Genesys Cloud - Main

Hi Community ,

I have had an observation on my org - whenever any new Integration is activated (e.g. app foundry or copilot ) , the asssociated permissions are directly getting  attached to Admin and Master Admin roles . How can I stop this from happening?

SInce Admin roles are assigned to some developers in my org, all such people are getting these new integration permissions as well, hence billing increases towards consupmtion of these integrations .

For now , i have done two things : 1) defaulted back the Admin and Master Admin role to original , and 2) created separate roles for new Integrations and giving them to people on a need basis only . However, I am not sure whether this will prevent any future integrations to be associated to these roles !

Anybody else faced the same issue , if yes please guide .

Regards

Garima.

#API/Integrations
#ConversationalAI(Bots,AgentAssist,etc.)
#PlatformAdministration
#Roadmap/NewFeatures

------------------------------
Regards
Garima.
------------------------------

Hi Garima,  yes same thing happened to us.  Unfortunately,  I don't have answer to your question. Waiting for Genesys Account to respond as i find this a strange "feature".  Regards, Petr  

------------------------------
Petr Hybs
ALCASYS Czech Republic, s.r.o.
------------------------------

Hi Garima,

Can you check if you have Automatically backfill roles with new permissions enabled in your org? Disabling this should stop it form backfilling the permissions and allow you to Manually assign the permissions to the roles required.

------------------------------
Sam Jillard
Online Community Manager/Moderator
Genesys - Employees
------------------------------

Hello Samuel,

thank you for this tip. The permission is off in our org.  Does this also prevents, that the new roles and permissions get assigned to Admin and Master Admin roles only despite this option?  Can you clarify it? 

Thx in advance. 

Petr 

------------------------------
Petr Hybs
ALCASYS Czech Republic, s.r.o.
------------------------------

Original Message:
Sent: 08-08-2024 09:23
From: Samuel Jillard
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Hi Garima,

Can you check if you have Automatically backfill roles with new permissions enabled in your org? Disabling this should stop it form backfilling the permissions and allow you to Manually assign the permissions to the roles required.

------------------------------
Sam Jillard
Online Community Manager/Moderator
Genesys - Employees
------------------------------

Another area to be watchful of is where a permission is for a range of features.

For example if you have users with Assistants> All Permissions, when Copilot was released every user with that permission would automatically get Copilot permissions and therefore count at the higher token rate. Therefore it is always worth considering whether users should have the "All" permissions. Due to older permissions not having the granularity of new ones sometimes the only option is the "All" permission.

------------------------------
Richard Chandler
Connect
------------------------------

Original Message:
Sent: 08-08-2024 10:07
From: Petr Hybs
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Hello Samuel,

thank you for this tip. The permission is off in our org.  Does this also prevents, that the new roles and permissions get assigned to Admin and Master Admin roles only despite this option?  Can you clarify it? 

Thx in advance. 

Petr 

------------------------------
Petr Hybs
ALCASYS Czech Republic, s.r.o.
------------------------------


Original Message:
Sent: 08-08-2024 09:23
From: Samuel Jillard
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Hi Garima,

Can you check if you have Automatically backfill roles with new permissions enabled in your org? Disabling this should stop it form backfilling the permissions and allow you to Manually assign the permissions to the roles required.

------------------------------
Sam Jillard
Online Community Manager/Moderator
Genesys - Employees

To Richards point, GC will add permissions to the ALL because it says ALL current and future permissions. It does not matter if you have Role Backfill enabled if the All is enabled.  If Genesys releases a entirely new set of permissions versus just adding those permissions to existing larger set then thats where Role Backfill can happen. The CoPilot Assistant permission set being added to ALL Assistants instead of being created as it's own set of permissions is a great example of the issue here. We've gone through and removed the all permissions sets from groups that could drive token use or other line item billings.

------------------------------
Steve Alix
EDCi
------------------------------

Original Message:
Sent: 08-09-2024 02:52
From: Richard Chandler
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Another area to be watchful of is where a permission is for a range of features.

For example if you have users with Assistants> All Permissions, when Copilot was released every user with that permission would automatically get Copilot permissions and therefore count at the higher token rate. Therefore it is always worth considering whether users should have the "All" permissions. Due to older permissions not having the granularity of new ones sometimes the only option is the "All" permission.

------------------------------
Richard Chandler
Connect
------------------------------


Original Message:
Sent: 08-08-2024 10:07
From: Petr Hybs
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Hello Samuel,

thank you for this tip. The permission is off in our org.  Does this also prevents, that the new roles and permissions get assigned to Admin and Master Admin roles only despite this option?  Can you clarify it? 

Thx in advance. 

Petr 

------------------------------
Petr Hybs
ALCASYS Czech Republic, s.r.o.


Original Message:
Sent: 08-08-2024 09:23
From: Samuel Jillard
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Hi Garima,

Can you check if you have Automatically backfill roles with new permissions enabled in your org? Disabling this should stop it form backfilling the permissions and allow you to Manually assign the permissions to the roles required.

------------------------------
Sam Jillard
Online Community Manager/Moderator
Genesys - Employees

Hi Samuel ,

Thanks for your reply  ; this setting was indeed enabled in my org . I disabled it for now .

Although this setting was helpful for some other cases .

For now, I have individually accessed each role in the org and if license column , showed AI or appfoundry permissions like copilot or others , i have individually opened those roles and removed such permissions .

Thanks & Regards

Garima.

Regards

Garima .

------------------------------
Regards
Garima.
------------------------------

Original Message:
Sent: 08-08-2024 09:23
From: Samuel Jillard
Subject: How to stop new integrations associated permissions from being added to default roles such as Admin and Master Admin.

Hi Garima,

Can you check if you have Automatically backfill roles with new permissions enabled in your org? Disabling this should stop it form backfilling the permissions and allow you to Manually assign the permissions to the roles required.

------------------------------
Sam Jillard
Online Community Manager/Moderator
Genesys - Employees
------------------------------

Just a suggestion, but I would be wary of giving out Roles like Admin and Master Admin. Why not create a separate Role for developers and assign the permissions required to that? (This may well initially be a clone of Admin or Master Admin, however I would follow a principle of giving them the very minimum they need to perform their function).

The default Roles can be useful when you are initially getting going, but situations like the one you describe mean their usefulness can become limited.

HTH

------------------------------
Paul Simpson
Views expressed are my own and do not necessarily reflect those of my employer.
------------------------------