Users require authorisation to log in to the Genow platform. Additional permissions are required to view use cases. Our role-based permission concept is designed so that complex permission structures can be implemented at the use case level.Generally, Permission roles, which hold a specific set of permissions for a knowledge source, are assigned to a permission group from your company’s IAM system.
To manage the platform and access every use case in both the admin panel and the use case hub, you will need the ‘Global Admin’ permission. Please take a look at the permissions scheme below. Please also make sure to assign this role to Genow.
We distinguish between standard roles for use case administrators and users, who should be able to see (and manage in case you are an admin) all knowledge sources assigned to the use case, and custom roles, which grant access to a specific set of knowledge sources.
We differentiate between use cases, knowledge assets and knowledge sources. This distinction is relevant for further configuration. Please read the following article beforehand: Differences between Use Cases, Knowledge Assets and Knowledge Sources. For Platform Owners, we suggest using the permission superadmin to receive all admin panel related permissions over all use cases.
Create Permissions
Permissions Scheme
Creating user permissions is done in three steps:
1
Identify groups and create roles
Identify relevant admin and user groups for your use cases. Roles are granted on group level.
2
Extract needed information
Extract the needed role permissions from the admin panel.
3
Create permissions
Create your permissions in either Entra ID or the Genow admin panel depending on your IAM provider.
Generally, we distinguish between the following permission groups:
Platform Admin: manages the platform and user permissions (standard role global.Admin).
Use Case Admin: manages the use case and all assigned sources (standard role useCase.[UseCaseID].Admin).
Basic user: read permissions for general use case knowledge and access to all knowledge sources assigned to the use caser (standard role useCase.[UseCaseID].User)
Regional or knowledge-specific user (Optional): access to specific knowledge and therefore to a specific knowledge source (custom role).
In the first step, please create relevant groups in your IAM system. Supported systems are Google and EntraID. Every user in a group will receive the same permission. Users can be part of multiple groups.
On a platform level, we would recommend having a small group of people (global (platform) admins) that manage the platform, all use cases as well as permissions. This group will receive the global.Admin role and can therefore read and manage all use cases and every setting on the platform.On a use case level, the following permission groups are needed most of the time:
Use Case Admin: manages the use case.
Use Case User: read permissions for general use case knowledge.
Regional or knowledge-specific user (Optional): access to specific knowledge and therefore to a specific knowledge source.
The use case admin should be able to tell you about which groups are needed. These groups can than be created within the existing permission system. Later in the process (step 3), these groups will be granted the actual permissions.
Show Group example
For an example use case, there is general information as well as specific information intended for a dedicated sub-user group.
This results in two sources: general knowledge & specific knowledge and two authorization groups: Access to general knowledge & Access to specific knowledge.
Two assets can be created that are displayed depending on the authorization or one asset that looks the same for each user but contains different data depending on the user.
You can find the standard roles for use cases in the admin panel of the Genow platform.
Go to the admin panel via the button in the top right-hand corner of the main view, then navigate to Use Cases. If you are an admin, you can also access this page directly by adding /admin/use-cases to your Genow URL.
On this page, you will find all standard role permissions for every use case.
They have the following format: useCase.[UseCaseID].Admin and useCase.[UseCaseID].User.
Note that custom roles which grant specific access to a restricted amount of knowledge source have to be created by Genow.
You can create app roles via the Microsoft Entra Admin Center. To do this, follow the instructions from Microsoft. In the user interface of entra you can navigate to the App Roles via the menu on the left-hand side (App registrations -> Enter application name -> App roles). There you can create app roles and assign authorizations.
When you create an app role, a value is required. This value represents a specific role permission. For example: useCase.testUseCase.User
You need a new app role for every possible role permission.
You can add a description to ensure better clarity in the management of rights.
Once you have created the app roles, you need to assign them to groups.
You can assign these to the groups in order to authorize them to knowledge sources and thus also knowledge assets and use cases.
EntraID navigation: You can access this configuration by navigating to Enterprise apps -> Enter the app name -> and then select Users and Groups via the left menu bar (Screenshot below).
Then klick the plus-button “add user/group”. Each app role (/user permission) needs to be added individually.
If you are using Google as your IAM provider, you can assign roles to groups using their email via the Genow admin panel. This can be done in just two steps:
1
Create Google Groups and Add Users
Create the necessary groups via your Google GCP and add the users to the group.
2
Assign Role Permissions to Groups via the Admin Panel
Via the User Configuration screen in the admin panel, which you can find via the left hand menu bar, you can then assign role permissions to the group using the groups email.
We updated our permission concept mid November 2025. We are backward-compatable. On the buttom of this page, you will find our old permission concept.
Basic idea:Roles are assigned to users, with each role receiving several subordinate permissions. This assignment takes place in the background and can be configured at the use case level, for example. A user can have multiple roles.This means, that for each permission group, you will only need one role, which groups the necessary permissions. This allows for an easy creation and management of permission.We distinguish between standard roles, which occur frequently and should therefore be particularly easy to assign, and custom roles, which holds a specific set of permissions needed for a specific user group (i.e. a regional user group with dedicated access to a specific set of knowlegde sources on use case level.)
The roles will be utilized as app roles in EntraID! Previously, we used the actual permissions. For Google, create your groups in your GCP and assign the roles in the Genow platform admin panel.
Platform Organizer / Owner: - Has unrestricted access to the entire system - Responsible for configuring the organization - Works in central corporate management, IT (e.g., IT project manager)
Typical tasks: -Create use cases -Manage use cases - Configure global platform settings - Evaluate feedback on all use cases
global.Admin
Global User
Management Users: - Can read content system-wide, but cannot make changes - Accesses knowledge, dashboards, or settings across the board - Uses the platform as a source of information - Active in executive management/management, HR, strategy, communication (e.g., IT manager)
Team Lead / Domain Expert - Responsible for a specific use case or area - able to fully manage this use case or area - Can control content, teams, and permissions within this use case - Active in specialist areas (e.g., sales), project or innovation management
Typical tasks: - Fill use case with knowledge - Responsible for quality, data, and knowledge within the use case - Make use case-specific settings
useCase.[useCaseID].Admin
Use Case User
Specialist users / use case users - Has access to every knowledge of a use case and can submit queries based on this knowledge - Can use features that are enabled for the use case. - Works as a skilled worker, etc.
Typical tasks: - Retrieve knowledge and submit queries based on all sources of the use case. - Use use case-related documents or data.
useCase.[useCaseID].User
Feature User
Function user / feature user - Uses specific features (e.g., chat, translator) for which they are authorized
Typical tasks: - Working with a specific feature, e.g., chat
Custom roles hold a specific, non-standard set of permissions.
They will be automatically created in the admin panel on use case level
They can also be customized, i.e., created through the database, enabling individual creations.
Show old permission scheme
The following rights are available and can be assigned as required:
Name
Explanation
Permission
Superadmin
Grants user access to the management of use cases in the admin panel. Also requires admin permission.
superadmin
Admin
Grants basic user access to the admin panel.
admin
Admin for Dashboards
Grants access to the integrated analytics and feedback dashboards as well as the synchronisation settings in the admin panel. The useCaseID can be extracted from your Google Cloud Console or from the use case configuration in the admin-panel. If you want to see specific feedback and analytics you need at least one knowledge sources permission for the desired use case.
useCases.useCaseID.Admin
Admin for Sharepoint Synchronisations
Some Admins should be able to manage the synchronisation of their Sharepoint data. Syncing data may generate costs, so choose the administrators carefully.
Some Admins should be able to manage the synchronisation of their Jira data. Syncing data may generate costs, so choose the administrators carefully.
knowledgeSources.yourKnowledgeSourceID.jiraAdmin
Create Confluence Syncs
Link Genow to a certain Confluence platform.
confluence.Admin
Knowledge Source
Access to knowledge sources. The needed knowledge source id can be extracted from the admin panel.
knowledgeSources.yourKnowledgeSourceID.Read
Translator Feature
Allows access to the translator feature. Will not be shown in the menu sidebar if user does not have access.
features.translate
Light Web Search
Access to the light web search: Use of snippets and headlines only. Ideal for simple questions.
knowledgeSources.light-web-search.Read
Full Web Search
Access to the full web search: Downloading and scraping of all search results. Ideal for questions that can only be answered correctly and comprehensively with more context
knowledgeSources.full-web-search.Read
Export the groups emails of your Google Groups and assign the needed roles via the User Configuration in the admin panel.
