I have been exploring "CX as code", and was experimenting with a setup where I restrict it to only be able to view certain divisions.
I gave the Terraform OAuth client a role, which was restricted to one division only
But at least for the users, this did not work - I could still see users from other divisions!
I explored this further with a self-written program which just called the https://developer.genesys.cloud/useragentman/users/#get-api-v2-users API. The program in question used clientID/clientSecret authentification (just like Terraform does), and the OAuth client in question had a role with permissions "directory > user > all" for one division only.
The GET call, however, returned still all users.
According to the documentation for the permission, the "directory > user > view" permission (implied by the "all" permission) is division-aware, so why does it have no effect here?
I re-ran the test with a second role, which had all "directory > user" permissions separately added (so no "all" permission, but just "view", "edit", etc.) - also assigned only to one division
The result was the same.
So it seems it is impossible to segregate a terraform configuration per divisions, at least for the users - is this correct? It would be really bad for one client, which has in the whole call center more than 10000 users, which would present it's own problems in that case.
Is there no permission check at work here?
Thanks in advance,
Wolfgang Liebich
#PlatformAPI------------------------------
Wolfgang Liebich
------------------------------