个人信息,如邮箱、角色、用户组等 +- **租户资源**:查看和管理您的租户资源,如用户、模型、知识库、智能体等 + 页面右上角支持**语言切换**(简体中文/English) diff --git a/doc/docs/zh/user-guide/knowledge-base.md b/doc/docs/zh/user-guide/knowledge-base.md index c28f878e1..fa98eac62 100644 --- a/doc/docs/zh/user-guide/knowledge-base.md +++ b/doc/docs/zh/user-guide/knowledge-base.md @@ -44,29 +44,34 @@ Nexent支持多种文件格式,包括: ![内容总结](./assets/knowledge-base/summary-knowledge-base.png) +## 🔧 使用知识库 + +Nexent支持知识库与智能体单独绑定,在创建智能体时,**启用knowledge_base_search工具**,并选择关联的知识库 +工具1 +![工具2](./assets/knowledge-base/knowledge-tool2.png) + ## 🔍 知识库管理 ### 查看知识库 1. **知识库列表** - 知识库页面左侧展示了所有已创建的知识库 - - 显示知识库名称、文件数量、创建时间等信息 + - 知识库列表处支持对知识库来源和向量模型的筛选 + - 显示知识库名称、文件数量、创建时间、用户组等信息 + +> 点击编辑,可管理知识库的名称、可见的用户组及组内权限 + +知识库权限 2. **知识库详情** - 点击知识库名称,可查看知识库中全部文档信息 - 点击“详细内容”,可查看知识库的内容总结 -
- - -
- ### 编辑知识库 1. **删除知识库** - 点击知识库名称右侧“删除”按钮 - 确认删除操作(此操作不可恢复) -![删除知识库](./assets/knowledge-base/delete-knowledge-base.png) 2. **删除或新增文件** - 点击知识库名称,在文件列表中点击“删除”按钮,可从知识库中删除文件 diff --git a/doc/docs/zh/user-guide/quick-setup.md b/doc/docs/zh/user-guide/quick-setup.md index 44d00b335..96fb26875 100644 --- a/doc/docs/zh/user-guide/quick-setup.md +++ b/doc/docs/zh/user-guide/quick-setup.md @@ -33,6 +33,11 @@ - **配置能力**:设置协作智能体和工具 - **描述业务逻辑**:定义智能体的工作方式 +发布智能体: + +- **发布智能体**:已发布的智能体将在选中的用户组内可见,并列于智能体空间与开始问答选择框中 +- **版本管理**:跟踪智能体的迭代历史,支持查看、回滚至历史版本及创建新版本 + 详细内容请参考:[智能体开发](./agent-development) ## 🎯 使用建议 diff --git a/doc/docs/zh/user-guide/start-chat.md b/doc/docs/zh/user-guide/start-chat.md index d428e5a3a..4e9dce692 100644 --- a/doc/docs/zh/user-guide/start-chat.md +++ b/doc/docs/zh/user-guide/start-chat.md @@ -9,6 +9,7 @@ 在开始对话之前,您需要先选择一个智能体。 1. **查看可用智能体** + - 已发布的智能体可用于对话 - 在对话框左下角找到智能体选择下拉框 - 点击下拉框查看所有可用的智能体列表 - 每个智能体都会显示名称和功能描述 diff --git a/doc/docs/zh/user-guide/user-management.md b/doc/docs/zh/user-guide/user-management.md index 24b45af00..ddffc1abe 100644 --- a/doc/docs/zh/user-guide/user-management.md +++ b/doc/docs/zh/user-guide/user-management.md @@ -1,39 +1,325 @@ # 用户管理 -用户管理是Nexent平台即将推出的功能模块,将为您提供完整的用户管理能力。 +本页面详细说明 Nexent 平台的用户角色体系、数据可见性范围、各类资源的操作权限,并分享权限配置的实践案例。 -## 🎯 功能预告 +⚠️ **重要提示**:首次部署 v1.8.0 及以上版本时,需特别留意 Docker 日志中输出的 `suadmin` 超级管理员账号信息。该账号为系统最高权限账户,密码仅在首次生成时显示,后续无法再次查看,请务必妥善保存。 -用户管理将提供以下功能: +## 📋 页面导航 -- **用户列表**:查看和管理所有系统用户 -- **用户权限**:配置用户的访问权限和功能权限 -- **用户角色**:管理用户角色和权限组 -- **用户统计**:查看用户使用情况和统计数据 +- [一、角色体系](#一角色体系) - 四种核心角色的定义与职责 +- [二、页签访问权限](#二页签访问权限) - 各角色可访问的系统页面 +- [三、资源权限对照表](#三资源权限对照表) - 详细的各种资源操作权限 +- [四、权限配置](#四权限配置) - 智能体与知识库的权限管理 +- [五、邀请码机制](#五邀请码机制) - 用户注册与邀请流程 +- [六、实践案例](#六实践案例) - 权限配置的建议 -## ⏳ 敬请期待 +## 一、角色体系 -用户管理功能正在开发中,敬请期待! +Nexent 采用基于角色的访问控制(RBAC)模型,通过租户与用户组的概念划分用户范围: -我们正在努力为您打造一个完善、灵活的用户管理体系,让您能够: +### 1.1 什么是租户? -- 精细化管理用户权限 -- 灵活配置用户角色 -- 全面了解用户使用情况 +- **租户**是 Nexent 平台中最上层的资源隔离单位,可以理解为一个独立的工作空间或组织单元 -## 📢 获取最新动态 +- 不同租户之间,数据完全隔离、互不可见,每个租户内可独立创建智能体、知识库、模型、MCP等 -想要第一时间了解用户管理功能的上线信息? +- 仅超级管理员可跨租户权限管理,邀请租户管理员 -- 加入我们的 [Discord 社区](https://discord.gg/tb5H3S3wyv) 获取最新动态 -- 关注项目更新,了解开发进展 +### 1.2 什么是用户组? -## 🚀 相关功能 +- **用户组**是某租户内的用户集合,可通过用户组划分来实现对用户的管理和权限控制 +- 一个用户也可以属于多个用户组 +- 租户内的知识库、智能体等资源可见性,通过用户组控制 -在等待用户管理功能上线期间,您可以: +![租户与用户组关系](./assets/user-management/tenant-usergroup.png) -1. 在 **[智能体空间](./agent-space)** 中管理您的智能体 -2. 通过 **[模型管理](./model-management)** 配置系统模型 -3. 在 **[开始问答](./start-chat)** 中体验平台功能 +### 1.3 用户角色 -如果您有任何建议或想法,欢迎通过 [Discord 社区](https://discord.gg/tb5H3S3wyv) 与我们分享! +包含以下四个核心角色: + +| 角色 | 职责描述 | 适用场景 | 角色备注 | +| -------------- | ---------------------------------------------- | -------------------- | ------------------------------------------------------------ | +| **超级管理员** | 可创建**不同租户**,管理所有租户资源 | 平台运维人员 | Nexent系统只有一个超级管理员,于本地部署时生成账号密码,请务必留存,日志关闭后无法找回 | +| **管理员** | 负责**租户内**的资源管理和权限分配 | 部门经理、租户负责人 | 同一租户可拥有多个管理员,只能由超级管理员邀请 | +| **开发者** | 可创建和编辑智能体、知识库等资源,但无管理权限 | 开发人员、产品经理 | 同一租户下可拥有多个开发者,可属于租户下多个用户组,由管理员和超级管理员邀请 | +| **普通用户** | 仅可使用平台提供的各项功能,无创建和编辑权限 | 员工、业务人员 | 同一租户下可拥有多个普通用户,可属于租户下多个用户组,由管理员和超级管理员邀请 | + +#### 1.3.1 超级管理员 + +超级管理员负责平台的整体运维,可以创建租户并参与各租户内的用户权限管理,但无法使用智能体 + +- ✅ 可以管理所有租户的人员及权限 +- ✅ 可以查看全平台监控与运维数据 +- ❌ 不能直接查看具体业务数据(如智能体对话内容、知识库文档等) +- ❌ 不能创建和使用智能体、知识库等 + +#### 1.3.2 管理员 + +管理员是租户内的最高权限角色,负责租户内的资源管理和用户管理,拥有平台全部功能 + +- ✅ 可以管理租户内的所有用户与用户组 +- ✅ 可以查看并编辑租户内所有智能体、知识库、MCP +- ❌ 不能访问其他租户的数据 + +#### 1.3.3 开发者 + +开发者是租户内的技术角色,负责创建和优化智能体、知识库等技术资源 + +- ✅ 可以创建智能体和知识库,并设置权限 +- ⚠️ 对他人创建的资源,需要被授权才能编辑 +- ❌ 不能管理租户内的用户和用户组 + +#### 1.3.4 普通用户 + +普通用户仅有使用智能体进行对话的权限 + +- ✅ 可以使用被授权的智能体进行对话 +- ✅ 可以查看自己的使用记录和个人信息 +- ❌ 不能创建或编辑智能体、知识库 + + +## 二、页签访问权限 + +| 页签 | 超级管理员 | 管理员 | 开发者 | 普通用户 | +| -------------- | :--------: | :----: | :----: | :------: | +| **首页** | ✅ | ✅ | ✅ | ✅ | +| **开始问答** | ❌ | ✅ | ✅ | ✅ | +| **快速配置** | ❌ | ✅ | ✅ | ✅ | +| **智能体空间** | ❌ | ✅ | ✅ | ❌ | +| **智能体市场** | ❌ | ✅ | ✅ | ❌ | +| **智能体开发** | ❌ | ✅ | ✅ | ❌ | +| **知识库** | ❌ | ✅ | ✅ | ❌ | +| **MCP工具** | ❌ | ✅ | ✅ | ❌ | +| **监控与运维** | ✅ | ✅ | ✅ | ❌ | +| **模型管理** | ❌ | ✅ | ✅ | ❌ | +| **记忆管理** | ❌ | ✅ | ✅ | ✅ | +| **个人信息** | ❌ | ✅ | ✅ | ✅ | +| **租户资源** | ✅ | ✅ | ❌ | ❌ | + + +## 三、资源权限对照表 + +以下表格展示了四种角色对各类资源的操作权限。其中: + +- **超级管理员**:可管理所有租户的资源(跨租户) +- **管理员/开发者/普通用户**:仅可操作本租户内的资源 + +### 3.1 用户与用户组权限 + +| 操作 | 超级管理员 | 管理员 | 开发者 | 普通用户 | +| ------------------ | :--------: | :----: | :----: | :------: | +| **查看租户列表** | ✅ | ❌ | ❌ | ❌ | +| **创建/删除租户** | ✅ | ❌ | ❌ | ❌ | +| **查看用户列表** | ✅ | ✅ | ❌ | ❌ | +| **编辑用户权限** | ✅ | ✅ | ❌ | ❌ | +| **删除用户** | ✅ | ✅ | ❌ | ❌ | +| **分配用户组** | ✅ | ✅ | ❌ | ❌ | +| **查看用户组列表** | ✅ | ✅ | ❌ | ❌ | +| **创建用户组** | ✅ | ✅ | ❌ | ❌ | +| **编辑用户组** | ✅ | ✅ | ❌ | ❌ | +| **删除用户组** | ✅ | ✅ | ❌ | ❌ | + +### 3.2 模型权限 + +| 操作 | 超级管理员 | 管理员 | 开发者 | 普通用户 | +| ---------------- | :--------: | :----: | :----: | :------: | +| **查看模型列表** | ✅ | ✅ | ✅ | ❌ | +| **添加模型** | ✅ | ✅ | ❌ | ❌ | +| **编辑模型** | ✅ | ✅ | ❌ | ❌ | +| **删除模型** | ✅ | ✅ | ❌ | ❌ | +| **测试连通性** | ✅ | ✅ | ✅ | ❌ | +| **使用模型** | ❌ | ✅ | ✅ | ✅ | + +> 💡 **说明**:模型为租户级共享资源,同租户内所有用户组共享相同的模型池,不存在组间隔离。管理员统一管理模型配置,开发者和普通用户仅能使用已配置的模型。 + +### 3.3 知识库权限 + +| 操作 | 超级管理员 | 管理员 | 开发者 | 普通用户 | +| ------------------------ | :--------: | :----: | :---------------: | :------: | +| **查看知识库列表** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **查看知识库详情** | ❌ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **查看知识库总结** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **创建知识库** | ❌ | ✅ | ✅ | ❌ | +| **编辑知识库名称和权限** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **编辑知识库分块、总结** | ❌ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **删除知识库** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **上传/删除文件** | ❌ | ✅ | 🟡 自己创建/被授权 | ❌ | + +### 3.4 智能体权限 + +| 操作 | 超级管理员 | 管理员 | 开发者 | 普通用户 | +| ------------------ | :--------: | :----: | :---------------: | :--------------------: | +| **查看智能体列表** | ✅ | ✅ | 🟡 自己创建/被授权 | 🟡 被授权的已发布智能体 | +| **查看智能体信息** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **编辑智能体配置** | ❌ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **管理智能体版本** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **删除智能体** | ✅ | ✅ | 🟡 自己创建/被授权 | ❌ | +| **使用智能体对话** | ❌ | ✅ | 🟡 自己创建/被授权 | 🟡 被授权的已发布智能体 | + +### 3.5 MCP权限 + +| 操作 | 超级管理员 | 管理员 | 开发者 | 普通用户 | +| --------------- | :--------: | :----: | :----: | :------: | +| **查看MCP工具** | ✅ | ✅ | ✅ | ❌ | +| **编辑MCP工具** | ✅ | ✅ | ❌ | ❌ | +| **添加MCP工具** | ✅ | ✅ | ✅ | ❌ | +| **删除MCP工具** | ✅ | ✅ | ❌ | ❌ | + +> 💡 **说明**:MCP 工具为租户级共享资源,同租户内所有用户组共享相同的 MCP 工具,不存在组间隔离。管理员可添加和管理 MCP 工具,开发者仅能添加 MCP 工具。 + + +## 四、权限配置 + +### 4.1 智能体权限设置 + +| 权限级别 | 说明 | 适用场景 | +| ------------------- | ------------------------------------------------------------ | ---------------- | +| **仅创建者可见** | 只有创建者(和管理员)可以查看和编辑 | 个人开发的智能体 | +| **指定用户组-只读** | 智能体开发页面指定用户组,则用户组内开发者可见、可发布,但不可编辑、不可删除。 | 部门专用智能体 | + +智能体权限设置 + +### 4.2 知识库权限设置 + +| 权限级别 | 说明 | 适用场景 | +| --------------------- | ------------------------------------ | -------------- | +| **私有** | 只有创建者(和管理员)可以查看和管理 | 个人知识库 | +| **指定用户组-只读** | 指定用户组可见,但不可编辑、删除 | 部门知识库 | +| **指定用户组-可编辑** | 指定用户组可见且可编辑、删除 | 项目团队知识库 | + +
+ 知识库权限设置1 + 知识库权限设置2 +
+ + +## 五、邀请码机制 + +Nexent 平台采用邀请码机制控制新用户注册,确保平台的安全性和可控性。 + +### 5.1 生成邀请码 + +- 超级管理员可进入「租户资源」→「选择租户」→「邀请码」 +- 管理员则直接通过「租户资源」→「邀请码」 +- 点击「创建邀请码」 +- 配置参数:邀请类型(管理员、开发者、用户)、邀请码、可使用次数、邀请进入的用户组、到期时间 +- 复制邀请码分发给相关人员 + +![邀请码1](./assets/user-management/invite-code-1.png) + +邀请码2 + + +## 六、实践案例 + +本节以**XX市人民医院-骨科**为例,展示如何在 Nexent 平台中构建单科室的医疗智能助手系统,以及各角色在系统中的工作流程。 + +### 6.1 整体架构设计 + +#### 6.1.1 架构层级对应关系 + +在XX市人民医院场景下,Nexent平台的层级与医院实体对应关系如下: + +| 层级 | 对应实体 | 说明 | +| ------------------ | ----------------------- | ------------------------------------ | +| **超级管理员** | 医院信息中心/系统管理员 | 管理整个医院的多个科室(多个租户) | +| **单个租户** | 单个科室 | 如:骨科、心内科、外科 | +| **租户内的用户组** | 科室内的专业小组 | 如:骨科医师组、护理组、康复组 | +| **用户组内的成员** | 具体医护人员/患者 | 如:骨科主任医师、责任护士、住院患者 | + +#### 6.1.2 各角色的定义与职责 + +| 角色 | 在骨科租户中的对应人员 | 核心职责 | 数据可见范围 | +| -------------- | -------------------------------- | ------------------------------------------------------ | ------------------------------------------ | +| **超级管理员** | 医院信息中心管理员 | 管理医院各科室的多个租户(骨科、心内科、外科等) | 全院所有租户的数据 | +| **管理员** | 骨科主任 | 管理骨科租户内的所有资源(用户、智能体、知识库等) | 本科室(本租户)的所有数据 | +| **开发者** | 骨科各亚专业主任医师、副主任医师 | 创建和编辑临床辅助智能体、上传专业资料到知识库 | 本科室内被授权的资源,自己创建的资源可管理 | +| **普通用户** | 住院医师、护士、患者 | 使用已发布的智能体进行工作辅助、查询信息、接受健康教育 | 本科室内被授权使用的资源,仅可使用不可编辑 | + +### 6.2 示例用户工作场景 + +#### 场景1:医院信息中心管理员(超级管理员角色) + +- **用户身份**:医院信息中心-系统管理员-张工 +- **角色**:超级管理员 +- **工作需求**:管理XX市人民医院所有科室的Nexent平台租户,确保各科室系统正常运行 +- **在Nexent平台中的操作流程**: + 1. **登录系统**:使用超级管理员账号登录Nexent平台 + 2. **查看租户列表**:进入「租户资源」页签,查看全院所有科室的租户: + - 骨科租户 + - 心内科租户 + - 外科租户 + - 儿科租户 + - ...(其他科室租户) + 3. **创建新租户**(如医院新开设了康复科): + - 点击「创建租户」 + - 填写租户名称:「XX市人民医院-康复科」 + - 邀请康复科主任为租户管理员 + +#### 场景2:骨科主任(租户管理员角色) + +- **用户身份**:骨科-管理层-骨科主任-刘主任 +- **角色**:管理员 +- **工作需求**:管理骨科租户内的所有资源,为新入职的脊柱外科医生创建账号并配置权限 +- **在Nexent平台中的操作流程**: + 1. **登录系统**:使用管理员账号登录Nexent平台 + 2. **进入用户管理**:点击「用户管理」页签 + 3. **创建新用户**: + - 点击「创建邀请码」,为该医生配置邀请进入的组以及开发者权限 + 4. **分配用户组**: + - 该医生还需进入后续新创建的「脊柱外科新组」用户组,进入「用户管理」编辑 + 5. **检查智能体权限**: + - 进入「智能体空间」,查看骨科现有的所有智能体 + - 检查「脊柱CT影像分析助手」的权限设置是否正确(对脊柱外科组可见、可编辑) + 6. **管理知识库**: + - 进入「知识库」页签,查看骨科知识库的内容更新情况 + - 审批医生提交的新资料(如新的手术案例、研究文献等) + +#### 场景3:脊柱外科主任医师(开发者角色) + +- **用户身份**:骨科-脊柱外科组-主任医师-王医生 +- **角色**:开发者 +- **工作需求**:需要一个智能助手帮助分析脊柱CT影像,提供手术方案建议 +- **在Nexent平台中的操作流程**: + 1. **登录系统**:使用医院分配的邀请码注册账号密码登录并进入对应的开发组 + 2. **进入智能体开发**:点击「智能体开发」页签 + 3. **创建新智能体**:点击「创建智能体」,命名为「脊柱CT影像分析助手」 + 4. **配置智能体能力**: + - 选择「医学影像分析模型」作为基础模型 + - 关联「脊柱外科知识库」作为知识来源 + - 配置提示词,训练智能体识别椎间盘突出、脊柱侧弯等病变 + 5. **设置权限**: + - 可见用户组:选择「脊柱外科组」 + - 权限级别:选择「可编辑」(允许同科室医生修改优化) + 6. **发布智能体**:点击「发布」,智能体正式投入使用 +- **可访问的数据**: + - ✅ 自己创建的「脊柱CT影像分析助手」智能体(可编辑、可管理版本) + - ✅ 被授权使用的其他智能体(如「骨科用药助手」)(仅可使用) + - ✅ 骨科相关的知识库(可查询,部分可上传资料) + - ❌ 其他租户(如心内科)的数据(完全隔离) + +#### 场景4:骨科住院患者(普通用户角色) + +- **用户身份**:骨科-住院患者组-住院患者-张先生 +- **角色**:普通用户 +- **工作需求**:腰椎间盘术后,想了解康复训练方法和出院后注意事项 +- **在Nexent平台中的操作流程**: + 1. **登录系统**:登录Nexent平台患者端 + 2. **进入患者服务**:点击「开始问答」页签 + 3. **选择智能体**:点击「骨科康复助手」 + 4. **发起咨询**: + - 输入问题:「腰椎间盘术后第3天,可以做哪些康复训练?」 + - 智能体根据骨科康复知识库,提供适合术后早期的康复动作视频和指导 + 5. **预约随访**:通过智能体预约出院后1个月的门诊随访 +- **可访问的数据**: + - ✅ 「骨科康复助手」智能体(仅可使用) + - ❌ 医生的诊断系统(无权限) + - ❌ 其他患者的数据(完全隔离) + +### 获取帮助 + +如果您在使用过程中遇到任何问题: + +- 📖 查看 **[常见问题](../quick-start/faq)** 获取详细解答 +- 💬 加入我们的 [Discord 社区](https://discord.gg/tb5H3S3wyv) 与其他用户交流 +- 🆘 联系技术支持获取专业帮助 \ No newline at end of file