Genesys Cloud - Main

 View Only
Discussion Thread View
Expand all | Collapse all

Profile Edit - Preventing DID/Extension Edit

  • 1.  Profile Edit - Preventing DID/Extension Edit

    Posted 12-20-2018 03:30
    Dear Engineers,

    We would like to prevent the agent to edit his DID or Extension numbers.

    Based on the permissions, I came across "Employee" permission which is unfortunately it allows all the following together:
    "Allowed to read the entire org, edit their own profile, and edit their own location".


    Is there a way just to prevent editing profile, or more specifically prevent editing DID and Extensions?

    Best Regards,

    #PlatformAdministration

    ------------------------------
    Ali Aljohani
    Jathwa Technology Solutions
    ------------------------------


  • 2.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 12-29-2018 08:11
    Can't you just take away the "Directory > userProfile > Edit" permission from any of your users?

    Edit1

    ------------------------------
    Greg Beal
    ConvergeOne
    ------------------------------



  • 3.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 01-06-2019 08:42
    Edited by Ali Aljohani 01-07-2019 04:14
    Hello Greg,

    Thank you for the feedback.

    What about "Employee" role, which already is the basic for all?




    This role it already has Basic Permission, which seems it is required!

    Best Regards,

    ------------------------------
    Ali Aljohani
    Jathwa Technology Solutions
    ------------------------------



  • 4.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 03-28-2021 21:39
    Edited by Jeff Hoogkamer 03-28-2021 21:39

    Hi All,

    Just wondering if anyone figured out how to prevent users editing their own DID/Extension through their Profile? 

    We tried to remove the permission "Directory > userProfile > Edit" - however this doesn't stop the users from editing their profile.

    It looks like the permission that allows users to edit their profile is the main 'General > Employee' base permission which cannot be removed.



    It seems like this was a perfect case for 'Field Level Permissions' for each Profile field that could be locked down to prevent Users from editing/viewing specific Profile Fields. However it appears Genesys decided to deprecate this functionality in 2017.

    It's annoying that as an administrator - I cannot ensure that a number assigned to a user remains with that user, especially if they edit or delete their contact information in their profile.



    ------------------------------
    Jeff
    ------------------------------



  • 5.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 03-28-2021 22:29
    Hi Jeff

    I seem to recall removing that General\Employee permission last year for something similar and don't recall having any issues.  Users would still have the employee role though.  I suspect maybe that "Base permission required for all users" phrase is a bit misleading or obsolete.  Test though :)

    ------------------------------
    Vaun McCarthy
    NTT New Zealand Limited
    ------------------------------



  • 6.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 03-28-2021 22:43
    Hi Vaun,

    Thanks for the reply - I did try removing General > Employee permission - and this stopped all access to the platform from working (after logging in, it said they user had no access to anything).

    Cheers,
    Jeff.


    ------------------------------
    Jeff
    ------------------------------



  • 7.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 03-28-2021 22:51
    What roles do your users have?  I assume they have the employee role as default plus whatever additional roles you've setup or use in your org?

    ------------------------------
    Vaun McCarthy
    NTT New Zealand Limited
    ------------------------------



  • 8.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 03-28-2021 23:51
    In my testing for this - it's just the 'employee' role

    After re-adding 'Directory > User > View' which should only provide 'Basic profile view permission', it lets the user login but they can still edit their profile



    ------------------------------
    Jeff
    ------------------------------



  • 9.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 03-29-2021 00:21
    Edited by Vaun McCarthy 03-29-2021 00:28
    Still fairly sure it was the General\employee permission I removed from both the employee role and my customised User role (which was just a clone of the default User role anyway).  I've had someone else try the same thing in their org and it's not working for them either.  So not sure why it's doing okay in mine without that permission.

    EDIT:  I've just checked the original case I sent to Genesys last year and to confirm this was their response:

    "General > Employee"  Base permission required for all users. Allowed to read the entire org, edit their own profile, and edit their own location

     

    That permission is assigned to the "employee" role. It is the reason why they are able to edit their profiles.

     

    You can just remove that so they can no longer have access on editing their profiles.

     


    ------------------------------
    Vaun McCarthy
    NTT New Zealand Limited
    ------------------------------



  • 10.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 09-15-2022 01:51
    Hi All,

    Anyone figured out how to disable view edit mode permission of the users?
    I removed the General > Employee  while Directory > User > View  still assigned.  It still allows users to edit mode.



    ------------------------------
    Michael Joseph Carreon
    Dexcom, Inc.
    ------------------------------



  • 11.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 09-15-2022 02:27

    The idea User Profile Edit Permissions (OP-I-199) (CLSELF-I-168) has been in 'Under PM Review' since May, and there is an admin response with the following information:

    Thank you all for your votes and comments - this is definitely a feature we would like to support but there is some technical debt we need to address before we can begin this work. In the meantime, you are able to revoke users' permissions to change their name, title, and business unit by removing the following permissions from respective user roles: directory:person:edit, directory:userProfile:edit, 'admin', 'user_administration', 'user_manager'.



    ------------------------------
    Jeff
    ------------------------------



  • 12.  RE: Profile Edit - Preventing DID/Extension Edit

    Posted 01-31-2023 15:25
    Jeff:

    Any update on this?  I understand that layers below in the code their may be technical debt associated with making an over arching change, but what about just editing the code on the Profile page that allows the user to See the Edit link?  apply a permission directly to that Edit Link (just like Genesys already does when granting/restricting the permission of call recording downloads) and leave the rest of the code intact.  If the user can't see the edit Link, then they can't edit anything.  This would be a fairly simple edit and would solve a ton of User Maintenance issues revolving around Users editing data that Genesys Administrators do not want them changing.  then, figure out the work load to individually break out the separate components of Email/Work Phone, Work Phone 2, etc.../other areas of the user profile.

    ------------------------------
    Brad Brooks
    Conduent Business Services, LLC
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources