Hi Jean,
This is a guide that I wrote a while back; hope it helps! Note that in this guide, the word "subject" means "the person using Genesys Cloud." This is because the word "user" has several different meanings; it could also mean the data about a *different* person than the person using the app (for example, a supervisor managing agents; they are all "users" but in this case the supervisor is the subject)
Everything in Genesys Cloud is an object: every queue, every outbound campaign, every flow, even every user and every interaction; basically, anything you can see or manipulate in the UI. Genesys Cloud stores each of these objects separately, and controls every user's access to them.
Each object has a type. For example, queue is a type. And every type of object has a set of actions that you can take on them. Most types of object support common actions, such as add or edit. However, some object types have their own specific actions. For example, recordings have a record action.
Each of these actions has an associated permission, and to perform that action on an object, you (the subject) must be granted the permission to perform that action on that object.
However, it would be tedious to assign every single user all the individual permissions to all the individual objects needed to use Genesys Cloud. So:
- Sets of permissions needed to do a certain job are collected into a role
- Sets of objects that need to have restricted access from only certain sections of the business are collected into divisions
Subjects are then granted a role in a division, which gives them the role's permissions to perform actions on the division's objects.
There are a few twists:
- Not every object type "supports" divisions. In other words, you can only either grant or not grant that object type's permissions to a user. You cannot restrict which objects of that type a user has permission to operate on.
- For object types that do support divisions, an object will be in exactly one division.
- User objects support divisions, which means that the user profile data will "be in" a division. It's very important to understand that this does not control what that user can do as a subject, but rather it controls which other users can operate on that user profile data. The things that a user as a subject can do are controlled solely by that user's grants.
- You can also grant a role in a division to a Genesys Cloud group. Every user (as a subject) in the group will then automatically have that grant.
------------------------------
Anthony Alford
Genesys
------------------------------
Original Message:
Sent: 10-05-2021 19:47
From: Jean Lam
Subject: What is the relationship between Permissions, Roles and Divisions?
Hi, I'm new to Genesys Cloud and I'm reading the Help function in the Cloud admin page however I'm not fully understanding how Permissions, Roles and Divisions all interwork with each other. I come from an Avaya background and trying to understand the Genesys Cloud ecosystem.
#PlatformAdministration
#SystemAdministration
------------------------------
Jean Lam
Individual Only Contact Account
------------------------------