Genesys Cloud - Main

I am looking for what would be the best way to be alerted if a user has a specific role (such as admin) assigned to them so steps can be taken to remove and address why they were given the role. Currently, our WFM teams can assign roles to users and themselves and we have found a couple of users who took it upon themselves to grant their account roles they should not have. This got me thinking, I need some sort of alert for when an admin related role is assigned to a user.

An email alert would be great but I think an alert in the Gen Cloud notifications inbox could work as well.

Anybody have any tips or best practices for getting alerts for a security risk such as anyone getting admin access?

#PlatformAdministration
#Security
#SystemAdministration

------------------------------
Brad Carroll
Auto Club Insurance Association Co.
------------------------------

Hmm not sure if there is an event you can subscribe to specifically for this.

To begin with, ensure the people who are not admins who can assign roles to others, ie have:

And not the Authorization > Role add/edit permissions. Ensure they don't have admin roles. I'm failing to locate the documentation on this, but feel like you can't assign roles above your own, ie if you don't have admin access you can't grant that to someone else. 

You do have the audit viewer (also available through API, which you could call daily, hourly, etc) where you can keep an eye on changes to people permissions, and filter specifically by add members and on the the role ID (entity ID in screenshot) to monitor adds to just your admin role for example

------------------------------
Anton Vroon
------------------------------