import{_ as t,o,c as a,ag as r}from"./chunks/framework.CvgP6Fyv.js";const g=JSON.parse('{"title":"Bot Access Control","description":"","frontmatter":{},"headers":[],"relativePath":"getting-started/access.md","filePath":"getting-started/access.md","lastUpdated":1774787421000}'),s={name:"getting-started/access.md"};function n(l,e,i,c,d,h){return o(),a("div",null,[...e[0]||(e[0]=[r('<h1 id="bot-access-control" tabindex="-1">Bot Access Control <a class="header-anchor" href="#bot-access-control" aria-label="Permalink to &quot;Bot Access Control&quot;">​</a></h1><p>Memoh uses an ACL (Access Control List) system to control who can interact with your bot. You can define prioritized rules to allow or deny specific users, channel identities, or entire channel types — all from the bot&#39;s <strong>Access</strong> tab.</p><hr><h2 id="concepts" tabindex="-1">Concepts <a class="header-anchor" href="#concepts" aria-label="Permalink to &quot;Concepts&quot;">​</a></h2><h3 id="default-effect" tabindex="-1">Default Effect <a class="header-anchor" href="#default-effect" aria-label="Permalink to &quot;Default Effect&quot;">​</a></h3><p>Each bot has a <strong>default effect</strong> (<code>allow</code> or <code>deny</code>) that applies when no ACL rule matches an incoming message. Configure this in the bot&#39;s <strong>General</strong> tab under <strong>ACL Default Effect</strong>.</p><ul><li><strong>Allow</strong>: Anyone can chat with the bot unless explicitly denied by a rule.</li><li><strong>Deny</strong>: Only the bot owner, admins, and explicitly allowed subjects can chat.</li></ul><h3 id="subject-types" tabindex="-1">Subject Types <a class="header-anchor" href="#subject-types" aria-label="Permalink to &quot;Subject Types&quot;">​</a></h3><p>ACL rules can target three kinds of subjects:</p><table tabindex="0"><thead><tr><th>Subject</th><th>Description</th></tr></thead><tbody><tr><td><strong>All</strong></td><td>Matches every incoming message regardless of sender. Use this for global allow/deny rules.</td></tr><tr><td><strong>Channel Identity</strong></td><td>A specific identity on an external channel (e.g., a Telegram user, a Discord member). Useful for controlling access at the individual level.</td></tr><tr><td><strong>Channel Type</strong></td><td>An entire channel platform (e.g., all Telegram users, all Discord users). Useful for platform-level access control.</td></tr></tbody></table><h3 id="rule-effects" tabindex="-1">Rule Effects <a class="header-anchor" href="#rule-effects" aria-label="Permalink to &quot;Rule Effects&quot;">​</a></h3><p>Each rule has an <strong>effect</strong>:</p><ul><li><strong>Allow</strong> — Grants the subject permission to chat with the bot.</li><li><strong>Deny</strong> — Blocks the subject from chatting with the bot.</li></ul><h3 id="priority-based-evaluation" tabindex="-1">Priority-Based Evaluation <a class="header-anchor" href="#priority-based-evaluation" aria-label="Permalink to &quot;Priority-Based Evaluation&quot;">​</a></h3><p>Rules are evaluated in <strong>priority order</strong> (top to bottom). The first matching rule determines the outcome:</p><ol><li>Bot owner or system admin → <strong>Always allowed</strong> (bypasses ACL).</li><li>Rules are checked from highest priority (top) to lowest (bottom).</li><li>The first rule whose subject matches the sender is applied.</li><li>If no rule matches → the <strong>default effect</strong> is applied.</li></ol><p>This means rule ordering matters. A deny rule placed above an allow rule will take precedence for matching subjects.</p><hr><h2 id="managing-access" tabindex="-1">Managing Access <a class="header-anchor" href="#managing-access" aria-label="Permalink to &quot;Managing Access&quot;">​</a></h2><p>Open a bot&#39;s <strong>Access</strong> tab to configure its access control.</p><h3 id="adding-rules" tabindex="-1">Adding Rules <a class="header-anchor" href="#adding-rules" aria-label="Permalink to &quot;Adding Rules&quot;">​</a></h3><ol><li>Click <strong>Add Rule</strong>.</li><li>Select a subject type: <ul><li><strong>All</strong>: Applies to everyone.</li><li><strong>Channel Identity</strong>: Search and select a specific channel identity the bot has seen before.</li><li><strong>Channel Type</strong>: Select an entire channel platform.</li></ul></li><li>Choose the <strong>effect</strong>: <code>allow</code> or <code>deny</code>.</li><li>Optionally set <strong>source scope</strong> to restrict the rule to a specific context: <ul><li><strong>Channel</strong>: Only applies when the message comes from a specific channel config.</li><li><strong>Conversation Type</strong>: <code>private</code>, <code>group</code>, or <code>thread</code>.</li><li><strong>Conversation ID</strong>: A specific chat/group ID.</li><li><strong>Thread ID</strong>: A specific thread within a conversation (requires Conversation ID).</li></ul></li><li>Click <strong>Save</strong>.</li></ol><h3 id="reordering-rules" tabindex="-1">Reordering Rules <a class="header-anchor" href="#reordering-rules" aria-label="Permalink to &quot;Reordering Rules&quot;">​</a></h3><p>Rules can be <strong>drag-and-dropped</strong> to change their priority. Higher rules (closer to the top) are evaluated first. After reordering, click <strong>Save</strong> to persist the new order.</p><h3 id="source-scope" tabindex="-1">Source Scope <a class="header-anchor" href="#source-scope" aria-label="Permalink to &quot;Source Scope&quot;">​</a></h3><p>Source scope lets you create fine-grained rules. For example:</p><ul><li>Allow a user to chat only via Telegram, but not Discord.</li><li>Block an entire channel type only in group conversations.</li><li>Restrict access to a specific thread in a specific group.</li></ul><p>Scope fields form a hierarchy: <strong>Channel → Conversation Type → Conversation ID → Thread ID</strong>. Each level is optional, but a Thread ID requires a Conversation ID.</p><hr><h2 id="examples" tabindex="-1">Examples <a class="header-anchor" href="#examples" aria-label="Permalink to &quot;Examples&quot;">​</a></h2><h3 id="open-bot-anyone-can-chat" tabindex="-1">Open Bot (Anyone Can Chat) <a class="header-anchor" href="#open-bot-anyone-can-chat" aria-label="Permalink to &quot;Open Bot (Anyone Can Chat)&quot;">​</a></h3><ol><li>Set <strong>ACL Default Effect</strong> to <code>allow</code> in the <strong>General</strong> tab.</li><li>No rules needed — everyone is allowed by default.</li></ol><h3 id="private-bot-with-selected-users" tabindex="-1">Private Bot with Selected Users <a class="header-anchor" href="#private-bot-with-selected-users" aria-label="Permalink to &quot;Private Bot with Selected Users&quot;">​</a></h3><ol><li>Set <strong>ACL Default Effect</strong> to <code>deny</code>.</li><li>Add <strong>allow</strong> rules for each authorized channel identity.</li><li>Only listed subjects (plus the bot owner and admins) can trigger the bot.</li></ol><h3 id="open-bot-with-blocked-users" tabindex="-1">Open Bot with Blocked Users <a class="header-anchor" href="#open-bot-with-blocked-users" aria-label="Permalink to &quot;Open Bot with Blocked Users&quot;">​</a></h3><ol><li>Set <strong>ACL Default Effect</strong> to <code>allow</code>.</li><li>Add <strong>deny</strong> rules for problematic channel identities at the top of the list.</li><li>Everyone except denied subjects can chat with the bot.</li></ol><h3 id="platform-specific-access" tabindex="-1">Platform-Specific Access <a class="header-anchor" href="#platform-specific-access" aria-label="Permalink to &quot;Platform-Specific Access&quot;">​</a></h3><ol><li>Set <strong>ACL Default Effect</strong> to <code>deny</code>.</li><li>Add an <strong>allow</strong> rule with subject type <strong>Channel Type</strong> set to <code>telegram</code>.</li><li>Only Telegram users can chat with the bot — messages from other channels are denied.</li></ol><h3 id="channel-scoped-access" tabindex="-1">Channel-Scoped Access <a class="header-anchor" href="#channel-scoped-access" aria-label="Permalink to &quot;Channel-Scoped Access&quot;">​</a></h3><ol><li>Add an <strong>allow</strong> rule for a specific channel identity.</li><li>Set the <strong>Source Scope</strong> channel to your Telegram channel config.</li><li>The user can only chat with the bot via that specific Telegram channel.</li></ol>',40)])])}const p=t(s,[["render",n]]);export{g as __pageData,p as default};