Roles Based Access Control (RBAC) Day 1 Guide
With Roles Based Access Control (RBAC), you can now create and edit roles within the Agent Connect platform to support varied workflows and functions that may not have fit into the default Agent Connect Roles in the past.
While we have retained the default roles you are used to (Team Member, Team Leader, and Admin), and the permissions for these roles and their data scope are very closely aligned to the original roles we highly recommend reviewing and adjusting the default roles to best fit your organization’s needs.
Please note that all users within the platform will be retained in the same default role which they were set to prior to the activation of RBAC. For example, all Team Leaders within your organization will now be listed in the Team Leader [Default] role.
We will walk you through some of the key updates and settings to review with the introduction of RBAC so you can adjust the roles as needed to work best for your teams. For a detailed guide to data scope and permissions please refer to our Data Scope Definition & Permissions Glossary Guide. Additional guidance on creating and managing Roles can also be found here.
Reviewing & Editing Default Roles
Our new Manage Team page makes it easier than ever to understand which users within your organization are within each role, and to review and customize the permissions associated with each role. The role of each user will be listed in the row representing their account but you can also leverage the ‘Role’ filter to view active users within a specific role.
To review the permissions and data scope granted to each of the roles select the ‘Roles’ tab.
On the ‘Roles’ tab you will see the three default roles (Team Member, Team Leader, and Admin) with the total number of users assigned to each role and the number of active permissions within each role. You can review the settings for each role by clicking on the name of the role or selecting the trip dot settings icon and choosing ‘Edit Role’. A slide out will then appear with the settings for each role.
Data Scope
Each role has been granted a Default Data Scope which is the highest level scope a role has access to. The Product Area Data Scope has also been defined for each role which limits the scope for particular product areas of the application. Each of the default roles have had their data scope set to the option which most closely aligns with the data visibility of the role prior to the activation of RBAC.
Users in the Team Member [Default] Role continue to only have access to data about themselves with the data scope set to ‘Self’.
Users in the Team Leader [Default] and Admin Roles continue to have access to information across the company with the scope set to ‘Company’.
If you wish to adjust the Data Scope settings for each role there are 5 data scope options for you to select from which can expand or limit the data users can see & interact with in the application. If you reduce the Default Data Scope it will override Product Area Scope selections so you should treat Default Data Scope as the Maximum Data Scope a user in each role can see and interact with, unless stated otherwise for specific scope selections that will allow an increase in data visibility where applicable. See here to review the definition for each Data Scope option.
Please note that we recommend leaving Default Data Scope set to Company for most roles, and simply updating Data Scope at the Product Area-level, which will enable the customization of varied Data Scopes at the Product Area-level. If Default Data Scope is reduced to “Own Team”, for example, then selecting “Own Group” as the Data Scope for a specific Product Area it will be overridden by the Default Data Scope and users in the role you’re creating will not be able to see the data you intended, as an example.
Product Area Permissions
Available permissions across the application are grouped into their specific Product Areas. There are 5 different Product Areas that each have their own set of available permissions to configure. A full glossary of our permissions can be found here but below we have outlined important new permissions which we recommend to audit and adjust within each role as needed to serve your needs.
Feedback: The Feedback Product Area contains permissions focused on areas of the product related to surveys/customer feedback.
Send Surveys - When Agent Connect receives requests associated with this user, surveys should be sent to customers. When not selected, survey requests Agent Connect receives for the employee will be ignored and surveys will not be sent to customers – this can help to ensure surveys are not mistakenly sent for Supervisors or Admins, for example, but please note that this should be utilized with caution, as if it is accidentally disabled/left off for a user in any role, the survey requests created while it was off that were ignored cannot be retrieved.
Archive Feedback on Stream - Roles with this permission can archive feedback on the Stream utilizing the Remove Feedback button underneath each Survey Response card. This is historically an Admin-only feature.
View Customer Information on Stream - Roles with this permission enabled can see Customer PII on Stream, this includes Customer Name, Customer Email, and Link to Original Ticket. This was previously configured under Team Settings but is now manageable by role.
QA: The QA Product Area contains permissions focused on areas of the product related to QA, including but not limited to; the QA Dashboard, QA Reviews, Calibrations, QA Assignments, and Audits.
QA Review - Roles with this permission can start reviews from the Stream, access + New Review under the QA nav menu, access & initiate Reviews from the Interactions page, can initiate QA Reviews from the Stream (if they have access to it), and can be assigned as a reviewer in a QA Assignment. Users who can QA Review can also be selected as Participants in a Calibration session.
The following permissions will only be exposed if the Appeals workflow is enabled for your instance from the QA Settings page:Submit Appeals - Roles with this permission can submit an Appeal for a QA Review if they have been granted appropriate scope to Appeal. This permission has scope and the scope selected will override the QA Product Area Scope for this role, if necessary
Resolve Appeals - Roles with this permission can resolve Appeals for any QA Review with an Open Appeal if they have been granted appropriate scope to Resolve Appeals. This permission has scope and the scope selected will override the QA Product Area Scope for this role, if necessary.
Coaching & Performance Management: The Coaching & Performance Management Product Area contains permissions focused on areas of the product related to Agent, Team, and Company Performance Management workflows.
Participate in 1:1s - Roles with Participate in 1:1s are able to participate in 1:1s sessions created where they have been selected as the Coachee.
View Performance - Roles with this permission can see Performance in navigation and access the Performance Dashboard.
Company Settings & Admin Tools: The Company Settings & Admin Tools Product Area contains permissions focused on configuring users, groups, roles, and various company settings found on the Settings page.
Manage Users - Roles with this permission have access to the Manage Team page and have access to create/edit/deactivate other users under the Actions column. Please note that you must have at least one user with access to Manage Users at all times.
Manage Roles & Permissions - Roles with this permission can access the Roles UI via the Manage Team page, which gives them access to create a new role via the UI and update permissions belonging to existing roles. Please note that you must have at least one user with access to Manage Roles & Permissions at all times.
Social: The Social Product Area contains permissions focused on features that require sharing data in order to function properly, including Leaderboards and QA Messaging.
Note the Social Product Area permissions function independently of the default Data Scope set for the company, as the features within this Product Area require a broader scope to work as intended.
The Social Product Area Data Scope cannot be set to Self.
All updates to Role scope or permissions will be applied immediately after selecting ‘Save Role’ at the bottom of the page. To update a user’s role you choose to edit their profile individually from the Manage Team page or use the Bulk Update to easily update large sets of users.
With your default roles in place you can now choose if you wish to create additional custom roles. For additional information on creating and managing roles please refer to our full Managing & Creating Roles Guide.