Managing Groups

This guide explains how to manage user groups in the AI Controller administration interface. Groups provide an efficient way to organize users for use with the Rules Engine, enabling consistent access control across your organization when combined with rules.

Groups Overview

The Groups administration page allows you to create groups that reflect your organizational structure and assign users to appropriate groups. Groups are currently used exclusively with the Rules Engine to apply rules to multiple users simultaneously. This interface is designed to help administrators efficiently organize users into logical groups that can then be targeted by rules for access control.

Accessing Groups Management

Navigate to Admin -> Groups to access the group management interface. The page presents a view of all groups in your system and their members.

Screenshot: The Groups Management interface displays existing groups with member counts, individual members, and action controls. The interface includes filtering options and pagination for managing large numbers of groups.

Understanding the Groups Interface

The Groups page displays a table with detailed information about each group. The interface provides both high-level overviews and detailed member information at a glance:

Name: A descriptive identifier for the group (e.g., "Project Genesis", "Marketing")
Group Size: The total number of users in the group
Members: Visual representation of group members, with user names (hidden for privacy in the screenshot)
Actions: Interactive controls for editing, managing members, or deleting the group

The interface includes convenient filters at the top of the page, allowing you to: - Filter by specific groups - Filter by individual users to see their group memberships - Show or hide filters as needed

Creating a New Group

To create a new group, click the "CREATE" button at the top right of the page. This opens a dialog where you can:

Enter a meaningful group name that reflects its purpose
Add initial members if desired

Choose names that clearly indicate the group's function or the team it represents. Good examples include "Engineering Team", "Marketing Department", or project-specific names like "Project Genesis".

Note that groups by themselves don't grant any permissions - they are simply a way to organize users. To control access for group members, you'll need to create rules in the Rules Engine that target these groups.

Managing Group Membership

Groups streamline user management by allowing you to organize users for use with the Rules Engine. To manage group membership:

Locate the group in the main interface
Click the edit button () in the Actions column
Add or remove users as needed
Save your changes

When users are added to a group, they become subject to any rules defined in the Rules Engine that target that group. Currently, Groups only affect the Rules Engine functionality - the actual permissions and access controls are determined by the rules you create.

Groups and the Rules Engine

Groups play a central role in AI Controller's access control model, working closely with the Rules Engine to determine what AI capabilities each user can access. When you create rules in the Rules Engine, you can target them at specific groups rather than individual users. This approach offers several advantages:

Scalability: Apply rules to hundreds of users by targeting their group
Consistency: Ensure all team members have appropriate access
Flexibility: Easily adjust permissions by moving users between groups

For example, you might create a rule that allows the "Engineering Team" group to access specialized code-generation models, while restricting the "Marketing Team" to content-oriented models. This integration between groups and rules creates a powerful yet manageable access control system.

To learn more about creating rules for groups, see the Rules Engine documentation.

Suggested Practices for Group Management

Naming Conventions

Establish consistent naming patterns that make groups easy to identify and manage:

Use descriptive names that indicate the group's purpose or department
Include project identifiers for temporary or project-specific groups
Consider prefixes for different group types (e.g., "DEPT-Engineering", "PROJ-Alpha")

Organizational Structure

Design your group hierarchy to mirror your organization's structure:

Create department-level groups for broad access controls
Add team-level groups for more specific permissions
Use project groups for temporary access needs

Regular Audits

Periodically review your group structure to ensure it remains aligned with your organization:

Check for orphaned groups no longer in use
Verify group membership reflects current team structures
Remove users who have changed roles or left the organization
Consolidate groups with similar permissions

Group Permissions and Access Control

Groups are designed to work with AI Controller's Rules Engine for permission management. Currently, groups themselves don't grant any permissions - they serve as targets for rules. When combined with the Rules Engine, groups enable sophisticated access patterns:

Model Access: Create rules that control which AI models each group can use
Provider Restrictions: Define rules that limit certain groups to specific AI providers
Cost Management: Use rules to restrict expensive models to authorized groups only

These rules apply universally across all AI Controller interfaces, including API access, ensuring consistent policy enforcement regardless of how users interact with the system. Remember that without corresponding rules in the Rules Engine, groups have no effect on user permissions.

Monitoring Group Usage

While AI Controller tracks usage at the user level, group-based analytics and filtering are planned for a future release. Currently, you can:

Navigate to the Logs section to view activity by individual users
Manually correlate user activities with their group memberships
Generate reports based on individual user usage

Future enhancements will include:

Direct filtering of logs by group
Aggregate usage statistics by group
Department-level resource consumption reports

This visibility will help you make informed decisions about access policies and resource allocation.

Integration with Other AI Controller Features

Groups integrate seamlessly with other AI Controller components. When users create API keys, their group memberships determine what those keys can access. This ensures that applications using API keys are subject to the same access controls as interactive users.

Common Group Scenarios

Departmental Organization

Create groups that reflect your organizational departments:

Engineering: Access to technical models and code generation
Marketing: Access to content creation and analysis models
Finance: Access to data analysis models with appropriate safeguards
Operations: Access to general-purpose models for daily tasks

Project-Based Groups

Set up temporary groups for specific projects:

Control access to project-specific AI resources
Enable collaboration between team members
Automatically expire access when projects complete

Role-Based Groups

Organize users by their functional roles:

Developers: Full access to coding assistance models
Analysts: Access to data processing and visualization models
Managers: Access to summarization and reporting models

Troubleshooting Group Issues

Issue	Possible Causes	Solutions
User can't access expected models	Not in appropriate group	Add user to correct group
Group permissions not applying	Rules not configured	Create rules targeting the group
Members list not updating	Interface caching	Refresh the page
Cannot delete group	Group has active members	Remove all members first

Rules Engine - Learn how to create rules for groups
Access Control - Understand AI Controller's permission model
API Key Management - See how groups affect API key permissions
Logging and Monitoring - Track group activity

Updated: 2025-05-27