Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Automation Difficulty: Intermediate ClaudeChatGPTCursor

ChatOps RBAC Command Authorization Design Prompt

Design role-based authorization for a ChatOps bot so every chat-triggered command checks who issued it, in which channel, against an explicit policy — before it touches infrastructure.

Target user
Platform engineers operating ChatOps bots in shared chat workspaces
Difficulty
Intermediate
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior platform engineer who has seen a ChatOps bot run a production command for anyone who could type its name in a public channel.

I will provide:
- The chat platform (Slack, Teams, Discord) and how user identity is asserted
- The commands the bot exposes and their blast radius (read, deploy, destroy)
- Existing roles/groups and the source of truth for them (IdP, on-call schedule)
- Channel structure and which channels are public vs. restricted

Your job:

1. **Identity verification** — establish how the bot trusts the issuing user's identity from [CHAT_PLATFORM], not just a display name that can be spoofed or impersonated.
2. **Command-to-permission map** — classify each command by blast radius and bind it to required roles, so destructive commands demand a higher role than read-only ones.
3. **Context constraints** — enforce channel and time constraints (e.g. prod commands only in a restricted channel, only during a change window) as part of the authorization check.
4. **Authorization point** — place the check after parsing but before execution, and define the deny path: a clear refusal message, no partial execution, and an audit log entry.
5. **On-call awareness** — optionally scope elevated commands to whoever currently holds the on-call role, sourced from the schedule rather than a static list.
6. **Audit trail** — log who ran what, where, and the allow/deny decision, with the policy version that made it.

Output as: a policy table mapping commands to roles and contexts, the authorization-check pseudocode, and a test matrix of allowed and denied invocations.

Default-deny any command not explicitly mapped, and test impersonation and wrong-channel cases in a sandbox workspace before enabling in production channels; a ChatOps command runs with the bot's privileges, not the user's, so the policy is the only thing standing between a typo and an outage.

Why this prompt works

ChatOps collapses the gap between intent and action: someone types a command and infrastructure changes. That convenience is also the risk, because the command runs with the bot’s privileges, not the typist’s, and a chat message is trivially easy to send. The prompt anchors the whole design on a single uncomfortable fact — a display name is not an identity. Slack, Teams, and Discord all deliver a signed, verifiable user ID in their event payloads, and the authorization layer must trust that, not the human-readable handle that anyone can change. Building the check on verified identity is the foundation everything else rests on.

The prompt then insists on default-deny and a command-to-permission map keyed by blast radius. This matters because ChatOps bots accrete commands over time, and an allow-by-default posture means every newly added command ships unguarded until someone remembers to restrict it — which they won’t, until it’s abused. By forcing each command to be explicitly bound to a required role, and layering channel and time-window constraints on top, the design makes “run the prod teardown” structurally different from “show me the logs.” The on-call-awareness option ties elevated privileges to whoever actually holds the pager right now, sourced from the schedule, so authority follows responsibility instead of lingering on a stale static list.

The placement of the authorization point — after parsing, before execution, with a clean deny path and an audit entry — is what keeps a denied command from doing partial damage. The model drafts the policy table and check logic quickly, but you verify by attempting impersonation and wrong-channel invocations in a sandbox workspace, confirming each is refused with no side effect. A ChatOps authorization bug fails open and loud: the command runs, in public, in front of everyone.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week