Genesys Cloud CX (formerly PureCloud)

Discussion Thread View
Expand all | Collapse all

What is the relationship between Permissions, Roles and Divisions?

  • 1.  What is the relationship between Permissions, Roles and Divisions?

    NEW MEMBER
    Posted 11 days ago
    Hi, I'm new to Genesys Cloud and I'm reading the Help function in the Cloud admin page however I'm not fully understanding how Permissions, Roles and Divisions all interwork with each other.  I come from an Avaya background and trying to understand the Genesys Cloud ecosystem.
    #PlatformAdministration
    #SystemAdministration

    ------------------------------
    Jean Lam
    Individual Only Contact Account
    ------------------------------


  • 2.  RE: What is the relationship between Permissions, Roles and Divisions?

    Top 25 Contributor
    Posted 10 days ago
    Hi Jean,
    - Genesys Cloud org contains collection of Divisions. By default just one single "Home" division.
    Users, Queues, other objects can be assigned to one specific division.
    - Each Role has collection of Permissions to do different things.
    Role can be assigned to user for specific divisions. Means like user can have role/permissions just for specified divisions.

    Here you can find more information
    https://help.mypurecloud.com/articles/divisions-overview/
    https://help.mypurecloud.com/articles/assign-roles-divisions-licenses-and-add-ons/
    https://help.mypurecloud.com/articles/about-roles-permissions/

    ------------------------------
    Taras Buha
    taras@noralogix.com
    www.noralogix.com
    ------------------------------



  • 3.  RE: What is the relationship between Permissions, Roles and Divisions?

    GENESYS
    Posted 9 days ago
    Hi Jean,

    This is a guide that I wrote a while back; hope it helps! Note that in this guide, the word "subject" means "the person using Genesys Cloud." This is because the word "user" has several different meanings; it could also mean the data about a *different* person than the person using the app (for example, a supervisor managing agents; they are all "users" but in this case the supervisor is the subject)

    Everything in Genesys Cloud is an object: every queue, every outbound campaign, every flow, even every user and every interaction; basically, anything you can see or manipulate in the UI. Genesys Cloud stores each of these objects separately, and controls every user's access to them.

    Each object has a type. For example, queue is a type. And every type of object has a set of actions that you can take on them. Most types of object support common actions, such as add or edit. However, some object types have their own specific actions. For example, recordings have a record action.

    Each of these actions has an associated permission, and to perform that action on an object, you (the subject) must be granted the permission to perform that action on that object.

    However, it would be tedious to assign every single user all the individual permissions to all the individual objects needed to use Genesys Cloud. So:

    • Sets of permissions needed to do a certain job are collected into a role
    • Sets of objects that need to have restricted access from only certain sections of the business are collected into divisions

    Subjects are then granted a role in a division, which gives them the role's permissions to perform actions on the division's objects.

    There are a few twists:

    • Not every object type "supports" divisions. In other words, you can only either grant or not grant that object type's permissions to a user. You cannot restrict which objects of that type a user has permission to operate on.
    • For object types that do support divisions, an object will be in exactly one division.
    • User objects support divisions, which means that the user profile data will "be in" a division. It's very important to understand that this does not control what that user can do as a subject, but rather it controls which other users can operate on that user profile data. The things that a user as a subject can do are controlled solely by that user's grants.
    • You can also grant a role in a division to a Genesys Cloud group. Every user (as a subject) in the group will then automatically have that grant.



    ------------------------------
    Anthony Alford
    Genesys
    ------------------------------



  • 4.  RE: What is the relationship between Permissions, Roles and Divisions?

    Posted 9 days ago
    So division aware objects (i.e. In Bound and in Queue flows, common modules, data tables) can be used across divisions even though created in one specific division? This means objects that have division awareness added (data tables was the most recent one) will not break existing functionality?

    ------------------------------
    RIchard Surroz
    GCI Communication Corp.
    ------------------------------



  • 5.  RE: What is the relationship between Permissions, Roles and Divisions?

    GENESYS
    Posted 9 days ago
    I'm not sure I understand the question entirely (although for sure we try not to release something that we think will break existing functionality). In particular, not sure what "can be used across divisions" means. In theory, you can configure your org so that any object can be accessed by any user, but also in theory you can configure your org so that no user can access any object :D It is very flexible.

    ------------------------------
    Anthony Alford
    Genesys
    ------------------------------