Contact Expert v7.4 for Skype for Business Server
Administration of Roles and Permissions
Introduction
This chapter describes the role management as well as the list of permissions available for assignment to the individual resources in CE portal.
A high level overview of the organizational structure and the role based access control features Contact Expert provide is described in the Organizational Hierarchy And Access Control section.
Role Management
Role management is the creation, modification or occasional deletion of individual roles by privileged portal users. This allows an administrator or supervisor to decide what information can be accessed to what extent by who.
Navigate to Organization & Access → Portal Users → User Roles form showing the available roles, the list of resource types and their permission options. Sufficient rights provide the ability to perform the following operations:
Management action | Description |
---|---|
New Role | Opens up the permission assignment form to allow the creation of new roles. |
Edit | Opens up the permission assignment form of the selected role showing the existing permission assignments. |
Clone | Choose this option if you want to set up a user role identical to an existing entry. |
Delete | Choose this option to remove irrelevant or unused user roles. |
You can edit the name and description of roles on the General Properties page. The list of permissions and resource types are found on the Permissions tab. You can set the permissions to a resource type by check-marking the desired privileges for the eligible roles. If a permission is granted, it is indicated with a green check-mark. If the access is denied, it is indicated with a red X. If a permission cannot be edited, the control is disabled (the check-mark or X is grey and can not be clicked).
There are two requirements of managing a specific role:
- The user managing the roles must have view/create/edit/delete permission for the Roles resource type.
- The user managing the roles must have a role with a permission set wider than the target role's permission set. In other words, a role with a wider permission set cannot be edited by a user having a role with a fewer set of permissions.
Built-in Roles
Some roles installed with the product cannot be deleted or modified. These are typically the Super Administrator
, Administrator
and the Supervisor
roles. However, new ones can always be created to fit custom needs.
Administrator Role
The Administrator role includes the ability to reach functions and resources based on Tenant level, but it has a certain amount of limitation. It is referred to as Tenant administrator. This role is specifically created for a high-level management position with the main perspective of managing and maintaining system parameters and contact center data related to its tenant.
Resources Excluded from the Administrator Role
The following features are excluded from the list of resources the Administrator role has access to (typically the ones related to infrastructural settings):
- ACD Plugins
- Deployments
- Domains
- Email Connections
- Gateways
- Global Parameters Create and Delete permissions
- Hunt Groups
- IVRs
- Licenses
- Recording Channels
- Service Endpoints
- Storages
- Tenants
Super Administrator Role
The Super Administrator has all available permissions assigned by default. It is referred to as Deployment administrator.
The portal menu structure and its functions are fully accessible if this role is assigned to a portal user.
Supervisor Role
The Supervisor is a tenant-level role with a limited set of permissions. This role is specifically created for a lower-level management position with the main perspective on having authority over the contact center agents.
Resources Available for the Supervisor Role
The following features are included in the permission set of the Supervisor role:
- Agents
- Contacts View permission
- Contact History
- Recordings
- Reports
- Resource Updates
- Thresholds
- User Notes
Assigning Roles to Users
Role assignment is the act of enabling one or more roles for a user. As a matter of fact, the designated user will own all the permissions that are defined within the role or roles. For example, if John Demo gets the Supervisor role, he will own all the privileges that are determined in the Supervisor role.
Roles can be assigned to users on the Organization & Access → Portal Users → User Accounts → Edit → User Roles tab.
Note
When assigning roles to users, mind the permission set of the user performing the role assignment. It must be 'wider' than the role to be managed or assigned.